Skip navigation
All Places > Support > Blog > Author: Roxann McGlumphy


9 Posts authored by: Roxann McGlumphy Employee

You are opening a support case and you need to set a priority level, but which one do you choose?  Here is my personal take on what the priority levels mean.


Let's imagine your Marketo is a person who isn't feeling well, so you have decided they need medical attention.  Here are your priority levels.

  • P3 - We need to go to the doctor.
  • P2 - We need to go to the emergency room.
  • P1 - Oh god, someone call an ambulance!


So when you are opening a case, ask yourself "Do I really need an ambulance for this Marketo issue?  Do I need to go to the emergency room or will a regular doctor's visit do?"


Now if someone called an ambulance for a bad stomach ache, you might think they are over-reacting.  Surely a visit to the emergency room would do just fine, right?  And if someone is routinely going to the emergency room, you would think they are either a hypochondriac, or they have some underlying serious health issues that need to be addressed. With this in mind, if you are routinely opening P2 cases, you may want to consider whether your issue warrants a trip to the ER, or you may want to look into addressing the root cause of the Marketo health issues that keep arising.  And just like a doctor would rather get you healthy in the long run, I would be happy to help you, in my capacity as Marketo Support, resolve the base issue rather than treat the symptoms.

Is this article helpful ?


Recently, I've had a number of cases caused by customers getting themselves tangled up in Smart List filter logic, so I thought I would do a blog post on how AND/OR logic works in Marketo.


It's not surprising that people would be confused, because "and" and "or" are used differently in English than they are in filter logic.  For instance, if I say "Don't go to the liquor store or the casino," I mean that I don't want you to go to the liquor and I don't want you to go to the casino.  I want you to stay away from both of them or you will be in trouble.  However, if I say that to Marketo, the OR logic works like this


IF Not Went to Liquor Store = True (whether or not you went to the casino), THEN Not in trouble

- OR -

IF Not Went to Casino = True (whether or not you went to the liquor store), THEN Not in trouble


AND logic works differently in English as well.  If I say "People who do yoga and people who lift weights are physically fit," I mean that people who do either activity are physically fit.  However, Smart List logic interprets AND this way


IF Does Yoga = True AND Lifts Weights = True, THEN Physically Fit.


With the AND logic, only people who do both yoga and weight-lifting are physically fit.


So, counter-intuitive as it may sound, in Smart List logic, we use AND to exclude people, and we use OR to include people.  To illustrate this, let's pretend I want to start a club.  The traits I want in my club members are


  • Red hair
  • Green eyes
  • Female


If I use AND logic (also known as ALL logic), then the only people who can join my club are people who are women AND have red hair AND green eyes.


Since there aren't that many red-haired, green-eyed women, my club is pretty exclusive.


But let's say that I want more people in my club, so I change my logic from AND/ALL to OR/ANY.  Now my membership includes


  • All women regardless of hair or eye color
  • All green-eyed men, regardless of hair color
  • All red-haired men, regardless of eye color


With ANY/OR logic, my club has a lot more people in it. 




Maybe that's too many people.  AND/ALL logic gave me too few people, OR/ANY logic gave me too many.  Advanced logic gives me the ability come down somewhere in between.  In this case, let's make the club ladies only.  Since I want to exclude the guys (sorry guys!) I am going to use AND logic with the gender requirement, but since I want flexibility on hair and eye color, I will use OR logic there.


My filters would be


#1 - Gender is Female

#2 - Hair Color is Red

#3 - Eye Color is Green


and my advanced logic would be: 1 AND (2 OR 3).  My resulting club members are all women who have either red hair or green eyes, or both.


I use OR to include women based on hair and eye color, but I use AND logic to exclude people whose gender is not female.


So if you are working on a Smart List and it seems to be pulling in too many leads, check the OR logic you are using.  If you don't have enough leads, check the AND logic, and adjust accordingly.

Is this article helpful ?


Wikipedia defines SPF as follows: 


Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.[1] The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques.


Again, this is a very nice technical explanation but what does it mean?  I think of it as being something like the security that many companies maintain at their front desk, so the scenario would go something like this.


