Do you support HSTS on verified domains?

We don't currently allow domains with HSTS to be verified in EmailOctopus.

What is HSTS?
HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a URL that begins with "https".

Why don't you support HSTS?
When you verify a domain in EmailOctopus, we automatically configure it to track clicks in your emails. We do this by redirecting all links in your email through a URL like http://tracking.yourdomain.com before forwarding it on to the final destination. Note the use of "http" in this link, not "https", which is a limitation of us not being able to set up an SSL certificate for your domain. Since HSTS does not allow "http" to be used, many browsers will show a warning or error when that link is clicked.

What can I do?
1) Disable HSTS on your domain. You should ask your DNS provider or web host for help/advice on doing so.
2) Set up a domain just for sending emails. Since it's just used for sending emails, you can safely disable HSTS without any impact on your website.

Still need help? Contact Us Contact Us