How do CNAMEs relate to link tracking?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

When your ESP tracks link clicks, it needs to intercept the click before sending the reader to the actual destination. The question is: whose domain shows up in that tracking URL?

Without a CNAME, the link in your email might look like click.esp-shared-domain.com/track?id=abc123. That's the ESP's domain, not yours. Spam filters see a link that doesn't match your sending domain. Readers see a URL they don't recognise. Neither is great.

With a CNAME, you create a subdomain on your own domain and point it at your ESP's tracking servers. Something like this in your DNS:

click.tidalmail.com CNAME tracking.esp.com

Now the links in your emails use click.tidalmail.com. When a reader clicks, their browser resolves that subdomain, finds the CNAME pointing to your ESP's infrastructure, and the ESP logs the click before redirecting them to the real destination. The whole thing happens in milliseconds. The reader never notices.

Why does this matter? A few reasons.

First, domain reputation. When a link's domain matches your sending domain, spam filters treat it as consistent. A mismatch can look suspicious. Your click-through reputation builds on your own domain, not on a shared tracking domain that hundreds of other senders also use (including some who behave badly).

Second, trust. A link that reads click.tidalmail.com is recognisable to your subscribers. A link that reads click.bulk-esp-shared.io is not. Branded tracking domains reduce the chance a reader hesitates or flags the email.

There's one technical requirement worth knowing about. Your tracking subdomain needs a valid SSL certificate, so links resolve over HTTPS rather than HTTP. Most ESPs handle this for you once you've added the CNAME, but it's worth confirming in your ESP's setup docs. If the SSL isn't provisioned and a reader clicks an HTTP tracking link, some browsers will show a warning. That's a quick way to lose the click and the trust.

What can go wrong? The most common issues are a typo in the CNAME target (your subdomain points nowhere), DNS propagation not completing before you start sending (links appear broken for some readers), or the ESP not provisioning the SSL certificate automatically (HTTPS breaks). If any of these happen, your tracked links either fail silently or throw a browser error.

If you're setting this up for the first time, check that your CNAME record has propagated fully before sending, and confirm with your ESP that the SSL certificate is active. Most ESPs like Mailchimp, Klaviyo, or Twilio SendGrid will flag this in their domain setup checklist.

Want to understand why ESPs use CNAMEs for this instead of other DNS record types? That's covered in the next question.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get step-by-step CNAME guidance for your setup

I'm setting up a CNAME for link tracking with my ESP. Based on my situation below, can you tell me: (1) what my CNAME record should look like, (2) whether I need to do anything about SSL, and (3) what I should check before sending my first campaign through this domain?

Edit the yellow boxes, then send to the AI of your choice.