A delivery person dressed in a Marketo uniform walks up to the front desk of your lead's company (email server), and says to the person at the desk (who in our analogy would be the email security software), "Hi, I'm here to deliver email from to"


The front desk/email security person looks up and notices the uniform says Marketo, not Yourcompany.  Depending on their security settings, they might just assume this is okay and buzz Marketo in to make the delivery.  However, if they are security-conscious, they are going to want proof that Marketo isn't trying to trick them with a phony delivery (spoofing an email).  SPF gives them the ability to call back to the DNS at Yourcompany and ask, "Hey, I've got someone here from Marketo who claims to be making a delivery for you.  Is this an authorized delivery?"


If Marketo is correctly included in the SPF record, then effectively, this allows the DNS to tell them, "Yes, Marketo is authorized to make deliveries from us."


So how does this differ from DKIM?  According to Wikipedia:


DKIM allows the receiver to check that an email claimed to come from a specific domain was indeed authorized by the owner of that domain which is done using cryptographic authentication.


Verification is carried out using the signer's public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.


So if we go back to our analogy of the delivery at the front desk, it works a bit like this.  When the front desk calls the DNS to make sure the delivery is authorized, Marketo has to produce an ID badge with an authorization code on it.  The front desk/email security person reads that authorization code to the DNS which validates it against the code it has on record.  If the code matches, then the delivery is authorized.


Some email security programs require SPF, some require DKIM, and some don't require anything at all.  To be sure Marketo can always make your deliveries, you should always have both set up for each domain you use in the From: line of your emails.


Instructions for setting up SPF and DKIM can be found here.

Is this article helpful ?


There seems to be a lot of confusion about what these are and what they do, so I thought I would do a little post on it to try and clear it up.  Let's look at CNAMEs first.


CNAME is short for "canonical name" and if you look it up on Wikipedia, they define it like this:


A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the "canonical" domain.


OK, great, but what does that mean?  Here's how I picture it in my imagination.


Imagine that the internet is some sort of vast, mind-boggling library, and the DNS is a kind of reference desk for a given section defined by a domain, such as your company's domain.  So a browser walks up to the reference desk/DNS at and says, "Could you help me?  I'm looking for this resource - it says it's located in '' but I don't see a 'pages' shelf in this section." 


The DNS/reference librarian looks up '' in their directory, sees the CNAME record, and points across the way to a reference desk over in the Marketo section.  "Ah, yes," says the librarian, "go ask over in the Marketo section and they should be able to help you find the resource you are looking for."


This is true of both the landing page CNAME and the email tracking link CNAME.  The main difference between the two is that when you go over to the Marketo desk for the email tracking link, it makes a note in its log that you clicked a link in an email before it takes you to the page.


So how does setting up CNAMEs contribute to deliverability?  It has to do with unifying the information you are presenting to your customer.  If your email says "" in the From line, but all the links inside the email point to "", and those links take them to webpages on "", that doesn't look quite right.  An email security program that is on guard against spoofing might decide that email looks too sketchy to send to the inbox.  Also, the person receiving the email might have a similar reaction - "Why does the From line have a different domain than the links in the email?  Is this legit?" - and they could junk it or even report it just to be sure.  But with CNAMEs, your email has "" in the From line, the email links all say "" and the landing pages are all on "", so your company's identity is retained throughout the communication.


A common mistake I see is that people try to set up SPF and DKIM for their CNAMEs - don't do this.  SPF and DKIM should not be set up for your CNAME domains, they should be set up for any domain you intend to use after the '@' in your From and Reply-To addresses.  I'll go over SPF and DKIM and what they do in my next post.

Is this article helpful ?


It's not an uncommon case here in support - Marketo says the email was delivered, but the lead says they never got it.  What happened?


Because I love analogy here's how I think of it:


Delivering email to a server is rather like delivering regular mail to a company.  The post office doesn't come into the office and deliver the email to every individual desk, they deliver it to the mailroom and the clerks in the mailroom are responsible for getting the email to the desk or inbox of the appropriate person.  Just as the post office considers the mail delivered when it is dropped off at the mailroom and doesn't know how the mailroom handles it from there, Marketo considers an email to be delivered when it's accepted by the server and loses visibility to what happens to it from there.


So in our virtual mailroom, the clerks have instructions to sort out spam and possibly malicious email.  Depending on the instructions they have been given, they may throw some of the email away, or they may send it to the recipient but put it in the Junk/Spam folder.  Why they do so is not something the post office/Marketo can see or speak to, but we can help the the recipient's IT department start to figure it out.


