Beyond the basic setup#
If you've followed Custom tracking domain for click URLs, you have a single click.yourdomain.com CNAME working. This guide is the advanced companion — patterns for production scale.
Pattern A: Multiple tracking domains by campaign type#
click-marketing.brand.com → marketing emails
click-txn.brand.com → transactional (password resets, receipts)
click-anno.brand.com → announcements (product launches, policy updates)
Reasons to separate:
- Reputation isolation — if marketing click-tracker ever gets blocked (rare; can happen via Cloudflare cache poisoning), transactional links keep working
- Per-type analytics — your CDN analytics show traffic per tracking subdomain
- Per-type security policy — transactional can enforce stricter HSTS / CORS than marketing
Setup: register each subdomain as a separate tracking domain in AcelleMail. Attach to different sending servers (matching the campaign type).
Pattern B: HTTPS enforcement#
By default the redirect serves over both HTTP and HTTPS. Force HTTPS-only:
- AcelleMail admin → Sending → Tracking domains → [your domain] → Settings
- Enable "Force HTTPS"
- Ensure your DNS host's TLS cert covers the subdomain (Cloudflare Full/Strict mode or Let's Encrypt on the AcelleMail host)
After enforcement, HTTP requests get 308 → HTTPS. Old links in archived campaigns still resolve (no breakage).
Pattern C: CDN front-end for global latency#
Tracking-redirect adds ~50-200ms per hop depending on recipient's network distance to your AcelleMail server. CDN front-end:
[recipient click] → CDN POP (5-20ms) → AcelleMail origin
Setup (Cloudflare example):
- Add
click.yourdomain.com as a Cloudflare DNS record (proxied = orange cloud)
- Set Cloudflare SSL mode to Full (Strict) for security
- Configure Cloudflare Page Rules:
- Cache Level: Bypass (don't cache redirects; AcelleMail does click counting)
- Always use HTTPS: On
- Browser Cache TTL: Respect existing headers
End result: clicks routed through Cloudflare's edge POPs; latency drops 50-150ms for non-US recipients. Cost: $0 (Cloudflare Free tier handles this).
Pattern D: Per-region tracking domains#
For truly global audience with strict latency requirements:
click-us.brand.com → US-region AcelleMail instance
click-eu.brand.com → EU-region AcelleMail instance
click-apac.brand.com → APAC-region AcelleMail instance
Each region's AcelleMail uses its own tracking subdomain. Campaign router picks the right tracking subdomain based on recipient region tag.
For most senders Pattern C (Cloudflare front-end of a single tracking domain) is enough. Pattern D is for $1M+/mo email programs.
Pattern E: Security headers
The tracking endpoint redirects to external URLs. Modern security headers protect against various attacks:
Add via nginx config (in front of AcelleMail):
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Frame-Options "DENY" always;
For Cloudflare-fronted setups, configure these via Cloudflare's Page Rules / Workers.
Verify the full setup#
Open the sending-domain detail#
In AcelleMail's sidebar, Sending → Sending domains. The list shows every domain you've registered with status chips (Verified / Pending / Failed) and per-auth indicators:
Click into your domain row. The detail page surfaces exactly which DNS records to publish (TXT for SPF, CNAMEs for DKIM, TXT for DMARC) with copy-paste-ready values + current verification state per check:
Each tracking domain should show Verified in the list. Click into any to see DNS record details + recent traffic stats.
After a campaign send, open the Links report:
Verify the displayed URLs include your custom tracking domain (not acellemail.com default).
