Browser Behavior and Mixed Content Email Messages

A "mixed content email message" is one that contains references -- embedded images or videos, links to other websites, images or videos that are hosted internally, etc. -- that are NOT sourced using links that are secured with an SSL certificate. For example, a link to an article on website that uses a standard http:// designation versus an https:// designation.

A few years ago, Google initiated a push for all websites to be secured via SSL. They started penalizing sites that didn't have SSL certificates with slower updates to their search engine and also started flagging web pages in Chrome as being potentially "insecure" if you visited a page on a site that didn't have an SSL-secured link. Other browser manufacturers quickly followed suit. 

Of course, nothing is ever simple: different browsers handle mixed content in different ways. For example, Google and the new Edge browser will simply block HTTP content if it can't be converted to HTTPS and you'll see an "insecure content" warning. To its credit, some browsers will make an attempt to resolve "insecure" links to secure ones -- say a website has been modified to use SSL but one or two absolute URLs used by the site were missed during any cleanup -- so this issue is mostly resolved when using Chrome or Edge. (As the new Edge uses the Chromium engine.)

However, other browsers may or may not do the same. Safari allows the mixed content without invalidating security, but it does log the issue in its console. Firefox has a setting -- security.mixed_content.upgrade_display_content -- that does something similar, but Firefox being Firefox, the setting is OFF by default. It needs to be enabled on its about:config page.

How does this translate to an email message? Well, this all means you may or may not be able to see all (or ANY) of the content of an email message depending on the browser you're using. In addition, your browser may show a warning on the lock in the browser navigation bar or the page may revert to an insecure connection. Again, it depends on your browser.

Please understand that this issue is not something that SmarterMail can control: it's purely dependent on the browser you are using. We do what we can to display the content as it's presented to SmarterMail. It's ultimately up to your browser whether or not that content is displayed.