Skip navigation
All Places > Support > Blog
1 2 3 4 5 Previous Next


67 posts

Cloudmark is a secure email gateway that uses fingerprinting technology to block spam.  Cloudmark has a broad footprint of networks who leverage their technology including:  small and international ISPs, mobile operators, hosting providers and registrars in 165 countries. Customers include EarthLink, Comcast, Cablevision, Time Warner, AT&T, Virgin Mobile, Sprint, British Telecom, Swisscom, Antel, QQ,, WebCentral and many others.  There are more than 1.5 billion mailboxes that may be impacted by Cloudmark filtering globally.


All messages seen by Cloudmark are fingerprinted, and then are deemed 'spammy' or 'legit' based on feedback from the network.  There are three main components of the filtering technology:

  1. Global Threat Network a reputation network made up of ISP abuse teams, system administrators, webmail end-users, desktop users and honeypot spam trap networks.
  2. Advanced Message Fingerprinting real-time algorithms that create fingerprints, or hashes, of various components of an email header, body and other characteristics.
  3. Cloudmark Services and Trust Evaluation System – a complex and highly dynamic system that collects, analyzes and classifies fingerprints received through its Global Threat Network.


The primary drivers of spammy fingerprinting include hitting spam traps or generating spam complaints within the network.  Practices that are likely contributors to spammy fingerprint dispositions include:

  • Mailing to third-party sourced leads (acquired through list rental/purchase/append)
  • Mailing to inactive users
  • Distributing content across large numbers of IPs and providers
  • Affiliate programs that abuse your content or domain


If you feel that you are being impacted by the Cloudmark blacklist please reach out to Support or follow some of our standard recommendations:


Blacklist Remediation (comprehensive)

Simple Blacklist Remediation

Successful Reconfirmation

A Creative Re-Engagement Email Campaign


Thank you Carmi Lopez-Jones for helping craft this post!


Is this article helpful ?



Identifying Unsuccessful Email Addresses

Identifying email addresses with recurring technical failures enables you to update these leads as Marketing Suspended is TRUE in your database.


If there are recurring failures over time, it is likely that email will never deliver to those addresses. Mailing to these can be risky because domains that have expired are sometimes turned into spamtraps. A send to a spamtrap can have different kinds of impact from individual content being fingerprinted and blocked by filtering systems or the sending infrastructure being blocked.

We suggest creating a Folder in Lead Database to house your Deliverability SmartLists.  From there you can either import our Deliverability Program or you can create your own SmartLists to monitor for recurring bounces.



Option 1: Import Marketo’s Deliverability Program


You will need to create a field within your subscription called “marketingSuspendedReason” using the instructions here.


For “Type” Select “String” and for “Name” enter “Marketing Suspended Reason”.  This will automatically fill in the “API Name” field:



Once your custom field is created, you are ready to import our program.  To do so, follow the instructions here.  For “Subscription” pick “Marketo Program Library” and for “Import Program” select “OP-Email Deliverability”:



For “Campaign Folder”, we recommend “Data Management” but you can select any folder that makes the most sense for you and your business needs.



Option 2: Creating your own SmartLists


Smartlist: Chronically Bouncing Addresses

You’ll need to use Advanced filtering: 1 and 2

  1. Email Bounced Soft filter (I don't recommend setting Hard Bounces invalid manually, Marketo already sets Invalid Addresses invalid and they are not mailed again.  Other Hard Bounces include Spam Blocks and I encourage you to retry mailing to those addresses in subsequent campaigns.)
    1. Constraint – Time:
      1. Set time constraint to reflect the SAME range of time depending on your email frequency.
      2. You will have wanted to have sent more than two or three emails to the leads you are reviewing to determine if the technical bounce issues are chronic.
      3. A three month window is a good standard window of time to review in this situation if you are sending at least monthly
    2. Constraint – Minimum number of times: Three (variable depending on your campaign frequency)
  2. Was Not Delivered Email Smart List filter
    1. Constraint – Time:
      1. Set time constraint to reflect the SAME range of time depending on your email frequency.
      2. You will have wanted to have sent more than two or three emails to the leads you are reviewing to determine if the technical bounce issues are chronic.
      3. A three-month window is a good standard window of time to review in this situation if you are sending at least monthly