What Marketo can do is provide the recipient's IT department with the timestamp, return-path, sending IP, and receiving IP from our logs. This would be like the post office providing the mailroom supervisor with the time the mail was delivered, the mail carrier who made the delivery, and the mailroom clerk who received the delivery.  Then they can go to the right mailroom clerk and ask, "What did you do with the email for so-and-so that we received on this date?", and since email servers log everything (which mailroom clerks usually do not) they can get the answer to this question.  After the IT department determines why the emails are not being delivered, we can help them make the necessary adjustments to allow the email through, usually by altering or updating their whitelist.


There's one more behavior you can sometimes get from a very security-consious email server/mailroom.  Sometimes you will look at an activity log and see that some or all of the links in the email were clicked immediately on delivery.  Obviously, people need some time to receive, open, read, and click on emails, so this insta-click looks weird, but what is causing it?  Well, some email security software packages have what is called link testing.  The email security software itself clicks on the links in the email to check for malicious sites before delivering it into the inbox.  This would be kind of like having a mailroom clerk open and check all the mail before delivering it.  In the Marketo system, clicks are clicks, whether they come from a person or from an email security bot, so this can sometimes throw off your engagement statistics.  Link testing in email security is not super-common, though, so it shouldn't be to much of an issue.  It's just good to know  what is causing this otherwise baffling behavior.

Is this article helpful ?


Frequently people ask me for clarification on the different sorts of IPs Marketo offers, and the pros and cons of each, so I thought I would write a post on it, and since I love analogies, that's what I am going to do here.


There are three kinds of IP that Marketo offers, shared, trusted, and dedicated.


Being on a shared IP is kind of like living in an apartment building.  The upside is that it costs less than living in a house, but the downside is that you can be affected by the neighbors who share a roof and walls with you.  If one neighbor throws a wild party, all the neighbors get to hear it.  If someone starts a fire in their living room, the fire department evacuates everyone from the building, no matter who started it.  Similarly, on a shared IP, if one of your neighbors hits a spam trap, then the entire IP and everyone on it suffers the consequences until the IP is delisted.  If you get sick of having to deal with your neighbors in the Shared IP Apartments, what are your options?


One option would be to move to the Trusted IP instead.  It's a shared IP range reserved for low-volumes instances with good marketing practices.  It costs the same as the shared IP, but there's a  application process to qualify and not everyone can get in.  So it's kind of like living in an apartment that does a credit and reference check before letting you in and has a very strict on-site manager who evicts people who misbehave.  The upside is, it's a nice, quiet place to live at no extra price, but on the downside, if you slip up, you may find yourself headed back to the Shared IP Apartments.


If you send more than 100,000 emails per month and you are done with "apartment living", you might want to spend the money to get your own house - a dedicated IP.  With your dedicated IP house, you don't have to worry about whether or not the person on the other side of a wall has a loud party or leaves candles unattended, because you have the whole thing to yourself.  Of course, you do have to spend a little extra on it, and if you leave a candle unattended and burn the place down, you have no one to blame but yourself.


If you are currently living in the Shared IP and want to make the make the move to Trusted, you must meet the following requirements: You must not be responsible for any spamtrap hits in the past year, you must send less than 75,000 emails per month, and you must adhere to best practices in your lead acquisition (opted-in leads and current customers, no purchased lists).  You can find the application for Trusted IP here -



Is this article helpful ?


In a previous post, I talked about troubleshooting hard bounces.  In this one, I'm going to talk a bit about soft bounces, specifically soft bounces due to throttling.


What is throttling?


Throttling is an issue that occurs primarily with the large ISPs such as AOL, Yahoo, and Hotmail.  When the ISPs are experiencing high volumes, they will throttle bulk email senders such as Marketo.  It works kind of like this:


Marketo walks up to ISP with a big basket of emails.


Marketo: Hi, I'm here to deliver these emails--


ISP: I'm busy.  Come back later.


(Two minutes later)


Marketo: Hi, I'm back to deliver these emails?


ISP: I'm busy...Fine!  I'll take this many. (Grabs a handful of email.)


Marketo: What about the rest?


ISP: Come back later.


