docs: engagement tracking https updates (#820)

viniciusgiles · web-flow · commit edcb4105d69f · 2026-02-10T11:09:48.000-03:00
* docs: updating existing engagement tracking https guide

* Update using-proxy-https-tracking-domain.md

* Update enabling-multiple-custom-tracking-domains.md
diff --git a/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md b/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md
@@ -1,20 +1,23 @@
 ---
 lastUpdated: "02/10/2026"
-title: "Enabling HTTPS Engagement Tracking on SparkPost"
-description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required."
+title: "Enabling HTTPS Engagement Tracking with a CDN"
+description: "Guide for enabling HTTPS engagement tracking using a CDN"
 ---
 
 ## Overview
 
-SparkPost supports HTTPS engagement tracking for all self-service customers. This article describes how to use a Content Delivery Network (CDN) to enable SSL engagement tracking for your domain. After completing the steps below, your email recipients will see HTTPS links in the email you send. When they visit a tracked link, your CDN will handle the SSL connection, then pass the HTTP request on to SparkPost. SparkPost will record the click event and redirect the recipient to the original URL.
+SparkPost supports HTTPS engagement tracking for all customers through [Managed HTTPS for Tracking Domains](./managed-https-for-tracking-domains), which automatically issues and renews certificates through Let's Encrypt. This is the recommended and simplest way to enable secure engagement tracking with no infrastructure or maintenance required.
 
-> **Recommended alternative: Managed HTTPS**
->
-> SparkPost can automatically issue and manage TLS certificates for your tracking domains using Let's Encrypt.
->
-> See [Managed HTTPS for Tracking Domains](/docs/tech-resources/managed-https-for-tracking-domains)
+This article describes an alternative approach using a Content Delivery Network (CDN) to enable HTTPS engagement tracking with your own certificates. Consider using a CDN if you:
 
-> Alternative: to configure HTTPS engagement tracking using your own proxy, see [this article](https://www.sparkpost.com/docs/tech-resources/using-proxy-https-tracking-domain/).
+- Need to use a specific Certificate Authority other than Let's Encrypt
+- Require Extended Validation (EV) certificates
+- Have compliance requirements for certificate handling
+- Your domain does not support managed HTTPS due to Let's Encrypt policies
+
+With this approach, your email recipients will see HTTPS links in the email you send. When they visit a tracked link, your CDN will handle the TLS connection, then pass the HTTP request on to SparkPost. SparkPost will record the click event and redirect the recipient to the original URL.
+
+> **Alternative:** To configure HTTPS engagement tracking using your own reverse proxy instead of a CDN, see [this article](./using-proxy-https-tracking-domain).
 
 ## Migration planning
 
@@ -30,9 +33,9 @@ If you want to end up with your CDN serving the original domain:
 
 ## Configuring SSL Certificates
 
-In order for HTTPS engagement tracking to be enabled on SparkPost, our service needs to present a valid certificate that will be trusted by the email recipient’s browser. SparkPost does not manage certificates for customer engagement tracking domains, as we are not the record owner for our customers’ domains.
+In order for HTTPS engagement tracking to be enabled on SparkPost, our service needs to present a valid certificate that will be trusted by the email recipient's browser.
 
-Use a CDN such as [Cloudflare](http://www.cloudflare.com), [Fastly](http://www.fastly.com) or [AWS Cloudfront](https://aws.amazon.com/cloudfront/) to manage certificates and keys for any custom engagement tracking domains. These services forward requests onward to SparkPost so that HTTPS tracking can be performed.
+For this CDN approach, you will use a service such as [Cloudflare](http://www.cloudflare.com), [Fastly](http://www.fastly.com) or [AWS Cloudfront](https://aws.amazon.com/cloudfront/) to manage certificates and keys for your custom engagement tracking domains. These services forward requests onward to SparkPost so that HTTPS tracking can be performed.
 
 ## Step by Step guides
 
diff --git a/content/docs/tech-resources/enabling-multiple-custom-tracking-domains.md b/content/docs/tech-resources/enabling-multiple-custom-tracking-domains.md
@@ -1,5 +1,5 @@
 ---
-lastUpdated: "01/22/2021"
+lastUpdated: "02/10/2026"
 title: "Custom Tracking Domains"
 description: "A tracking domain is the domain that a tracked link will redirect through before reaching the final URL path of the original link. It is also used as the path for the tracking pixel to track message opens."
 ---
@@ -8,7 +8,7 @@ A tracking domain (also referred to as an "engagement tracking domain") is the d
 
 The system default tracking domains are "spgo.io" for US "eu.spgo.io" for EU. When you set up a customer tracking domain you can set it as the default to be used for all of your emails. When you set up multiple tracking domains, you can associate each one with a sending domain and set one as the default for any domains that don't have a tracking domain associated with it.
 