Screen Shot 2016-08-24 at 4.35.41 PM.png

Identifying Chronic Non-Responders/Unengaged

Identify chronic non-responders or those unengaged with your email marketing to:

  • Target for a re-engagement program
  • Changes status to Marketing Suspended to remove them from active campaigns

Screen Shot 2017-02-14 at 10.05.58 PM.png

Identify Chronic Non-Responders

  1. Email Delivered:
    1. Constraint – Time:
      1. Choose the emails in the series you are querying or set time constraint to reflect a set range of time depending on your email frequency, 6 and 12 months are common windows of time people use for this.


  1. Not Opened Email inactivity filter is any.
    1. Constraint – Time:
      1. Choose the emails in the series you are querying or set time constraint to reflect a set range of time depending on your email frequency, 6 and 12 months are common windows of time people use for this.
    2. Constraint – Min. Number of Time:
      1. Choose the number of emails sent in that time period you are evaluating to account for multiple delivered emails with no opens/clicks.  This can be a predetermined threshold, ie:  5 emails in 6 months for a monthly sender, or 8 emails in 2 weeks for a daily sender, or the actual number of emails sent within that time period.  (You may need to review an Email Performance report ahead of time to get that number of emails sent in the specified time period in advance.)
  2. Not Clicked Link inactivity filter is any.
    1. Constraint – Time:
      1. Choose the emails in the series you are querying or set time constraint to reflect a set range of time depending on your email frequency, 6 and 12 months are common windows of time people use for this.
    2. Constraint – Min. Number of Time:
      1. Choose the number of emails sent in that time period you are evaluating to account for multiple delivered emails with no opens/clicks.  This can be a predetermined threshold, ie:  5 emails in 6 months for a monthly sender, or 8 emails in 2 weeks for a daily sender, or the actual number of emails sent within that time period.  (You may need to review an Email Performance report ahead of time to get that number of emails sent in the specified time period in advance.)
  3. Add any other brand engagement if desired: Are you tracking other engagement with your business such as webinar attendance, whitepaper downloads, etc.
    1. Constraint – Time:
      1. Choose the emails in the series you are querying or set time constraint to reflect a set range of time depending on your email frequency, 6 and 12 months are common windows of time people use for this.
    2. Constraint – Min. Number of Time:
      1. Choose the number of emails sent in that time period you are evaluating to account for multiple delivered emails with no opens/clicks.  This can be a predetermined threshold, ie:  5 emails in 6 months for a monthly sender, or 8 emails in 2 weeks for a daily sender, or the actual number of emails sent within that time period.   (You may need to review an Email Performance report ahead of time to get that number of emails sent in the specified time period in advance.)


Reviewing Specific Bounce Types

You would first create Smartlists by Bounce Type, and then use these Smartlists as filters within the Email Performance Report in the Analytics section.

  • Hard Bounces
    • Category 1 – spam block (Email Suspended=true (for 24 hours))
    • Category 2 –email invalid (Email Invalid=true)


  • Soft Bounces
    • Category 3 – Soft Bounce (Mailbox Full, Timeout, Soft Bounce, Generic Bounce)
    • Category 4 – Technical Soft Bounce (Transient Failure, Admin Failure, DNS Failure, Too Large)
    • Category 9 – Unknown (Undetermined)


Smart Lists: Bounce Types

Create a SmartList for each of the major types of Bounces:

  • Hard Bounces – Spam Block
    • Filter: Email Bounced (set constraints as needed, by time range or by email)
    • Constraint: Category is 1