The Click log shows per-click events with which tracking domain processed each:
Common UI signals + fixes#
| Symptom |
Likely cause |
UI fix |
| Tracking domain stays Pending indefinitely |
DNS propagation slow OR CNAME pointing wrong target |
dig click.yourdomain.com — verify CNAME resolves; check value matches AcelleMail's expected endpoint |
| HTTPS redirect breaks on some recipients |
TLS cert not covering subdomain |
Check Cloudflare or Let's Encrypt covers click.yourdomain.com |
| CDN front-end adds tracking issues |
Cloudflare caching the redirect |
Page Rule: Cache Level Bypass for tracking subdomain |
| Per-region routing not picking right domain |
Recipient region tag missing |
Verify subscriber has region tag (tag:us, tag:eu, etc.) |
| Old campaign links break after change |
Old tracking domain decommissioned |
Keep old tracking domain active for 30+ days after switching new campaigns |
Programmatic verification#
# Daily check: ensure tracking domain is rewriting correctly across recent campaigns
campaign_uids=$(curl -sH "Authorization: Bearer $TOKEN" \
"https://acellemail.com/api/v1/campaigns?limit=5" | jq -r '.data[].uid')
for uid in $campaign_uids; do
url=$(curl -sH "Authorization: Bearer $TOKEN" \
"https://acellemail.com/api/v1/campaigns/$uid/links" \
| jq -r '.data[0].url')
if [[ "$url" == *"click.yourdomain.com"* ]]; then
echo "✓ $uid: tracking domain correctly applied"
else
echo "✗ $uid: NOT using custom tracking domain — investigate"
fi
done
Run as a daily cron. Catches misconfiguration before customer complaints arrive.
Advanced: Cloudflare Workers for tracking-domain enhancement + custom redirect headers + click-event webhooks
Cloudflare Workers for tracking-domain enhancement:
// click.yourdomain.com handled by Cloudflare Worker
addEventListener('fetch', event => {
event.respondWith(handle(event.request))
})
async function handle(req) {
// Pass through to AcelleMail origin
const url = new URL(req.url)
url.hostname = 'acellemail.com' // your origin
url.protocol = 'https:'
// Add custom headers
const headers = new Headers(req.headers)
headers.set('X-Forwarded-By', 'cloudflare-tracking')
// Fetch from origin
const response = await fetch(url.toString(), {
method: req.method,
headers: headers,
body: req.body,
})
// Modify response (e.g. add security headers)
const newResponse = new Response(response.body, response)
newResponse.headers.set('Strict-Transport-Security', 'max-age=31536000')
newResponse.headers.set('X-Frame-Options', 'DENY')
return newResponse
}
Useful for: A/B testing redirect destinations, adding request logging, applying custom rate limits per-IP.
Custom redirect headers:
AcelleMail's redirect responds with standard 302/308 → external URL. Add tracking via response headers:
HTTP/1.1 302 Found
Location: https://target.example.com
X-AcelleMail-Campaign: campaign-uid
X-AcelleMail-Subscriber: subscriber-uid
X-AcelleMail-Tracking-Domain: click.brand.com
Useful for: downstream analytics tools (Mixpanel, Segment) that watch redirects from your domain.
Click-event webhooks:
When recipient clicks a link, AcelleMail can webhook the event to your real-time analytics:
- AcelleMail admin → Webhooks → Add webhook
- Event:
subscriber.clicked
- URL:
https://your-analytics.example.com/webhook/clicks
Webhook payload:
{
"event": "subscriber.clicked",
"campaign_uid": "...",
"subscriber_uid": "...",
"tracking_domain": "click.brand.com",
"destination_url": "https://target.example.com",
"click_at": "2026-05-20T14:30:00Z",
"user_agent": "Mozilla/5.0..."
}
Real-time click stream into Mixpanel / Segment / your data warehouse — without waiting for daily AcelleMail report exports.
Per-recipient tracking-domain customization:
For premium tenants in SaaS setups, give each their own tracking domain via:
Customer A: click.customerA.com
Customer B: click.customerB.com
Each customer's sending server in AcelleMail attaches their own tracking domain. Customer A's emails route through click.customerA.com; Customer B's through click.customerB.com. Per-customer brand parity.
Tracking-domain rotation patterns:
Most senders use 1-2 tracking domains. Some operators rotate per-campaign for variance:
Marketing campaign 1: click-a.brand.com
Marketing campaign 2: click-b.brand.com
Marketing campaign 3: click-a.brand.com (rotate)
Minor reputation diversification. Marginal value; only worth it for very-large-volume senders.
Related articles#
