My contacts are getting a "connection not private or secure" warning when clicking through my email links. Why?

Because your website domain has been set up to use HSTS!

HSTS (HTTP Strict Transport Security) is a new, really cool security policy which keeps sites protected from man-in-the-middle attacks. It basically ensures any browser visiting your site will do so using a secure HTTPS connection. That's great news! :)

However, when you added E-goi's CNAME to your domain, (which both increases deliverability and displays your domain across all our trackable links in your email), HSTS thinks you're trying to bypass its security policy. This means people clicking those links will get something like this:

This is what your contacts will see when using Chrome


And that's a bummer! :(
 


How can I fix it?

Easy enough! Simply ask your hosting staff to remove "includeSubDomains" from your domain's HSTS header. Right now, you probably have something like this:

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload


Have it changed it to:

Strict-Transport-Security
max-age=63072000; preload


Keep in mind this will turn HSTS off on all your subdomains (if you've got any)! To re-enforce HSTS, just add it to each subdomain separately.