Screen Shot 2017-02-09 at 12.29.50 PM.png

Example of hard bounce, spam block bounce type

  • Hard Bounces – Email Invalid
    • Filter: Email Bounced (set constraints as needed, by time range or by email)
    • Constraint: Category is 2

Screen Shot 2017-02-09 at 12.29.58 PM.png

Example of hard bounce, email invalid bounce type

  • Soft Bounces – Mailbox full, other technical issues
    • Filter: Email Bounced Soft (set constraints as needed, by time range or by email)
    • Constraint: Category is 3

Screen Shot 2017-02-09 at 12.27.53 PM.png

  • Soft Bounces – Technical
    • Filter: Email Bounced Soft (set constraints as needed, by time range or by email)
    • Constraint: Category is 4

Screen Shot 2017-02-09 at 12.28.04 PM.png

Email Performance Report

In the Analytics section, you would add Filter this report by any of the four Smartlists above:



Retargeting Failed Addresses

To troubleshoot a delivery situation where email addresses bounced for temporary reasons, create a Smart List that looks specifically at bounces. This will capture the addresses that are likely deliverable, but ran into temporary delivery issues. The Smart List will pull addresses that bounced due to being invalid, but those addresses will not be mailed to in a follow up campaign.


Retargeting Failed Addresses

  1. Email Bounced (set constraints as needed, by time range or by email)
  2. Email Soft Bounced (set constraints as needed, by time range or by email)


Query for leads with failed addresses

Cracking the Inbox Code: Google


It can be challenging to consistently achieve inbox delivery at Gmail and Google Apps.  One reason is that Gmail has very complicated filtering strategy, which learns from and classifies hundreds of items within a message to detect and prevent spam.  They are machine learning-based and measure hundreds of things about incoming mail. The filters are continually adapting to spam threats and updating how they treat specific mail.


The impact of this approach is that filtering is far from static.  What passes to the inbox now, may fail in short order.


We’ve put together a bit of intel about Gmail filters to support senders in ensuring their programs are in tip-top shape to achieve inbox placement at Gmail/GoogleApps.


Google’s spam filters

  • Google’s leverages a content scan to determine if message is bulk/mass marketing.
  • The filters also recognize when an email is attempting to collect sensitive recipient information.  This will trigger “potential phishing message” notification and will also flag the mail as spam.
  • Gmail spam filtering is very user feedback-driven.  Subscribers train the filter when they click on “This is Spam” or “This is Not Spam.”
    • Low complaints and high “this is not spam” rates = positive engagement
  • Adapts to spam threats through machine learning and constantly updates filtering protocol.
  • GoogleApps Spam Filter:  In 2007, Google acquired Postini a security company focused on email.  In 2012 they started shifting customers away from the Postini anti-spam filter and towards GoogleApps.
  • Further, GoogleApps hosted email solution for businesses has rapidly earned marketshare, so most B2B senders are significantly impacted by delivery failures to this domain.
  • On the bright side, Google rarely rejects mail outright (though throttling is common during IP warming).  Most often, Google will deliver questionable mail to the spam folder.  The challenge is that it’s fairly difficult to navigate to the spam folder and with priority inbox, there are even more mechanisms to sort through mail, which may negate the subscribers willingness to search for mail in their spam folders.


  • Follow best practices for opt-in (confirmed opt-in is always best).
  • Set clear expectations regarding the type and frequency of the email you will send and honor the commitment.


