When you create a link in Infusionsoft’s Email Builder, you are given the option to “Place the person’s details at the end of the URL (for techies)”. But should you use this feature? The short answer: no, you shouldn’t.
The intention of this feature is to make it easy for web developers, and even non-developers, to utilize their contact’s data to personalize a landing page. For example, you might want to show the contact’s name or pre-fill an address box using the contact’s details.
When you use this feature, however, Infusionsoft will add several pieces of information to the end of the URL even if you don’t plan on using them, including the contact’s email address and password. Anyone who clicks that link will easily be able to look in the address bar and find your contact’s personal information. If your contact forwards the email to a friend, then the friend now has the contact’s password. Since most people re-use passwords, this can be a very serious security issue for your contact.
Even if the email isn’t forwarded, the URL along with the contact’s personal information is transmitted in plain text unless the link is pointing to a site using HTTPS. This means your contact’s password could easily be stolen (for example, if the website publishes their logs or if the user is on an open WiFi connection).
The solution to this problem is to include only the information you actually need in the URL. You can easily do this using merge fields. For example, if you wanted to link to https://novaksolutions.com/ and you wanted to include the contact’s first name, you should make sure the “place the person’s details at the end of the URL” box is unchecked and change the link to something like this: https://novaksolutions.com/?FirstName=~Contact.FirstName~. Infusionsoft will replace the merge field with the contact’s actual first name.
Does it take a little more effort? Yes. Is it worth it? Absolutely. Nothing is more important than your contact’s security.