Simple and Secure Email Innovation: Encrypted Engagement Tracking

engagement tracking

SocketLabs recently launched an innovative solution and methodology for encrypting the custom-branded, white-labeled engagement tracking links that are used inside a customer’s email messages.

This innovation is just the latest example of our commitment to securing our clients’ email communication through encryption. We have been continuously investing to ensure the protection of messages traveling through our platform ‒ both at rest and in transit. For example, we were the first email service provider to adopt the MTA-STS encryption standard and we also support the encryption of all message links, preventing hackers from seeing and spoofing clients’ links.

Chief Technology Officer Bill Volz led the SocketLabs dev-ops team in the creation of this intuitive engagement tracking capability. The approach his team designed uses Let’s Encrypt™, an open certificate authority run by Internet Security Research Group™ that provides digital certificates needed in order to enable HTTPS (SSL/TLS).

The adoption of SSL/TLS encryption for online organizations has become a security best practice and is increasingly becoming a requirement. For example, the Chrome web browser began visibly labeling websites as “Not Secure” if they are not using HTTPS.
Because SocketLabs’ approach obtains and manages the security certificates on the client’s behalf through Let’s Encrypt, clients don’t need to worry about outdated certificate expiring at the wrong time and potentially impeding critical email deliveries in the future.

How to Implement ‘One-Click’ Encrypted Engagement Tracking

As stated, the best aspect of our approach is its simplicity compared to other methods of encrypted link tracking. SocketLabs’ innovation allows email senders to enable fully-secure recipient engagement tracking with the flip of a switch…literally. We have removed the requirement to go through a complicated, cost-prohibitive process of setting up a reverse proxy server. Instead, follow these steps:

  1. The first step towards setting up engagement tracking is to create a new CNAME record that defines your tracking domain and references tracking.socketlabs.com.
  2. Once the CNAME record has been created, your new engagement tracking domain must be added to your SocketLabs account. You can add this manually in the Configuration Options, or through the Management API.
  3.  After the credentials have been added you can turn on the engagement tracking features by selecting “All Tracking” within the Configuration Options.
  4.  Select Encrypted Engagement Tracking to turn on this feature.

Simplicity Drives Adoption

This innovation is a significant boon for our cloud-based email customers because we have simplified and streamlined the process by which TLS security is applied. Not only is it far easier to implement, it is also more sustainable and supportive of long-term security. The first benefit of taking this approach is a higher likelihood of client adoption. As a result, more clients will able to add engagement tracking to their email strategies and will be in a better overall position to optimize email deliverability.

Typically, security-minded companies think they have to sacrifice features such as engagement tracking if they choose to move to a cloud-based infrastructure like SocketLabs. However, our approach completely changes this dynamic. There’s no need to sacrifice anything. We allow customers to enforce encryption in their email transmissions while still tracking their link engagement.

Excerpt from Our Email Engagement Webinar

A brief presentation and discussion of the secure link encryption feature was shared on SocketLabs’ recent webinar entitled Mastering Email Engagement: Expectations, Accuracy & Security. Below is an expert from the program, where Deliverability Manager Brian Godiksen explains how we approached the topic:

“We try to make it as easy as possible for all of our customers. We knew this was a huge problem. Customers were asking how they can use HTTPS in the links that we send and track through our system. There was a way to do it, but it was kind of difficult. You had to (in some cases) set up what’s called a reverse proxy. The technical overhead in doing this is just a nightmare. For example, one competitor has five pages of documentation in terms of setting up HTTPS based links. We decided to set up a feature where we can generate a Let’s Encrypt certificate for our customers and the host names that they use with us to track engagement. So, with just one simple click of a button, you can turn on and start using HTTPS links with SocketLabs in seconds. We want to see more of our customers starting to use it because it’s really important in securing email communication. It’s also a requirement for the most security-conscious customers who are using new security technologies like HTTP Strict Transport Security (HSTS). That’s why making it easy is something we really wanted to focus on.”

As an early adopter and advocate of encryption technologies, our platform innovation and our email delivery solutions are ahead of the competition in meeting customers’ needs. The announcement of this new engagement tracking capability follows SocketLabs’ recent press release regarding adoption of the MTA-STS standard for enabling email encryption.