  • Authenticate using SPF and DKIM (strongly encouraged) and publish your practices with DMARC.
  • Gmail considers transactional mail to be the most important mail they deliver.  Therefore, you should us separate IPs, subdomains, and sending addresses that are used for other email streams.  Don’t combine with promotional mail.
  • Set up a branded envelope from. (Available through Marketo, contact your CSM.)
  • Employ the list unsubscribe header.  Think of it as a poor man’s feedback loop at Gmail.  If you have a strong reputation at Gmail, this functions as a mechanism to return an unsubscribe request to you when your subscribers mark your message as spam. (Marketo uses the List Unsubscribe Header)


  • Ensure Your Links Aren't on a Blacklist or Inactive If your message is marked as suspected phishing mail, check to see if any of your URIs are on URL/domain based blacklists like URIBL, SURBL and SpamHaus DBL.  Ensure all URLs within your content are active and resolve as expected.
  • The presence of blacklisted and/or inactive URLs in your content will negatively affect your reputation with GoogleApps and your inbox placement. This includes third-party URLs like etc.
  • Manage engagement – monitor recipient activity and re-engage or remove inactives.  Contacts who never open your messages could become a liability for you if they start to file abuse complaints , which would ultimately impact your active recipients too. As a general rule, contacts with no activity for more than six months should be removed from your list or moved into a special “reactivation” messaging track designed to try to re-engage them one last time before dropping them from your list.
  • Encourage engagement.
    • Ask your recipients to mark your messages as “not spam.” This will alert Gmail that your recipients want to receive your messages, help your overall engagement with Gmail and improve delivery to the inbox.
  • Invite contacts to add your sending “From” address to their Gmail address book.
    • Ask your recipients to click Gmail’s yellow priority inbox icon and have them “mark as important.” This will ensure your mailings take the highest priority in your recipient’s inbox and are always listed as “important.”


  • Relevance!  Send only targeted, relevant email to keep subscribers engaged.
  • Implement behavioral marketing best practices to increase message relevance and boost opens and clicks.  Sending emails triggered by a person’s behaviors, preferences or demographics is one of the best ways to ensure a positive customer experience and increase recipient interaction with your messages.
  • Subject Lines:  Keywords and symbols in your subject line can trigger the GoogleApps filter. Avoid the use of the prefix “ADV:” (for advertisement), dollar signs or multiple exclamation points.
  • Avoid Certain Number Patterns:  GoogleApps has a filtering function that matches number patterns and/or sequences that look like credit card or Social Security numbers. They consider this an indication that the mail is a potential phishing message and it will result in a block of your messages. The following are examples of the patterns that will trigger the filter:
    • 16 digit number patterns (credit card):
      • n nnnn nnnn nnnn nnnn
      • nnn-nnnn-nnnn-nnnn
      • nnnn nnnn-nnnn nnnn
      • nnnnnnnnnnnnnnnn
    • 9 digit number sequences (Social Security) – these digits can be separated by spaces dashed or periods:
      • nnn-nn-nnnn
      • nnn nn nnnn
      • nnn.nn.nnnn
      • nnn-nn nnnn
  • Remind recipients to click on the “Always display images from this address” button. This enables your recipients to see your HMTL emails as they were intended and also goes toward positive recipient engagement – especially important given how critical your images are to your message.
  • Create Gmail-specific campaigns with subject lines and a targeted call to action for Gmail users.
  • Avoid URL shorteners.  As noted earlier, URL reputations have a significant weight on Google’s filtering, and URL shorteners have been abused by spammers to deliver malicious email, such that many of the URL shortener domains are permanently blacklisted or blocked.

Additional Resources

Gmail’s Bulk Sender Guidelines

Troubleshooting for bulk email senders

Bulk Sender's Contact Form

The Learning Behind Gmail's Priority Inbox

Why am I seeing "via" in the From line?

Google Product Forum - Mail server blocked by gmail as a bulk sender

15 Email Deliverability Best Practices for Gmail


Special thank you to Carmi Lopez-Jones for helping draft this blog post!


Is this article helpful ?


It is possible to have multiple landing page domains set up within Marketo - Add Additional Landing Page CNAMEs - Marketo Docs - Product Docs

Is this article helpful ?


I get lots of questions about how to manage changes to the links used within email.  This can happen with a business name changes, a business acquisition or just a rebranding process.

When customers change out the branding on a tracking link or a landing page this means setting up a new subdomain and pointing their domain to the Marketo CNAME. 

