When users click links in emails you've sent with Iterable, they're first taken to your link tracking domain. This domain tracks clicks (so you can analyze campaign engagement), sets attribution-related cookies in the browser (to help you measure campaign conversions), and finally redirects your users to their intended destinations.
Iterable's default link tracking domain is
links.iterable.com. However, since
users may see this domain in your messages (for example, when hovering over a
link), it's best to customize it so that it's associated with your
example.com represents your root domain).
Whatever custom link tracking domain you choose, Iterable will host it (so that it can track links, etc.). Because of this, you'll need to configure your DNS for this domain (as shown below).
In general, it's a good idea to use HTTPS with your link tracking domain—for various reasons:
- Link destinations may implement HSTS, which requires that incoming requests use HTTPS. You should enable HTTPS for the initial request from your user's browser to your link tracking domain, and also for the tracking domain's redirect to the intended link destination.
- At your link tracking domain, Iterable hosts files related to your mobile deep linking configuration (apple-app-site-association and assetlinks.json). For deep linking to work, iOS and Android both require that you serve up these files with HTTPS.
- HTTPS is a security best practice, and should be used whenever possible. Your users expect it.
Table of contents
To use Amazon CloudFront to implement HTTPS for your link tracking domain, follow these steps:
- 1. Generate an SSL certificate
- 2. Create and configure a CloudFront distribution
- 3. Wait for your CloudFront distribution to deploy
- 4. Confirm the configuration of your CloudFront distribution
- 5. Update your DNS
- 6. Set up your tracking domain in Iterable
Amazon CloudFront periodically changes its interface. If you spot any discrepancies in this guide, please let your customer success manager know.
1. Generate an SSL certificate
Throughout this guide,
<YOUR_LINK_TRACKING_DOMAIN> refers to your selected
link tracking domain—something like
example.com is your root domain).
Generate an SSL certificate for the link tracking domain. To do this, use AWS Cerftificate Manager (ACM) or a similar service. For more information, read Amazon's documentation.
After approving the certificate, continue to the next step.
2. Create and configure a CloudFront distribution
To create and configure a CloudFront distribution, visit https://console.aws.amazon.com/cloudfront/ and click Create Distribution. Select Web as your delivery method, and set the configuration settings described below. When you're done, click Create Distribution.
|Origin Domain Name||
|Origin Path||Leave blank (default)|
|Enable Origin Shield||No (default)|
|Minimum Origin SSL Protocol||TLSv1.2|
|Origin Protocol Policy||HTTPS Only|
|Origin Connection Attempts||
|Origin Connection Timeout||
|Origin Response Timeout||
|Origin Keep-alive Timeout||
|Origin Custom Headers||Leave blank (default)|
Default Cache Behavior Settings
|Viewer Protocol Policy||HTTP and HTTPS (default)|
|Allowed HTTP Methods||
|Field-level Encryption Config||Leave blank (default)|
|Cached HTTP Methods||Leave blank (default)|
|Cache and origin request settings||Use legacy cache settings|
|Cache Based on Selected Request Headers||All|
|Object Caching||Use default settings|
|Query String Forwarding and Caching||Forward all, cache based on all|
|Smooth Streaming||No (default)|
|Restrict Viewer Access||No (default)|
|Compress Objects Automatically||No (default)|
|Lambda Function Associations||Leave blank (default)|
|Enable Real-time Logs||No (default)|
|Price Class||Use All Edge Locations (Best Performance) (default)|
|AWS WAF Web ACL||None (default)|
|Alternate Domain Names (CNAMEs)||
|SSL Certificate||Custom SSL Certificate. Import or add the certificate that you created through ACM or through another service.|
|Custom SSL Client Support||Clients that Support Server Name Indication (SNI)|
|Supported HTTP Versions||HTTP/2, HTTP/1.1, HTTP/1.0 (default)|
|Default Root Object||Leave blank (default)|
|Standard Logging||Off (default)|
|S3 Bucket for Logs||Leave blank (default)|
|Log Prefix||Leave blank (default)|
|Cookie Logging||Off (default)|
|Enable IPv6||Checked (default)|
|Comment||Leave blank (default)|
|Distribution State||Enabled (default)|
3. Wait for your CloudFront distribution to deploy
On the CloudFront Distributions page, your distribution should have an In Progress status with a spinning arrow. When its status changes to *Deployed, copy the its URL from Domain Name (on the General tab). You'll need this when updating your DNS.
4. Confirm the configuration of your CloudFront distribution
To confirm your distribution's configuration, use the
openssl s_client -servername [CNAME] -connect <YOUR_CLOUDFRONT_URL>:443
If the command's output doesn't show your certificate, double-check your distribution's settings in CloudFront.
5. Update your DNS
In your DNS settings, create a CNAME record, using this pattern:
<YOUR_TRACKING_DOMAIN> CNAME <YOUR_CLOUDFRONT_URL>
links.example.com CNAME d49jhgak555.cloudfront.net
- If you're using Amazon Route 53, it's possible to use an A (alias) record
instead of a CNAME record (as noted in the Amazon Route 53 documentation).
If you plan to use an A record, make sure to pass the
User-Agentheader through, since this allows you to track and record device information.
- You'll need to set up a custom CloudFront distribution for each tracking domain in your project.
6. Set up your tracking domain in Iterable
To set up your link tracking domain in Iterable:
In Iterable, navigate to Settings > Domains and add
links.example.com) as a tracking domain.
If you're using a single sending domain from Amazon SES, set the new tracking domain as the default. Otherwise, your project will continue to use
links.iterable.comas its default tracking domain.
Edit the new tracking domain, and toggle on Enable HTTPS.
For more information, read Sending Domains, Tracking Domains and Deep Links.