Fixed in HTTPSE upstream in https://github.com/EFForg/https-everywhere/commit/813ccfd171e5696499060ae464c0f2f676da914f

since this is about donate.wikimedia.org it should actually have Fundraising tags/projects. trying to add those.

We are aware of this issue and unfortunately don't have a good solution at this time. It is a result of the program we use to send our appeal emails, however once the handoff happens between our email client and our donation page, the donor is taken to an https page. No data is requested from the donor on an http page, and the only page they actually see is https. Here's what I ultimately see when I click on a link from our emails:

https://donate.wikimedia.org/wiki/Sep2014enUS_noquote?utm_campaign=C14_Email2&utm_medium=email&utm_source=sp47725973&hpc=

We have a prepared response for donors who contact us about this problem and an easy solution: simply visit donate.wikimedia.org directly or click on the sidebar link on Wikipedia, and they can get around this http to https handoff. We'll continue to look for a better solution.

So the WMF is ready to never get a green check in the "encrypt the web" EFF report? https://www.eff.org/encrypt-the-web-report

I guess T114010 is now the blocker, when it's resolved this bug can be fixed.

In T74514#2040989, @CCogdill_WMF wrote:

Reopening (and resolving) this task to say Fundraising Tech has successfully set up email click tracking through donate.wiki (see T114010). We had our first round of emails go out this morning with our ESP's click tracking turned off after comparing data between the two click tracking systems over the last week.

Thanks. Can you tell us how the new URLs in emails look like, so that we know how to answer next time people ask about suspect phishing? Thanks.

Sure @Nemo_bis, here's a sample link from an email that went out last week:

https://donate.wikimedia.org/?utm_campaign=C1516_Email3&utm_medium=email&appeal=Appeal-JimmyQuote&utm_source=sp50722338&hpc=0&uselang=sv&contact_id=&link_id=2

Let me know if you have any questions about that.

So is links.email.donate.wikimedia.org still in use? If not, can we remove it from the DNS record?

It will be in use for another couple of weeks, until the Swedish banners
come down. We have an active automated email program tied to the banners,
and if we pause it while active we will cause the program to fail for
donors currently enrolled. I can update this task once all the Swedish
emails are out.

Le lundi 22 février 2016, Chmarkine <no-reply@phabricator.wikimedia.org> a
écrit :

Chmarkine added a comment.

So is `links.email.donate.wikimedia.org` still in use? If not, can we

remove it from the DNS record?

TASK DETAIL

https://phabricator.wikimedia.org/T74514

EMAIL PREFERENCES

https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: CCogdill_WMF, Chmarkine
Cc: Nemo_bis, CCogdill_WMF, wikibugs-l-list, Chmarkine, Dinoguy1000,
Seb35, Krenair

In T74514#2051351, @CCogdill_WMF wrote:

Sure @Nemo_bis, here's a sample link from an email that went out last week:

https://donate.wikimedia.org/?utm_campaign=C1516_Email3&utm_medium=email&appeal=Appeal-JimmyQuote&utm_source=sp50722338&hpc=0&uselang=sv&contact_id=&link_id=2

Thanks, that's easy to remember and I'm confident we'll get few questions about it. :)

https://links.email.donate.wikimedia.org/

links.email.donate.wikimedia.org uses an invalid security certificate. The certificate is only valid for the following names: *.links.mkt41.net, links.mkt41.net

this still linked to from https://wikitech.wikimedia.org/wiki/Httpsless_domains and there is a cert error

In T74514#2054126, @CCogdill_WMF wrote:

It will be in use for another couple of weeks, until the Swedish banners
come down.

let me create a subtask to remove this from DNS so we don't forget this

Apologies @Dzahn, you're totally right. We don't use the
links.email.donate.wikimedia.org domain anymore. I was remembering old
times.

So yes, I think we can remove the DNS record for that domain. We should
keep the mtk41 domain record active for another 2 weeks.

@CCogdill_WMF thank you, that is good news. i was just going through that old wiki page

Closing the loop on this, finally! We no longer need to support Silverpop's
domains (mtk41 or mkt4477.com, I believe are the only main domains?) for
click tracking.