I recommend is setting up the CNAME on the new domain and leaving the same CNAME in place for the old domain for at least 3-6 months.  This ensures that any older links that may be activated will continue to work as your recipients may dig up an old email to review content.


Happy Sending!


Additional Resources about Landing Pages (Personalization) - Marketo Docs - Product Docs

image2015-1-6 13_52_6.png

Recently my team was managing a customer escalation about an unexpected and suspicious spike in click activity in email.  The customer observed all the links within an email activated immediately after delivery.  This is a known issue with filters like Barracuda. The email is accepted and if the message is deemed suspicious, it is subjected to higher scrutiny and the links are validation ‘tested’ to ensure they are not malicious. We have seen a slight increase in this activity since the beginning of the year but in most cases we can mitigate the behavior by focusing on improving the reputation of the sender.


"At issue is a part of the Barracuda email filter call the intent filter. There are 3 different modules to this filter.

Intent Analysis – Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.

    • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
    • Multilevel Intent Analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.


According to Barracuda support it is the Multilevel Intent Analysis module responsible for clicks on links." [Barracuda filters clicking all links - Word to the Wise]


Often in these cases the bounces returned from other undelivered email show evidence of content filtering by other networks also, which may indicate there's something going on with the content that's making it look suspicious. In addition we always coach customers to avoid the usage of any URL shorteners also. If there are any in your content, that may prove problematic.


How to Manage This Behavior?

One of the ways we suggest mitigating this behavior if it is problematic is to consider set up a “stealth” link, that human readers won’t see or click on but that parsing software might. Clicks on that link, that is unseen by human eyes, are a sign that the click was not done by the intended recipient. It would allow you to create program rules around the behavior so as to mitigate skew in the click rates.


I also suggest reviewing your own email sending reputation to understand if your own reputation is triggering this activity.  Are you managing your in-active addresses and removing those from your email program over time?  Do you have a process to remove recurring Soft Bounces after successive unsuccessful delivery attempts?  These two processes are often the first place my team starts when working with customers to improve their sending reputation.  Taking these two actions will improve your reputation over time and you will be less likely to trigger enhanced content filtering if you maintain a pristine sending reputation.


Here is a great series of Community Resources to help you understand and manage your email sending reputation:


Also, here's a link to an article by a well known deliverability expert on this topic from a couple of years ago but is still relevant:

Is this article helpful ?


The Email Deliverability and Privacy Team always stresses the importance of a strong sending reputation. By keeping an eye on your engagement (opens, clicks, etc.) and reputation (spam complaints, spam traps, unknown users, etc.) metrics you’ll get a good picture of how your emails are being received by subscribers.

But if you’re looking for another measure of your reputation you can take advantage of a handful of resources that will let you know where you stand.  Here are 4 sites that will help you check sending reputation:

Like a credit score, a Sender Score is a measure of your reputation. Scores are calculated from 0 to 100. The higher your score, the better your reputation and the higher your email deliverability rate. Numbers are calculated on a rolling 30-day average and illustrate where your IP address ranks against other IP addresses. This service is provided by Return Path and provides reputation from primarily a B2C perspective.

Senderbase, newly rebranded as Talos Intelligence, is a product of Cisco and provides you with the tools to check your reputation by ranking you as Good, Neutral, or Poor. Good means there is little or no threat activity. Neutral means your IP address or domain is within acceptable parameters, but may still be filtered or blocked. Poor means there is a problematic level of threat activity and you are likely to be filtered or blocked.



WatchGuard’s ReputationAuthority helps protect business and government organizations from unwanted email and web traffic that contain spam, malware, spyware, malicious code, and phishing attacks. You can look up your IP address or domain, receive a reputation score from 0-100, and get the percentage of emails that were good versus bad.


Google Postmaster Tools

Google's Postmaster Tools can help you understand your domain's reputation when sending mail to Google domains, both Gmail and Google Apps.  More information on how to set this up can be found here Understand your Gmail reputation using their Postmaster Tools.



