At the start of this year, the Gmail team decided to up their security settings in Gmail by defaulting to HTTPS for all of their customers. This means that when you log into Gmail, your emails are encrypted as they travel between your web browser and Google’s servers. While this change makes perfect sense, there were a some adverse effects for us email senders.
Scaring the heck out of your Gmail subscribers
When this happens, browsers typically let the user know about it. This ranges from a simple little icon change right through to a big ugly and confusing security alert. Here’s an example how some of the most popular browsers react in this situation:
Firefox, Chrome, et al
Firefox and Chrome opt for a fairly non-intrusive approach where the standard lock icon is tweaked to show a small alert. Clicking the icon loads a modal window that explains parts of this page aren’t encrypted. Scary scale: Tame.
Internet Explorer 8
When Gmail attempts to load non-HTTPS images in IE8 however, this alert stops them in their tracks. Previous versions of IE used a similar alert, but the default “Yes” option was to actually load the non-secure images. IE8 has changed this approach and the default choice is to only load content that is encrypted. Basically, clicking “Yes” still won’t show your images. Scary scale: OMFG!
As well as your subscribers seeing a rather intimidating security alert, in most cases an open won’t be recorded because our small tracking image won’t be loaded either. So, you’re likely scaring some of your subscribers who want to see your email, and our reports are saying they’re not even interested. Ugly stuff.
How we solved it
The lazy solution here is to simply serve every image in all your email campaigns via HTTPS. The problem here is speed. In some cases serving your email campaign images through an encrypted connection can result in longer load times. We don’t want to slow down your campaigns for all recipients just to avoid a problem with your Gmail subscribers.
Instead, we used the data from your email client reports and serve images from HTTPS only for your Gmail subscribers. As I mentioned earlier, the security alert meant that in many cases we weren’t accurately recording opens (and therefore the email client being used) for Gmail subscribers. To get around this, we now serve all your tracking images (the small, invisible image at the bottom of your email we use to provide those fancy reports) via HTTPS. We turned this on a couple of months ago to make sure we built up accurate data on those subscribers that use Gmail.
Now that we have bullet proof data on who your Gmail subscribers are, we’ve switched on HTTPS only for those subscribers. This means scary security alerts are a thing of the past and you now have much more accurate data on how many of your subscribers are using Gmail and Google Apps to open your emails. To minimize any speed impacts, any images we serve via HTTPS are still loaded from our super fast CDN network. Our email client reports let us go a step further than just looking for a gmail.com or googelmail.com email address too. For example, if you have a Gmail subscriber that never uses the Gmail interface and instead opens it in Outlook or their iPhone, we won’t bother encrypting their image and potentially slowing load times down.
While this isn’t a huge update and something most email senders won’t even notice, I thought it was a nice example of how we pay attention to the little things without cutting corners for you or your subscribers.