Do you support HSTS on verified domains?

We don't currently allow domains with HSTS to be verified in EmailOctopus.

What is HSTS?
HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a URL that begins with "https".

Why don't you support HSTS?
When you verify a domain in EmailOctopus, we automatically configure it to track clicks in your emails. We do this by redirecting all links in your email through a URL like http://tracking.yourdomain.com before forwarding it on to the final destination. Note the use of "http" in this link, not "https", which is a limitation of us not being able to set up an SSL certificate for your domain. Since HSTS does not allow "http" to be used, many browsers will show a warning or error when that link is clicked.

What can I do?
1) Disable HSTS on your domain. You should ask your DNS provider or web host for help/advice on doing so.
2) Set up a domain just for sending emails. Since it's just used for sending emails, you can safely disable HSTS without any impact on your website.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us