Configure SSL Branded Links for SendGrid


MoEngage uses SendGrid as the default email sender for all the customers. All the clickable links in the email are converted to the SendGrid domain for click tracking, but the clicks are ultimately redirected to your website. If your customers observe the links before clicking on them, they will see rather than Opt-in for Link branding if you want the links to be displayed as

Link branding can be set up by adding a couple of CNAME records in your DNS, but to ensure that the links are secure, you must also set up SSL for your domain. So, to finish link branding, you need to do the following steps.

  1. Setup and validate link branding by adding CNAME records.
  2. Set up SSL on the domain.
  3. Verify if SSL is set up properly.
  4. After you set up SSL, Kindly inform our team so we can take the final steps to finish the link branding.

Let's explore these steps in detail.



Set up link branding with CNAMEs

You should have received documentation from our team to add some DNS records, including a couple of DNS records with the purpose of Link Branding. Once you add these records, your link branding is set up. Your DNS records should look like this in the table given below.

Screenshot 2024-03-18 at 9.13.54 AM.png


If you stop at this step, Your link branding will work on HTTP. Please take some time to set up SSL so that browsers don't highlight the website as insecure to your customers.

The next step is to add SSL for your domain.

Set up SSL for the domain

In this step, you will have to set up SSL on your domain and also forward the requests coming to this domain to Terminate your SSL before forwarding the requests to Check step no.2 to read more on how to forward the request.

  • Step 1 - You must set up SSL for, as you would for other domains. 

Screenshot 2024-03-01 at 10.34.10 AM.png


  • Step 2 - Forward all the requests coming to to You can forward the request using your own CDN, Proxy, or API Gateway
    • If you want to set this up using CDNs like CloudFlare, CloudFront, KeyCDN, or Fastly, please refer to the respective documentation if you need help.
      1. If using AzureCDN, put in the Origin host header while configuring your CDN profile.
    • If you are using a Proxy, please refer to this link for additional help -
    • API Gateway setup will differ based on the gateway, but ensure that you are forwarding the request to with the HTTP host header as


At this point, your DNS records should look like this in the table given below.


Screenshot 2024-03-18 at 9.20.25 AM.png



While setting up SSL, you will edit the CNAME record for and point that to CDN, proxy, or API gateway. 



  • Do not change the CNAME for, and it should still point to 123456 is an example, and it can vary for your implementation. Please refer to the documentation shared with you for link branding implementation.
  • Do not revalidate the records after configuring SSL, as the Link Branding will break.


Verify the SSL setup

Follow the below steps if your SSL is set up properly

  • To check that your forwarding and proxy setup is correct, run a dig command in the terminal to check that the first CNAME resolves at your CDN and not
    • For a dig in MacOS X, the command would be: dig cname
    • In Windows, using the command prompt (e.g., cmd.exe), an example of the command would be: nslookup -q=CNAME
  • If is in the answer or authority section of the query, you will need to double-check if your CNAME in your DNS points to your CDN or Proxy or API gateway and not
  • After this, our team would have sent you a link for testing. If you click on this link, it should take you to This is the final validation and confirms that SSL is setup properly and properly forwarded to

After successfully setting up SSL, contact the MoEngage team to discuss the next steps.

Contact MoEngage team

After you set up the SSL, the MoEngage team will take the final steps to verify the entire setup and enable SSL click tracking on SendGrid. If you are using your own SendGrid, raise a support ticket with SendGrid.




What is link branding?

Please refer to this article for more information on link branding - . This article explains why link branding is needed, why we must set up SSL, how to forward requests to Sendgrid, and some console commands to test the integration.


Why is SSL setup needed?

Top browser Chrome starts showing insecure links on the webpages when they aren't enabled on HTTPS - read more about this here. Safari browser, by default, will not even render HTTP pages, so it's recommended that SSL is set up on your domain when your customers click on any email links. At MoEngage, we have seen that some of our customers reported page loading issues on HTTP websites, so we are making SSL setup a best practice as part of the email setup, but it's not a mandatory step. Please evaluate the risks of pages not loading vs setting up SSL and take a final call.


Do I have to share the SSL certificate with MoEngage?

No, there is no need to share the SSL certificate with MoEngage. Kindly terminate SSL at your proxy, CDN, or API gateway and simply forward the request to


Wrong Link Error

Wrong Link Error happens when the forwarded request doesn't have the Host HTTP header as 

If you are using CDN, Some CDNs automatically put the Host Header from the original request; in that case, you need not take any action to add this header additionally. In Azure CDN, you must configure this by putting in the Origin host header while configuring your CDN.

If you use a proxy, you must explicitly set this Host header to, as mentioned in the setup instructions.


How do I setup a proxy using Nginx?

After you terminate SSL for on your load balancer and forward the request to your VM or proxy, using Nginx, you can forward the request to SendGrid with the right host header. You can use the following sample code to set up the Nginx Configuration. Kindly replace with your domain link. 

Nginx Conf

      location / {    
          proxy_set_header Host





Was this article helpful?
1 out of 1 found this helpful

How can we improve this article?