Smart Network Data Service (SNDS) can give a sender data about the traffic seen originating from the IPs they are mailing from, such as mail volume and complaint rates.  Because Marketo would need to grant specific senders access to view SNDS data for the IPs they mail from, this is only eligible to customers sending from dedicated IPs.  More information on how to set this up can be found here Microsoft SNDS Instructions .


Is this article helpful ?


Flows can have choices. Those choices are numbered. But what if you want to know what choice a lead was affected by??

You can open the activity log for a lead and find the activity in question. It shows the choice number. Great, right!?!?!



Nope. The choice number does not reflect the actual choice number that the lead was affected by. As you can see in the image above, it shows Choice 0.

Where is choice 0??

FlowStepChoiceSnap.JPGI had a case that was exactly that and I banged my head repeatedly trying to figure out why a lead was removed from the flow when the choice number the activity log was showing should not have disqualified the lead.


So, I created a Smart Campaign with a “Remove from Flow” flow step and 2 choices plus the default. What I found when my test lead went through the campaign was that the 1st choice, labeled Choice #1 in the flow step, actually was referenced as Choice 0 in the activity log. See the image above.

Weird right?

For sure, until I thought back to some of my basic programming classes in college. This was looking the same way an Array works. In an Array, the first entry is listed as 0, so when you want to pull information from an array and want the 1st record, it is referenced as 0, instead of 1. This is called the index number and always starts with 0.

For more information on arrays, visit W3Schools JavaScript Arrays page which gives an overview of arrays in JavaScript.


So, if you are wanting to know which choice a lead was affected by, keep in mind that the choice number listed when you pull the details of an activity log entry is -1 of the choice number in the flow step.

Is this article helpful ?


Set Up Google's Postmaster Tools

If you send a large volume of emails to Gmail users, you can use Postmaster Tools to see:


Postmaster Tools -



Customers are able to leverage Google's postmaster tools by setting up a TXT record for their From Address domain.

Does not require a dedicated IP and does not require Marketo to set up DNS for the customer.

Is this article helpful ?


Recently, I've had a number of cases caused by customers getting themselves tangled up in Smart List filter logic, so I thought I would do a blog post on how AND/OR logic works in Marketo.


It's not surprising that people would be confused, because "and" and "or" are used differently in English than they are in filter logic.  For instance, if I say "Don't go to the liquor store or the casino," I mean that I don't want you to go to the liquor and I don't want you to go to the casino.  I want you to stay away from both of them or you will be in trouble.  However, if I say that to Marketo, the OR logic works like this


IF Not Went to Liquor Store = True (whether or not you went to the casino), THEN Not in trouble

- OR -

IF Not Went to Casino = True (whether or not you went to the liquor store), THEN Not in trouble


AND logic works differently in English as well.  If I say "People who do yoga and people who lift weights are physically fit," I mean that people who do either activity are physically fit.  However, Smart List logic interprets AND this way


IF Does Yoga = True AND Lifts Weights = True, THEN Physically Fit.


With the AND logic, only people who do both yoga and weight-lifting are physically fit.


So, counter-intuitive as it may sound, in Smart List logic, we use AND to exclude people, and we use OR to include people.  To illustrate this, let's pretend I want to start a club.  The traits I want in my club members are


  • Red hair
  • Green eyes
  • Female


If I use AND logic (also known as ALL logic), then the only people who can join my club are people who are women AND have red hair AND green eyes.


Since there aren't that many red-haired, green-eyed women, my club is pretty exclusive.


But let's say that I want more people in my club, so I change my logic from AND/ALL to OR/ANY.  Now my membership includes


  • All women regardless of hair or eye color
  • All green-eyed men, regardless of hair color
  • All red-haired men, regardless of eye color


With ANY/OR logic, my club has a lot more people in it. 




