Security update: Your entire account is now served over SSL

By David Greiner

April 21, 2011

5 Comments

A while back we quietly pushed an update live that meant the entire Campaign Monitor experience was now served securely over SSL. Originally only our signup, login and all payment pages were served this way. In the interest of keeping your data as secure as possible at all times, we recently made the call to switch the entire application over.

This means that there is always a secure, encrypted link between you (or your clients) and Campaign Monitor. It also ensures account data such as your subscriber lists and campaign reports remain private at all times.

It's also worth noting that we've gone with a white label approach with our SSL certificate that doesn't relate directly back to Campaign Monitor. As always, we want to provide the best experience possible for everyone while staying true to our private label offering.

There is one important exception to our SSL support right now, it's not available for accounts with custom domains. A custom domain allows you to host your Campaign Monitor account at any domain of your choosing. Because we need to own the domain we set up the SSL certificate for, we can't just roll this out for everyone automatically. In reality, this just means business as usual for custom domain accounts. Like always, your login and payment pages will still be served via SSL.

This certainly isn't a huge update, but it's one of the many small tweaks we're continually making to the application and our infrastructure to make sure we can offer you guys a secure Campaign Monitor experience. Plus, it helps our sysadmins sleep better at night. Even if they already know how much we all appreciate them.

Posted in:

5 Comments

  1. David Greiner
    April 21, 2011 8:12am

    Campaign Monitor team member

    It’s also worthing pointing out that it may be possible to support custom SSL certificates for everyone with custom domains in the future.

    Basically, we’d become an SSL wholesaler and allow you to buy your own certificate directly from your account. This would likely cost you around $100/year for your own certificate, and would be a fairly large project for us to automate. As always, if there is significant demand for it from our custom domain holders, we’ll certainly consider it.

    If that’s you, don’t forget to comment, but please keep in mind it wouldn’t be something we could offer for free as we’d have to pass the certificate cost onto you.

  2. Dean
    April 21, 2011 9:47am

    Is there any downside to serving all page requests over SSL? If you have a certificate anyway what’s the point of mixing secure and unsecure (or is it insecure) connections?

  3. David Greiner
    April 21, 2011 10:12am

    Campaign Monitor team member

    Dean, the only downside traditionally has been a small speed trade-off, but given all the optimizations we’ve made over the years (CDN’s, slim code, database optimization, etc), it’s much less of an issue.

    Just to be clear though, we only miss SSL and regular connections for customers with custom domains, purely because we cannot register SSL certs for domains we don’t own. Only our customers can do that, which is what I was mentioning in the comment above.

  4. Daniel
    April 22, 2011 12:19am

    Would like and be happy to pay for: +1 vote

    Particularly if this meant we didn’t need to redirect to createsend for payments.

    Then, if you could just change the name that displays on the client’s credit card statement - it would be truly seamless :)

  5. Dylan
    April 22, 2011 1:35am

    SSL for custom domains would be a great feature and I would be more than happy to pay for it.

Comments for this entry are closed.

Browse the Blog

  1. Behind the Scenes (31)
  2. Interviews & Buzz (133)
  3. New Features & Updates (234)
  4. Observations & Answers (221)
  5. Tips & Resources (491)

Explore the Email Gallery

Beautiful! “@cameronmoll: Email successfully @CampaignMonitor‘d:” http://t.co/KbrfnS1a ^RH

Follow us on Twitter