(Four minutes later)


Marketo: Hi, I'm back to deliver these emails?


IP: I'll take this many. (Grabs a handful of email.) Come back later.


(Eight minutes later)


...The cycle repeats with the time interval doubling each time.



Marketo is pretty patient, it will keep coming back and trying to deliver for 24 hours (36 hours for AOL). While it is still attempting to get the ISP to accept delivery on the emails, the emails will show in reporting as status "Pending."  Once the 36 hours are up, Marketo will give up and bounce or soft bounce the emails as appropriate.


The challenge with throttling is that it's like weather or traffic congestion - there's not a lot you can do about it.  One strategy is to break out your sends into smaller blocks - if you think of Marketo with the basket of email, it might be better to have multiple baskets and hope that the ISP takes a handful from each one.  If you have a large number of leads on the commercial ISPs, you might even want to break each one out to a separate send.  This doesn't necessarily help with the throttling, but it does give you better visibility to possible throttling issues that may be occurring on a specific ISP.


A third strategy is to try and massage your sender reputation, to make the ISP more likely to accept your email.  To go back to my nightclub analogy, if you have a bunch of girls who want to get into the nightclub together, they usually send the cutest one of the group to go charm the doorman.  From an email perspective, you want to send to your most engaged leads first - people who are likely to open and click on your emails, improving your reputation.  The next day, you send your somewhat engaged leads, and the day after that, your least engaged leads.


If you're seeing persistent throttling, evidenced by high rates of pending mail and subsequent 'soft bounces' once the retry window is over, please reach out to support.  Our deliverability team may be able to mediate on your behalf with the mailbox provider.


If you are in the B2B space and don't deal much with the large consumer ISPs, the chances are that throttling won't have a big impact on your deliverability.  In the B2C space, however, throttling can definitely step on your overall email performance.  Setting up reporting to keep an eye on your emails and trying different strategies to mitigate the effect can be an important part of your email marketing practice.



Is this article helpful ?


Let's say that you have a weekly newsletter that you send out through Marketo and every week your deliverability is 95% or better - except last week!  Your deliverability was only 80%!  What the heck happened!?


To find out, we pull up a quick Email Performance Report for the email in question and see what it says.  Let's say, for the purposes of this entry that you see a big spike in hard bounces.  (Soft bounces deserve their own write-up.)  I should clarify what Marketo considers a Hard Bounce.  Marketo considers a bounce to be a hard bounce if we get a definitive "NO" from the recipient server.  The server might say "NO" to the delivery because the email address is invalid, or it could say "NO" because it believes the email is spam.  How do we tell whether our spike in bounces was due to invalid emails or due to spam rejection?  We can do this with a Smart List, using the filter 'Email Bounced' and the 'Category' constraint.  Category 1 bounces are spam bounces, Category 2 bounces are invalid email addresses.


If the majority of the bounces are Category 2 - Email Invalid, then you will want to go back to your lead database to see if new leads were added, perhaps incorrectly.  However, if the majority of the bounces are Category 1, we need to figure out how you got flagged as spam.


When an email to a lead bounces as spam, a couple things happen.  The first is that the lead is set to Email Suspended, and the suspension lasts 24 hours.  During that time, it cannot receive any emails from Marketo, and it is not possible to undo the Email Suspended.  You just have to wait it out.  The field 'Email Suspended' is a historical field.  A more accurate name for this field would probably be "This email was suspended at some point in its history."  The actual suspension only lasts 24 hours, so to see if the lead is currently suspended, check the timestamp on the 'Email Suspended' field.  If it is more than 24 hours ago, the lead is not currently suspended.


The second thing that happens is that the actual bounce message received from the recipient server is written to the 'Email Suspended Cause' field.  This field can be full of great information.  To make use of it, let's go back to our Smart List of Email Bounced, Category 2 leads and edit the view so we can see the 'Email Suspended Cause' field.  You will probably need to extend the width of the field to be able to read the bounce messages, but once you've done so, you will be able to scroll down the list of leads and read all the bounce messages we received.