Maybe that's too many people.  AND/ALL logic gave me too few people, OR/ANY logic gave me too many.  Advanced logic gives me the ability come down somewhere in between.  In this case, let's make the club ladies only.  Since I want to exclude the guys (sorry guys!) I am going to use AND logic with the gender requirement, but since I want flexibility on hair and eye color, I will use OR logic there.


My filters would be


#1 - Gender is Female

#2 - Hair Color is Red

#3 - Eye Color is Green


and my advanced logic would be: 1 AND (2 OR 3).  My resulting club members are all women who have either red hair or green eyes, or both.


I use OR to include women based on hair and eye color, but I use AND logic to exclude people whose gender is not female.


So if you are working on a Smart List and it seems to be pulling in too many leads, check the OR logic you are using.  If you don't have enough leads, check the AND logic, and adjust accordingly.

Is this article helpful ?


If you are experiencing email delivery issues to AOL, chances are you need to improve your sending reputation. The best way to ensure you have a good reputation is to send timely and relevant email to an active and engaged audience. The following are some suggested best practices for sending mail to AOL. While each of these best practices should help improve your sender reputation, they do not guarantee whitelisting or email delivery.


  • Ensure that you are only sending mail to users who specifically requested it. It is not advisable to purchase mailing lists or subscribe users by having an opt-in checkbox automatically checked on your website.
  • It is preferable to have a double/confirmed opt-in process. When users subscribe to your mailing list, send them an email asking them to click to confirm their opt-in. This will reduce the number of people who sign up from fake email addresses.
  • When users subscribe for your mailing list, tell them what mail to expect, how often to expect it, and what it will look like. Set recipient expectations clearly.

Authenticate with Domain Keys Identified Mail (DKIM). This will provide you with a consistent reputation across your domain, regardless of what IPs you send mail from.  Work with Marketo Support to set this Authentication up.

Address Book

Send your email from a consistent email address and advise your users to add that address to their address books. Mail sent to users with your address in their address book will be delivered to the inbox with images and links enabled.

Database Management

AOL is sensitive to engagement by your recipients.  Are you reviewing and removing address in your database that have not engaged with your email in 6 months to year? If not you may want to leverage the following Smart List example to review and then remove your inactive recipients.


Identifying Chronic Non-Responders/Unengaged

Identify chronic non-responders or those unengaged with your email marketing to:

  • Target for a re-engagement program
  • Changes status to Marketing Suspended to remove them from active campaigns



Easy Unsubscribe
  • Provide an obvious and visible unsubscribe process in your mail.  Add this to the top of your email as well as in the footer.
  • Make it easy for users to unsubscribe from your mailing list.
  • Ensure the unsubscribe process is easy to use, such as a one-click unsubscribe web page.
  • Users should not have to log into a website in order to unsubscribe.
  • Process unsubscribes immediately.
Invalid Recipients

A high number of invalid recipients will harm your reputation. You can reduce the number of invalid recipients on your list by using double/confirmed opt-in. You will always have some invalids due to people changing email addresses, but the lower the number, the better your reputation. Marketo removes invalid recipients from your list immediately after the first bounce.


Brand your mail so that recipients can quickly identify it and won't mistake it as spam. Make sure the from address of your mail clearly identifies who it is from. Also, include your brand in the subject line. Even if users want your mail, they may not recognize it right away. Subject lines like "Your daily newsletter from 'Company'" or "Your monthly 'product' update" help the user identify mail they want. Even if you have a confirmed opt-in list, users may not recognize mail as being from you with a subject line like "Buy two, get the 3rd one FREE!!!" and may report it as spam.

For more sender best practices, read the Messaging Anti-Abuse Working Group's Senders Best Communications Practices Version 3.0 (Adobe Acrobat/PDF).

Is this article helpful ?


Wikipedia defines SPF as follows: 


Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.[1] The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques.


Again, this is a very nice technical explanation but what does it mean?  I think of it as being something like the security that many companies maintain at their front desk, so the scenario would go something like this.


