Securing your Link Domains
Apart from your sending domain used to send your emails, a link subdomain is also set up for your license.
This subdomain will host the following elements:
the images that you import into Actito (be it through HTML or from the editor),
the forms that you create on Actito,
the redirection page that allows Actito to track your links,
your emails' mirror page and the unsubscribing scenario.
Links subdomain usually follow the paradigm links.yoursendingdomain.com or link.yoursendingdomain.com.
For example, the link subdomain for our sending domain actito.news is link.actito.news.
The link subdomain uses the HTTP protocol by default.
HTTP and HTTPS protocols
The HTTP protocol (for Hypertext Transfer Protocol) is a client-server communication protocol that allows sending and receiving information from and to web servers. It's the basis to access all the internet resources.
When the HTTP protocol is used, information is unencrypted and so is the connection. The information exchanged is therefore visible and could be retrieved by a third person.
In contrast, the HTTPS protocol (S for Secure) is secured. It uses a coding protocol, the SSL (Secure Socket Layer) protocol, that allows for an encrypted connection between client and server. Only those who have the decoding key will be able to decode the information.
This is the right protocol to exchange confidential data, for example in the case of a connection page, especially when sensible data, such as bank details, are involved.
Why using HTTPS on Actito?
Actito forms are not conceived to work as connection pages and the images that you use in your campaigns are, generally speaking, not confidential. On top of that, the use of HTTP is not banned.
So, why using a secured protocol then?
Your license and Actito's site uses HTTPS.
This article is about your particular link subdomain's security.
There are several reasons to use HTTPS in your license:
Your profiles might state personal data in your public forms.
You use profile attributes in your image parameters.
When using HTTPS, the browser address bar that will show that the connection with the sites hosted by your subdomain is secured (just like in the Actito sites example above). Browsers also mark HTTP pages as not secure connections.
In the B2B sector, the network configuration of some organizations, including yours, might not trust the HTTP protocol. That's why it's necessary to whitelist your subdomain.
Google Chrome and, by extension, Chromium, the latest version of Microsoft Edge, refuse the so-called mixed content, that is to say, a site using HTTPS (such as your Actito license) loading resources in HTTP (such as the images hosted by your subdomain). This is the reason why you won't be able to view the images in the HTML editor preview. This restriction doesn't apply to other browsers, like Mozilla Firefox and Safari.
It is expected that Chrome will push more and more for the standardisation of HTTPS and that other browsers will follow the trend.
Your link subdomain hosts the redirection page that allows Actito to track your messages. Even if your subdomain uses HTTP, the final direction will be encrypted.
This means that if you use personalizations based on profile attributes in your link additional parameters, they will appear only in the final URL, which is your website's.
They will not be shown in the redirection page, even if your subdomain is not secured, as you can see in the following example:
Why is HTTP used by default?
The HTTPS protocol has some advantages, but it is not used automatically because it uses the SSL protocol, which requires setting up a certificate.
That certificate verifies that a domain belongs to an organisation or company.
Your subdomain is usually based on your sending domain. Your sending domain, even when it's delegated to Actito, is usually your company's name. This form of joint guardianship also applies to the subdomain, which means that setting up a SSL certificate involves both Actito and your company.
For this reason, Actito doesn't impose using the HTTPS protocol. It is after all not mandatory nor necessary, but it depends on your activities. If you want to secure your link subdomain, Actito is there to help you start the process.
Setting up a SSL certificate
To set up HTTPS for your license the following process should be followed:
1. Generating a CSR
A CSR (Certificate Signing Request) is like a digital ID card that allows you to apply for a certificate by the relevant authority.
The CSR includes your company data, but is issued by Actito, using, of course, the information that you transfer to us.
Applying for a CSR
To apply for a CSR, you can send your application by email to support@actito.com after informing your account manager.
The following information should be specified:
Common name: Your domain's full name. We recommend obtaining one certificate per domain.
Organization: Your company's or organisation's legal name.
Department: The department responsible for managing the certificate.
Location: The city where your company is located.
State/Province/Region: The state, province, or region where your company is based.
Country: Country code (ISO code) where your company is based.
Email address: Email address of the person responsible for the process.
Actito will manage the process and send you the CSR.
2. Purchasing a certificate
Once you have a CSR, you can purchase a certificate by the relevant authority. Given that the certificate will have your name, it's your company who will be in charge of managing this part.
There are several types of certificates, some of them are for free but valid only for a very limited time. They must be constantly renewed and we recommend avoiding this option.
It's better to choose a certificate that will be valid for, at least, one year. They usually cost between 50 or 150€, depending on the issuing authority.
3. Installing the certificate
Send the certificate to us (you can do it through the email address support@actito.com) and we will take care of installing it in our servers.
4. Setting up the HTTPS
Actito will set up the HTTPS on your subdomain, which will be, from that moment, secured.
Tip
Certificates are usually valid for a year. Even if Actito occasionally verifies what certificates will expire soon, we advise you to carefully verify your certificate's validity and to start the renewal process when it's about to expire.
For that you will need a new CSR.