Skip navigation
All Places > Support > Blog
1 2 3 4 5 Previous Next


67 posts

As you might know, Terra Mail will shut down their free email service at the end of June, specifically by the end of the day on June 30th. Since those domains will no longer be mailable, we will block any and all mail to the following domains on that date:


Of course even if we didn't set up new blocks to those domains you would not be able to reach those leads, but starting on June 30th those leads will bounce internally rather than from external sources.


Since Terra Mail was a popular email service in Spain and Latin America your marketing might not actually be affected by the closure if you do not do business in those regions. However, if you do, we recommend identifing engaged customers who have addresses at one of the above domains and ask them where they want to receiving their future communication.


Chris Huff

Compliance Lead

Email Privacy and Deliverability team


Is this article helpful ?


I haven't had a case on this in quite some time, so I was a little bit excited to get a "My Calendar file is doing something WEIRD!" case.


Here's the thing with .ICS and calendar files, they are incredibly simple creatures, they don't have any way of holding font/formatting, etc. As a result, Outlook looks for specific things to control the look and feel of things in the description area.


This can result in unintentionally hilarious results:

One of the key things it looks for is a colon followed by a hard enter. Anything following :

Ends up being bolded and blue.


The only way to fix it is to go back to the "hilarious results:" and change it to something else, say "hilarious results -" that would be fine.

So if you have a line in your ICS that says "Phone:" followed by a hard enter... yup. Bold and blue. You can also "escape" characters by preceding them with a backslash so \: would work as well.


If the first line of your ICS file starts with a capital letter, it will think you're trying to make it a header and make it also bold and blue.

BUT - If the first line ENDS with a punctuation mark, it will be treated normally and be read as text.


So Line 1: "Welcome to our Webinar"

vs. Line 1: "Welcome to our Webinar!"



There's another way that ICS files

Will trigger header formatting:

It has to do with line breaks.


Because .ICS files are just plain text files, line breaks are stored by a special character of \n (for "New Line"). If you have two line breaks in a row (\n\n), followed by 3 or more lines of text, again, it thinks you're typing header information and again, it converts to bold and blue. You can fix this by downloading the ICS file, saving it to your computer and editing it with a text editor like Notepad. You should be able to immediately see the \n\n characters and be able to fix it.


The case that popped up today which triggered this whole memory chain was involving my tokens. Back in the day there was a bug in emails where if you had multiple {{my.tokens}} in use, but one of them was typed wrong it would prevent ALL tokens from rendering in the email, not just the one that was bad. We fixed that, which is great! But it looks like the bug is still present in the calendar file rendering.


So if your description contains:






That will actually cause all 3 to fail, because it's token#3 not tokne#3. Correcting that one typo will make all three tokens work.


There really isn't a good repository of all the .ICS tips and tricks, these are just the ones I have encountered, I'm sure there are many, many more than this. If you know of other good examples, please feel free to list them in the comments!

Is this article helpful ?


You are opening a support case and you need to set a priority level, but which one do you choose?  Here is my personal take on what the priority levels mean.


Let's imagine your Marketo is a person who isn't feeling well, so you have decided they need medical attention.  Here are your priority levels.

  • P3 - We need to go to the doctor.
  • P2 - We need to go to the emergency room.
  • P1 - Oh god, someone call an ambulance!


So when you are opening a case, ask yourself "Do I really need an ambulance for this Marketo issue?  Do I need to go to the emergency room or will a regular doctor's visit do?"


Now if someone called an ambulance for a bad stomach ache, you might think they are over-reacting.  Surely a visit to the emergency room would do just fine, right?  And if someone is routinely going to the emergency room, you would think they are either a hypochondriac, or they have some underlying serious health issues that need to be addressed. With this in mind, if you are routinely opening P2 cases, you may want to consider whether your issue warrants a trip to the ER, or you may want to look into addressing the root cause of the Marketo health issues that keep arising.  And just like a doctor would rather get you healthy in the long run, I would be happy to help you, in my capacity as Marketo Support, resolve the base issue rather than treat the symptoms.

Is this article helpful ?


Making changes to your subscriber-facing brand or domain is a great time to rethink your subscriber experience!  Avoid the surprise of unsubscribes and complaints by communicating your brand change early and often.  Here are some considerations.

