Why does HTTPS status matter for deliverability?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
HTTPS shows up in two different deliverability conversations, and it's easy to mix them up. One is about the links inside your emails. The other is about using HTTPS as a proxy signal for domain health. Both matter, but for different reasons.
Links in your emails should point to HTTPS destinations
If your campaigns include links (and most do), those links need to resolve to secure HTTPS pages. Spam filters check the URLs embedded in your messages. Linking out to HTTP-only pages, broken redirects, or domains with SSL errors is a flag. It's associated with low-quality bulk sending, outdated infrastructure, and sometimes phishing. You don't have to be doing anything wrong for this to hurt you. Broken HTTPS on a landing page you didn't build can quietly drag down your delivery rates.
The same goes for your unsubscribe and preference center links. They need to work over HTTPS. Broken unsubscribe pages are a compliance problem and a spam signal at the same time.
HTTPS as a domain health signal in validation
Still the second context is when validation tools check whether a recipient's domain has an active web presence. A domain that responds to an HTTPS request with a real page is more likely to be maintained than one that times out or throws SSL errors. Validation tools sometimes factor this into a domain's overall health score, alongside MX record checks and whether the domain has an active website.
This is a soft signal, not a hard rule. A domain can have a terrible or absent HTTPS setup and still receive email fine. Email delivery runs over SMTP and MX records, not web infrastructure. HTTPS and email delivery are separate systems. What HTTPS status tells you is less "will email be delivered" and more "is this domain actively maintained or abandoned?"
Abandoned or parked domains often show exactly this pattern: no valid HTTPS response, no active site, and an inbox that nobody's monitoring. Addresses at those domains might technically accept connections, but domains without active websites tend to produce a lot of soft bounces and zero engagement over time.
The practical takeaway:
- Audit the URLs in your email templates. Make sure every link resolves over HTTPS, including tracking links, image hosts, and unsubscribe pages.
- Use domain HTTPS status as one signal among many. It's worth noting when a recipient domain has HTTPS errors, but treat it as a supporting signal alongside MX checks and email validation results rather than a standalone pass/fail.
- Don't confuse it with authentication. SPF, DKIM, and DMARC are what actually establish your sending domain's trustworthiness in the inbox. HTTPS is not a substitute for those.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.