-## Set Up a Tracking Domain 
+## Set Up a Tracking Domain
 
 Start from [Domains create](https://app.sparkpost.com/domains/create) ([EU](https://app.eu.sparkpost.com/domains/create)) page and select the Tracking Domain option as you add your domain.
 
@@ -18,11 +18,13 @@ The tracking domain must be a subdomain and not a root domain.
 
 Then add the CNAME record to your domain's DNS settings and verify the domain.
 
+After the domain verification, SparkPost will automatically issue and manage a TLS certificate for your domain using Let's Encrypt. As a result, your email recipients will see HTTPS links in the emails you send, with no additional configuration required. Read more about managed HTTPS for tracking domains in [this article](./managed-https-for-tracking-domains).
+
 You can also set the tracking domain as default to be used for all of your emails. Otherwise, you can link the tracking domain to a specific sending domain.
 
-## Link Tracking domains to to Sending Domains      
+## Link Tracking Domains to Sending Domains      
 
-Once your tracking domains is verified, you can link it to specific sending domains.
+Once your tracking domain is verified, you can link it to specific sending domains.
 
 1. Find the sending domain you want from the [Domains](https://app.sparkpost.com/domains/list) ([EU](https://app.eu.sparkpost.com/domains/list)) page.
 2. Select the tracking domain you want to link from the Link Tracking Domain section
@@ -34,4 +36,4 @@ Once your tracking domains is verified, you can link it to specific sending doma
 You can also configure custom tracking domains by using the REST API.
 
 * [Creating a Tracking Domain](https://developers.sparkpost.com/api/tracking-domains/#tracking-domains-post-create-a-tracking-domain) 
-* [Verify a Tracking Domain](https://developers.sparkpost.com/api/tracking-domains.html#tracking-domains-verify-post)
+* [Verify a Tracking Domain](https://developers.sparkpost.com/api/tracking-domains.html#tracking-domains-verify-post)
diff --git a/content/docs/tech-resources/managed-https-for-tracking-domains.md b/content/docs/tech-resources/managed-https-for-tracking-domains.md
@@ -6,7 +6,7 @@ description: "SparkPost can automatically issue and manage TLS certificates for
 
 ## Overview
 
-SparkPost supports HTTPS engagement tracking through managed TLS certificates. With this option, SparkPost automatically issues and renews certificates for your tracking domains using [Let's Encrypt](https://letsencrypt.org/about/), a free certificate authority trusted by all major browsers.
+SparkPost supports HTTPS engagement tracking through managed TLS certificates. With this option, SparkPost automatically issues and renews certificates for your tracking domains using [Let's Encrypt](https://letsencrypt.org/about/), a free certificate authority trusted by all major browsers. As a result, your email recipients will see HTTPS links in the emails you send.
 
 This is the recommended method for most senders. It requires no certificate management and works with standard CNAME delegation to SparkPost's tracking endpoints.
 
@@ -225,7 +225,7 @@ All TLS certificate issuances managed by SparkPost through Let's Encrypt are log
 
 ## Related Articles
 
-- [Getting Started with Engagement Tracking](../getting-started/engagement-tracking)
+- [Getting Started with Engagement Tracking](../docs/getting-started/engagement-tracking)
 - [Custom Tracking Domains](./enabling-multiple-custom-tracking-domains)
 - [Enabling HTTPS with a CDN](./enabling-https-engagement-tracking-on-sparkpost)
 - [Using a Reverse Proxy for HTTPS](./using-proxy-https-tracking-domain)
diff --git a/content/docs/tech-resources/using-proxy-https-tracking-domain.md b/content/docs/tech-resources/using-proxy-https-tracking-domain.md
@@ -1,16 +1,23 @@
 ---
-lastUpdated: "09/29/2023"
+lastUpdated: "02/10/2026"
 title: "Using a Reverse Proxy for HTTPS Tracking Domain"
-description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required.  This resource outlines the use of a reverse proxy to host SSL certificates"
+description: "Guide for enabling HTTPS engagement tracking using a reverse proxy to host TLS certificates"
 ---
 
 ## Overview
 
-SparkPost supports secure tracking domains through the use of content delivery networks (CDNs), reverse proxies, or any method where the customer can host the necessary SSL/TLS certificates.  It is recommended that our customers use SSL as it provides secure transport for engagement data. It's also necessary to support SparkPost engagement tracking with Google’s AMP for Email.
+SparkPost supports HTTPS engagement tracking for all customers through [Managed HTTPS for Tracking Domains](./managed-https-for-tracking-domains), which automatically issues and renews certificates through Let's Encrypt. This is the recommended and simplest way to enable secure engagement tracking with no infrastructure or maintenance required.
 