  • Change the “friendly from,” sending address or domain to a name that resonates with subscribers
  • Make sure the new address is not too long so that it renders as expected in the inbox.
  • Think about using subdomains to denote different mailstreams if appropriate.
  • Let your subscribers know in advance that a change is on the horizon.
  • Monitor closely your open, click, unsubscribe and complaint rates throughout the transition.  It is common to see a drop in responsiveness or an increase in complaints or unsubscribes during the transition as members may not recognize your new brand immediately.  They may complain, but if you let them know in advance, you will mitigate the risk.
    • Tell your subscribers early and often about the change leveraging your friendly from, subject line, website, message headers and pre-header text, footers, email preference center, etc.  Provide a link in the content to explain the reasons for the change.
    • Encourage your subscribers to add your new address to their address book.
    • Leverage both brands simultaneously for a period of time to familiarize your subscribers (example subject line:, formerly
    • If you’re presently using a ‘no-reply’ address, reconsider!  Invite replies, which drive positive engagement and will improve your sender reputation and inbox placement rates.
    • If you are announcing the change via an email to your entire lead database:
      • Consider a warming strategy and deploy the message over an extended period of time rather than in one batch.  This will allow you to put your best foot forward (most engaged/active subscribers first followed by your lesser engaged, higher risk segments.)  It will also allow you to manage your complaint rates and react to user feedback.
      • If you’re mailing to unengaged subscribers, actively review your bounces to ensure you are removing the unknown users swiftly.  Work with Marketo’s deliverability team to ensure the Soft Bounce logic supports you well through this process.
    • Don’t forget the landing page!  Create a compelling call to action encouraging your subscribers to click and leverage the landing page to reinforce the new brand messaging.  This is another way to drive engagement and build positive reputation for your new domain.
  • Finally…the technical specs. Don’t forget to update your authentication records to include the new brand/domain: SPF, DKIM, CNAMEs, tracking links and landing pages.  If you're mailing from a Dedicated IP, you may also want to update the return-path domain branding.  Reach out to your CSM for more info.

Is this article helpful ?




Why you should have a valid working from and reply to rather than a non-functional or "no-reply":


1) Encouraging engagement is key to maintaining a positive reputation. It demonstrates credibility to ISPs when recipients engage with your email and replying to your email and adding your address to an address book are both ways to get some positive reputation points. It is not likely that a subscriber will add "no-reply" to an address book.



2) Some subscribers will reply to unsubscribe. If that fails, they are likely to complain, which decreases your sender reputation.


3) You'll be able to capture out of office notifications that can help you clean up your database by identifying invalid addresses, like employees who no longer work for a company or to identify changes to the recipient's domain when a merger or acquisition occurs.


4) Imagine talking all the time to someone but not allowing them to reply. That's a bad relationship. That's the same message a no-reply sends to a subscriber.


5) It is important that the From Address be a valid email address, some filtering systems are validating that this is a real address that will accept mail. If the address is not a real email address this can cause mail to be blocked or undelivered.


Is this article helpful ?


Carmi Lopez-Jones, an AMAZING Deliverability Consultant at Marketo, and I presented on Marketo's University Day at Summit.  I promised to share the content we presented in this blog because our PPTs were updated from the copies you received as attendees.  And if you did not attend you get a view of what was presented at this valuable session! 


The PPT has been stripped of the branded template, but the content is intact!  Yesterday I posted the first session, "Improving Email Deliverability by Design: Best Practices and Strategies."  This session covered

  • Developing an envelope strategy using best practice recommendations
  • Understanding the email delivery landscape to prevent email delivery issues
  • Designing content and images for optimal deliverability success


Today I have the second session ready to post, "Optimizing Email Deliverability" which covered

  • Deliverability and how it’s measured
  • Important metrics to monitor
  • How to monitor your deliverability metrics using Marketo reporting
  • And how to leverage best practices to increase engagement


But I have to say, if you missed the session, the discussion in the Q&A is almost more valuable than the presentation itself - there were so many great questions asked by the audience!  See you at next year's Summit!

Is this article helpful ?


Carmi Lopez-Jones, an AMAZING Deliverability Consultant at Marketo, and I presented on Marketo's University Day at Summit.  I promised to share the content we presented in this blog because our PPTs were updated from the copies you received as attendees.  And if you did not attend you get a view of what was presented at this valuable session! 