A note about bounce messages: they aren't standardized so don't get too wrapped up trying to decode them.  The admin of an email server can configure their bounce messages to say literally anything.  I saw one bounce message that simply read "Go away."  Some will be totally generic, some will be strings of meaningless characters, but some of them - the ones we are looking for - will tell us the name of the blacklist that caused the email to be bounced for spam.  The most common is Spamcop and the bounce messages may look something like this:


550-"JunkMail rejected - []:48340 is in an 550 RBL, see Blocked - see"


You may also see blacklists for Symantec, TrendMicro, or ATT.Net.  While they are independent and maintain their own reasons for listing, they often reference major blacklists such as Spamcop and so a Spamcop hit can have far reaching consequences.  Marketo actively manages our relationships with the various blacklist organizations, and some delist automatically after a certain period of time, so by the time you get around to looking at your deliverability for an email, we may be back off the blacklist.


Seeing Spamcop in your 'Email Suspended Cause' field, your next question is likely to be "Did I hit a spam trap?"  The answer to that is a maybe, but maybe not.  If you are on a shared IP, it may be that someone else on the IP hit the spam trap, but everyone using that IP is affected.  I think of being on the shared IP sort of like being a tenant in an apartment building.  If one of your neighbors accidentally starts a fire in their living room, you get evacuated from the building along with everyone else, even though you never so much as struck a match.  It's one of the downsides of sharing a resource with other people.


If it was you that hit the spam trap, Marketo will notify you and request that you go through the remediation process to remove possible spam trap leads from your database.  If you fail to do so, you will be moved to the quarantine IP so that you can't continue to impinge on the deliverability of your neighbors.


Chances are, however, it wasn't you.  The short-term solution is to wait out the 24 hours and resend the email to the people who didn't get it.  But what's the long-term solution for people who don't hit spam traps and who don't want to suffer because of someone else's poor sending practices?  There are two options.  If you send at least 100k emails per month, you can get a dedicated IP - move out of that apartment building into your own home, so you aren't sharing a roof and walls with anyone else.  If you send less than 75k emails per month and you haven't hit any spam traps yourself, you can apply for the Trusted IP range, which is a range of IPs reserved for Marketo accounts whose clean email practices keep them out of spam traps and blacklists.  If you would like to apply for the Trusted IP range, you can do so here:


If you don't see any indicators of blacklists in the "Email Suspended Cause" field (which is what it will be, 90% of the time), and instead you find a lot of generic bounce messages - "Blocked by policy", "Access denied" - then make sure your DKIM and SPF records still verify.  I've seen more than one SPF or DKIM record removed by IT staff who didn't realize it's importance, and more than one email sent using a domain in the From: line that wasn't set up with SPF and DKIM.

Is this article helpful ?


When I explain things, I like to do so using analogies.  Here is the one I like to use when people ask me how they can improve their deliverability.


So, imagine there's this hot new nightclub in town called The Inbox, and you really want to get in.  If you want to get past the doorman, you are going to need to be well-dressed, well-known and liked, you can't have a history of getting thrown out of bars for bad behavior, and you need a valid ID.  In deliverability terms, it breaks out like this:


  • Well-dressed - This is your content.  You don't want it looking spammy, so make sure your content and design are on point.
  • Well-known - This is your reputation.  Do people open and click on your emails?  Great!  People like you!  If your emails go straight to the trash over and over, however, this isn't good for your reputation, so it's best to focus your efforts on leads who opt in and interact with your content.
  • Don't get thrown out of the bar - Don't hit spam traps, stay off blacklists.  If you have a history of hitting spam traps, you'll get a rep as a troublemaker and they will stop letting you in.
  • Valid ID - This is your SPF and your DKIM.  You should have both set up because a lot of people won't let you in without it.


There's one more thing to consider - getting on The List.  You know how people cut to the front of the line and tell the doorman, "I'm on the list," and they get right in?  That's the whitelist.  Whenever possible, get your important customers to whitelist you.  If you have a dedicated IP, this is pretty easy.  If you are on the shared IP, this can be a little trickier.  Sometimes customers push back and are unwilling to whitelist all of the Marketo network. Fair enough.  In that case, it may be possible for a customer to whitelist something other than Marketo IPs to ensure delivery of Marketo email only from a specific instance.  For this we recommend using regex version of the Return Path header.  Because this header changes dynamically this regex creates wildcards where the dynamic information is.   Because the Return Path is specific to the Marketo instance, if you would like to use this option, contact Marketo Support and we can provide you with the regex Return Path header for your instance.

Is this article helpful ?