-> Alternative: to configure HTTPS engagement tracking using a CDN, see [this article](./enabling-https-engagement-tracking-on-sparkpost).
+This article describes an alternative approach using a reverse proxy to enable HTTPS engagement tracking with your own certificates. Consider using a reverse proxy if you:
 
-This post covers how to configure a SparkPost tracking domain, provision an SSL certificate, and be able to use it immediately at SparkPost using a simple reverse proxy.
+- Need to use a specific Certificate Authority other than Let's Encrypt
+- Require Extended Validation (EV) certificates
+- Have compliance requirements for certificate handling
+- Your domain does not support Managed HTTPS due to Let's Encrypt policies
+
+With this approach, your email recipients will see HTTPS links in the emails you send. When they visit a tracked link, your reverse proxy will handle the TLS connection, then pass the HTTP request on to SparkPost. SparkPost will record the click event and redirect the recipient to the original URL.
+
+> **Alternative:** To configure HTTPS engagement tracking using a CDN instead of a reverse proxy, see [this article](./enabling-https-engagement-tracking-on-sparkpost).
 
 ## Prerequisites
 
@@ -42,7 +49,7 @@ If you want to end up with your proxy serving the original domain:
 
 ## Configuring nginx
 
-This section uses [nginx](https://www.nginx.com/).  It is easy to get installed and configured as a reverse proxy and Let’s Encrypt for SSL certificates has support for it.  To install nginx, follow the guidelines for your Linux distribution.
+This section uses [nginx](https://www.nginx.com/). It is easy to get installed and configured as a reverse proxy and Let's Encrypt for TLS certificates has support for it. To install nginx, follow the guidelines for your Linux distribution.
 
 Let's Encrypt recommends the use of [**Certbot**](https://letsencrypt.org/getting-started/) to automatically obtain and renew your certificates.
 
@@ -148,11 +155,11 @@ Note: Unnecessary use of -X or --request, GET is already inferred.
 
 ```
 
-## Get SSL certificate
+## Get TLS certificate
 
-The next step is to get the necessary SSL certificate in place so that you can enable HTTPS on your configured tracking domain.  Let’s Encrypt can be use to provision free SSL certificates.  These steps are very well outlined by nginx in [this article](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/).
+The next step is to get the necessary TLS certificate in place so that you can enable HTTPS on your configured tracking domain. Let's Encrypt can be used to provision free TLS certificates. These steps are very well outlined by nginx in [this article](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/).
 
-After completing this, you will have free SSL certificates installed on your nginx server for the desired tracking defined in the `server.conf`.
+After completing this, you will have free TLS certificates installed on your nginx server for the desired tracking defined in the `server.conf`.
 
 After the certificate is created, you will be asked if you wish to redirect **http** to **https**.  It is recommended that you do not redirect, as you may wish to change your tracking domain back to **http** in the future if it becomes necessary.
 
@@ -282,7 +289,7 @@ Add the following configuration (putting your own tracking domain into the `Serv
 
 * [Verify](#verify-tracking-domain-send-test-email) tracking domain, and send test email.
 
-* Get SSL certificate. Letsencrypt certificates can be issued using "certbot", which automates the process - see [here](https://certbot.eff.org/all-instructions) for detailed steps on many platforms.
+* Get TLS certificate. Let's Encrypt certificates can be issued using "certbot", which automates the process - see [here](https://certbot.eff.org/all-instructions) for detailed steps on many platforms.
 
 ## Add HTTPS proxy configuration
 
@@ -354,4 +361,3 @@ Both proxies set the `X-Forwarded-For` header, which enables SparkPost to report
 * Set up engagement tracking with the [SMTP API](https://www.sparkpost.com/docs/tech-resources/smtp-engagement-tracking/) for your SMTP traffic to SparkPost.
 
 * If you have a mobile app, and want to enable it to open when a recipient clicks an email link, see [this article](./deep-links-self-serve).
-