The PPT has been stripped of the branded template, but the content is intact!  Today I am posting the first session, "Improving Email Deliverability by Design: Best Practices and Strategies."  This session covered

  • Developing an envelope strategy using best practice recommendations
  • Understanding the email delivery landscape to prevent email delivery issues
  • Designing content and images for optimal deliverability success


Tomorrow I'll have the second session ready to post, "Optimizing Email Deliverability" which covered

  • Deliverability and how it’s measured
  • Important metrics to monitor
  • How to monitor your deliverability metrics using Marketo reporting
  • And how to leverage best practices to increase engagement


But I have to say, if you missed the session, the discussion in the Q&A is almost more valuable than the presentation itself - there were so many great questions asked by the audience!  See you at next year's Summit!

Is this article helpful ?


2016-05-06_AOL to Verizon.png


Earlier this month Laura Atkins over at Word to the Wise (great blog!) talked about the AOL/Verizon merger.


"Last year Verizon bought AOL. As part of that merger some email is being migrated to the AOL backend. FAQs published by Verizon say this change is only affecting users in FL, TX and CA."


AOL Mail for Verizon Customers - AOL Help


We are viewing this as a good thing on the Email Deliverability Team.  At AOL, the postmaster team is solid, and the sending guidelines and remediation processes are pretty clear and easy. Historically, this has not always so much been the case with Verizon. In context, it probably makes sense to keep AOL as the surviving email platform, even though Verizon was the acquiring company. From this outsider's perspective, AOL seems to have the more evolved email platform.


No need to change email addresses or take an action with this change.  Users will still have addresses but the backend and filtering will be managed by AOL.


NOTE:  Some sub-accounts may not be moved, either because the user forgot about them or because they decided they didn’t want to move them. This may result in a slight increase in “user unknown” bounces from addresses temporarily.

Is this article helpful ?


What is it?

The List-Unsubscribe header is in the unseen header portion of email messages. Recipients don't see the header itself but if the receiving email network leverages the List Unsubscribe Header recipients will see an Unsubscribe button they can trust to unsubscribe from future messages. 

The header can look like this to receiving networks:


Subject: We need to implement this list-unsubscribe thing

Date: February 22, 2016 12:16:59 PM MST


List-Unsubscribe: <>

What is it important?

"The list-unsubscribe has been a very valuable tool for the email ecosystem, from consumers to businesses to mailbox providers. Over the past 20 years, consumers have slowly been trained to mistrust unsubscribe links located in the footers of email and spam, as some spammers would use the unsubscribe link to verify that the email address was a valid, active user. Once the spammers knew that, they would send them even more email rather than opting them out. In some cases, spammers would use the link as a way to install malware on an unsuspecting users’ machine."  Microsoft Changes List-Unsubscribe Requirements Melinda Plemel, 1/23/15


Does Marketo implement the List Unsubscribe Header?

Yes, for every email sent from our system Marketo leverages the mailto: List Unsubscribe Header function.


What networks are paying attention to the List Unsubscribe Header?

ISPs and spam filters view it favorably when making filtering decisions because having the List Unsubscribe header can indicate that the sender is actively working to avoid spam complaints. In fact, most major providers like AOL, Hotmail, Gmail, and Yahoo! support List-Unsubscribe functionality.

Looking specifically to Gmail, Gmail's Bulk Sender Guidelines recommend that the List Unsubscribe header be implemented.



























How the List-Unsubscribe header works at Gmail

Gmail supports the List-Unsubscribe functionality and calls it “auto-unsubscribe.” Gmail inserts an Unsubscribe link next to the From Address.

Screen Shot 2017-02-23 at 2.08.58 PM.png


When an email recipient clicks on “Report Spam,” a dialog box will appear that asks if they want to unsubscribe or report the email as spam. If they click unsubscribe, a notification will be delivered to the email address in the List Unsubscribe Header to stop mailing you.

List Unsubscribe Example 2.png

Is this article helpful ?


