http://x.browniekitchen.com/y.
This URL is problematic because it exposes the destination URL and is subject to alteration by a malicious phisher. We've introduced two new settings, the ability to base-64 encode the URL so that it doesn't reveal the destination URL and another to add an MD-5 hash, such that the redirect to the URL will fail unless the hash matches the URL.
A click-tracked URL that is both base-64 encoded and includes the MD-5 hash will look like this. Notice the addition of the h= parameter and that the l= parameter is now a base-64 string:
http://x.browniekitchen.com/z.
A click-tracked URL that is NOT base-64 encoded but includes the MD-5 hash will look like this:
http://x.browniekitchen.com/z.
Base-64 encoded URLs look more professional and give recipients greater confidence when clicking. Un-encoded URLs clearly show one URL that has another URL as a parameter, and the appearance of this structure can prevent a recipient from clicking it. The addition of the MD-5 hash prevents tampering with the destination URL. If the l= parameter is altered, and the link contains the hash, then the user will NOT be redirected to the destination URL.
To set click-track settings, go to Settings --> Tracking --> Click Tracking
Note that this setting applies to click-tracked links in both broadcast email campaigns and transactional email messages. Also note that in the examples above, a branded tracking-domain, x.browniekitchen.com, is used. We recommend that all of our users setup a branded tracking-domain based on their organization's domain. To read why, see this blog post on tracking domains.
All new JangoMail accounts will have both of these settings on by default. We recommend that you enable both settings on your own, but in case you don't, all existing accounts will have these two settings enabled automatically over the next few weeks..
