@nin10  @yellowpjs 

If it helps at all think of it this way. The VM email website is secure as it has a valid certificate and you connect to it over https or SSL - all fine. Now imagine I send you an email, and in this email I have a signature which uses a company logo, say. Now the email I send you doesn’t actually embed the logo graphic into the message, but rather has a link to, say my website, where the logo is stored. When your browser tried to display the email, it goes off and retrieves the logo image from the link I have embedded in.

Now also imagine that I am too cheap or incompetent to have a proper certificate for my website and hence it can only be accessed via http rather than https?

What happens now is that your browser thinks, well the main website itself (ie mail2.virginmedia.com) is secure, but this page that I need to display is using an element which is being loaded from a site which I can’t confirm as being secure. In the past this wouldn’t necessarily have mattered but newer versions of most browsers will now ‘play safe’ and decide that the entire website is insecure and kick off accordingly.

Now I happen  to agree with @ravenstar68 and think that this really is causing some unnecessary concern to end users, yourselves being a case in point. The justification is that the browser developers (in particular Google with the Chrome browser) are trying to gently push all websites to have proper certificates.

I suspect that what they hope is, say you find that every email you get from the ‘Acme Ice Cream Company’ causes your browser to throw a fit, then maybe you will stop trading with the Acme Ice Cream Company and the loss of custom might encourage them to get their act together and sort their website security out.