Barracuda Spam Firewall


Advanced Threat Protection

The Barracuda Email Security Service includes a rich set of inbound and outbound email filtering policy options, including anti-spam, antivirus, rate control, IP policies, sender reputation and more.  The optional Cloud Protection Layer feature of the Barracuda Email Security Gateway is an additional layer of cloud-based protection that blocks threats before they reach your network, prevents phishing and zero day attacks, and provides email continuity. Once email passes through the Cloud Protection Layer, the Barracuda Email Security Gateway filters email according to the more granular policies, further recipient verification, quarantining, and other features you configure on the appliance or virtual machine. In addition, you can opt to subscribe to the Barracuda Advanced Threat Detection (ATD) service. ATD is a cloud-based virus scanning service that applies to inbound messages, analyzing email attachments in a separate, secured cloud environment to detect new threats and determine whether to block such messages.


See Cloud Protection Layer and Advanced Threat Detection Configuration for details.


How Spam Scoring Works

All spam messages have an "intent" - to get a user to reply to an email, to visit a web site or to call a phone number. Intent analysis involves researching email addresses, web links (URLs) and phone numbers embedded in email messages to determine whether they are associated with legitimate entities.  Phishing emails are examples of Intent.

Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies the following forms of Intent Analysis to inbound mail, including real-time and multi-level intent analysis.

  • Intent Analysis Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central. 
  • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
  • Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.


Intent Analysis can be enabled or disabled on the INBOUND SETTINGS > Anti-Phishing page. Domains found in the body of email messages can also be blocked based on or exempt from Intent Analysis on that page.


Additional Resources

SMTP Error Codes

Understanding Link Protection - Understanding Link Protection | Barracuda Campus

How Spam Scoring Works:



Is this article helpful ?


Navigate to your Domain Management page and chose the domain you are setting up the subdomain for to begin.

Once you are in the management page for the domain you chose Add Record, see image below.


Add record.png





















At this point you start to build your subdomain.  You will be adding a record in three sections: A Record, MX Record and TXT Record.











Below is an example of adding the MX record for the subdomain. 




The section titled HOST: is the section that is designating your subdomain.

In the example below I am setting up a subdomain for KIERSTIESPARZA.COM.  I am setting up


In the HOST: section I enter “example” for the subdomain. The Points To: record will be provided by Marketo Privacy/Delivery Team.  Priority can be set to 5. 


MX Record Type

HOST: example














Once you have the MX Set up follow the same process for the TXT




TXT Record Type

HOST: example

POINTS TO: "v=spf1 ~all"


















The final record to set up is the A record.




A Record Type

HOST: example

POINTS TO: (this will be the dedicated IP that you have been assigned)










Is this article helpful ?


Are you frustrated by an SPF record that is not valid?



One of the most common reason an SPF record will break is because it is including too many mechanisms.

Are you looking for a quick win to make sure your SPF record is valid? 


Don't use the mechanism but instead use the mechanism.

This reduces the number of look up mechanisms being included from 8 to 2! 


And using approves Gmail IP's which does open your domain up for spoofing across the Gmail network.



The Salesforce Help article also makes this recommendation:


Reach out to Marketo Support if this doesn't solve your SPF anguish.  There are SPF experts at Marketo at Marketo who can get you on a path of Validation.



Is this article helpful ?


Proofpoint Spam Detection performs two analyses:

Connection Level Analysis Connection management features in Proofpoint Enterprise Protection test multiple connection-level data points including DNS, MX record verification, SPF, recipient verification, and reputation data. Proofpoint constantly monitors SMTP connections at the IP address level, looking for suspect or malicious activity. Based on this analysis, SMTP rate control is used to automatically block or throttle malicious connections.


Proofpoint performs Contextual, Lexical and Image-based Analysis of content and context of messages using structural tests, English and foreign language content inspection, malicious (spyware/phishing/pharming) URL detection, phishing attacks, image analysis, reputation analysis and any custom policies administrators have defined.


An add-on enhancement to ProofPoint's filtering is their URL Defense program.  If an email admin has enabled this program Proofpoint will re-write all URLs in an email with their own unique link.   [URL Defense FAQ's - Powered by Proofpoint Essentials]


How can you confirm if a URL has been re-written?


What happens when a user clicks on a re-written URL?

The user is redirected to the Proofpoint URL Defense service where the URL and website is analyzed.

    • If the URL is considered bad: The user will be shown a page informing them "The website has Been Blocked!".
    • If the URL is considered good: The user will be re-directed to the website.


Is there a noticeable delay when a user clicks on a defended URL?

    • No. Defended URLs are checked real-time to ensure that the latest status determines it to be safe.


How long will defended URLs continue to work?

    • Defended URLs will not expire. They will continue to function indefinitely.
    • If the redirection services is not available (i.e., we cannot verify the links reputation) we will redirect to the original link.


Will URL Defense protect a URL that is safe at one-time but becomes comprimised later?

    • Yes. Each time a URL is clicked the status of that URL is verified before the redirect is allowed.



Additional Troubleshooting:

As a sender, if you have the Email Deliverability PowerPack, you can refer to the headers to confirm if Proofpoint has flagged your mail as spam. Each mailbox provider can customize their own scoring rules but the following is the default.

0-49 is clean

50-94 is quarantined

95+ is discarded


Market share:

Proofpoint's secure email gateway is used by 4,000+ customers and 53% of the F100 and ~30% of the Fortune 1000.

Is this article helpful ?


When you add the Email Invalid Cause to display as a Column to any of your Deliverability Smartlists, you will see a code value*, and potentially a suffix as well, to help you understand the reason for a Hard Bounce.  Soft Bounce reasons can't be viewed through a Smart List report, only one at a time in a lead's activity log.


  • Codes in the 400 range are generally Soft Bounces
  • Codes in the 500 range are generally Hard Bounces


*Mail server administrators can create custom messages that accompany bounce codes

Traditional Bounce Codes




Mail accepted by receiving network


<domain> Service not available, closing transmission channel


Requested mail action not taken: mailbox unavailable (e.g., mailbox busy)


Requested action aborted: error in processing


Requested action not taken: insufficient system storage


The server could not recognize the command due to a syntax error.


A syntax error was encountered in command arguments.


This command is not implemented.


The server has encountered a bad sequence of commands.


A command parameter is not implemented.


User’s mailbox was unavailable (such as not found)


The recipient is not local to the server.


The action was aborted due to exceeded storage allocation.


The command was aborted because the mailbox name is invalid.


The transaction failed for some unstated reason.

Is this article helpful ?


Enhanced Bounce Codes

If a suffix appears after one of the codes above, it is an enhanced Bounce code

*Mail server administrators can crate custom messages that accompany bounce codes




Address does not exist


Other address status


Bad destination mailbox address


Bad destination system address


Bad destination mailbox address syntax


Destination mailbox address ambiguous


Destination mailbox address valid


Mailbox has moved


Bad sender’s mailbox address syntax


Bad sender’s system address


Other or undefined mailbox status


Mailbox disabled, not accepting messages


Mailbox full


Message length exceeds administrative limit.


Mailing list expansion problem


Other or undefined mail system status


Mail system full


System not accepting network messages


System not capable of selected features


Message too big for system


Other or undefined network or routing status


No answer from host


Bad connection


Routing server failure


Unable to route


Network congestion


Routing loop detected


Delivery time expired


Other or undefined protocol status


Invalid command


Syntax error


Too many recipients


Invalid command arguments


Wrong protocol version


Other or undefined media error


Media not supported


Conversion required and prohibited


Conversion required but not supported


Conversion with loss performed


Conversion failed


Other or undefined security status


Delivery not authorized, message refused


Mailing list expansion prohibited


Security conversion required but not possible


Security features not supported


Cryptographic failure


Cryptographic algorithm not supported


Message integrity failure


Gmail has started labeling mail that is sent without encryption with a broken lock icon lock.png.



Email encryption in transit (TLS)

Gmail supports encryption in transit using Transport Layer Security (TLS), and will automatically encrypt your incoming and outgoing emails if it can. Some other email services don't support TLS, and therefore messages exchanged with these services will not be TLS encrypted.

In Gmail on your computer, you can check that a message you’ve received was sent over TLS by clicking the small down arrow at the top-left of the email and reading the message details.

If you see a red open padlock iconlock.pngon a message you’ve received, or on one you're about to send, it means that the message may not be encrypted.


It is understood that Google is likely giving some preferential deliverability scoring to emails sent through encryption.


Good News.  Marketo implemented Opportunistic TLS in the middle of 2015 so we are ahead of the ball!



Example of mail sent without encryption



Example of mail sent with encryption


Is this article helpful ?