A delivery person dressed in a Marketo uniform walks up to the front desk of your lead's company (email server), and says to the person at the desk (who in our analogy would be the email security software), "Hi, I'm here to deliver email from to"


The front desk/email security person looks up and notices the uniform says Marketo, not Yourcompany.  Depending on their security settings, they might just assume this is okay and buzz Marketo in to make the delivery.  However, if they are security-conscious, they are going to want proof that Marketo isn't trying to trick them with a phony delivery (spoofing an email).  SPF gives them the ability to call back to the DNS at Yourcompany and ask, "Hey, I've got someone here from Marketo who claims to be making a delivery for you.  Is this an authorized delivery?"


If Marketo is correctly included in the SPF record, then effectively, this allows the DNS to tell them, "Yes, Marketo is authorized to make deliveries from us."


So how does this differ from DKIM?  According to Wikipedia:


DKIM allows the receiver to check that an email claimed to come from a specific domain was indeed authorized by the owner of that domain which is done using cryptographic authentication.


Verification is carried out using the signer's public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.


So if we go back to our analogy of the delivery at the front desk, it works a bit like this.  When the front desk calls the DNS to make sure the delivery is authorized, Marketo has to produce an ID badge with an authorization code on it.  The front desk/email security person reads that authorization code to the DNS which validates it against the code it has on record.  If the code matches, then the delivery is authorized.


Some email security programs require SPF, some require DKIM, and some don't require anything at all.  To be sure Marketo can always make your deliveries, you should always have both set up for each domain you use in the From: line of your emails.


Instructions for setting up SPF and DKIM can be found here.

Is this article helpful ?


There seems to be a lot of confusion about what these are and what they do, so I thought I would do a little post on it to try and clear it up.  Let's look at CNAMEs first.


CNAME is short for "canonical name" and if you look it up on Wikipedia, they define it like this:


A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the "canonical" domain.


OK, great, but what does that mean?  Here's how I picture it in my imagination.


Imagine that the internet is some sort of vast, mind-boggling library, and the DNS is a kind of reference desk for a given section defined by a domain, such as your company's domain.  So a browser walks up to the reference desk/DNS at and says, "Could you help me?  I'm looking for this resource - it says it's located in '' but I don't see a 'pages' shelf in this section." 


The DNS/reference librarian looks up '' in their directory, sees the CNAME record, and points across the way to a reference desk over in the Marketo section.  "Ah, yes," says the librarian, "go ask over in the Marketo section and they should be able to help you find the resource you are looking for."


This is true of both the landing page CNAME and the email tracking link CNAME.  The main difference between the two is that when you go over to the Marketo desk for the email tracking link, it makes a note in its log that you clicked a link in an email before it takes you to the page.


So how does setting up CNAMEs contribute to deliverability?  It has to do with unifying the information you are presenting to your customer.  If your email says "" in the From line, but all the links inside the email point to "", and those links take them to webpages on "", that doesn't look quite right.  An email security program that is on guard against spoofing might decide that email looks too sketchy to send to the inbox.  Also, the person receiving the email might have a similar reaction - "Why does the From line have a different domain than the links in the email?  Is this legit?" - and they could junk it or even report it just to be sure.  But with CNAMEs, your email has "" in the From line, the email links all say "" and the landing pages are all on "", so your company's identity is retained throughout the communication.


A common mistake I see is that people try to set up SPF and DKIM for their CNAMEs - don't do this.  SPF and DKIM should not be set up for your CNAME domains, they should be set up for any domain you intend to use after the '@' in your From and Reply-To addresses.  I'll go over SPF and DKIM and what they do in my next post.

Is this article helpful ?


It's not an uncommon case here in support - Marketo says the email was delivered, but the lead says they never got it.  What happened?


Because I love analogy here's how I think of it:


Delivering email to a server is rather like delivering regular mail to a company.  The post office doesn't come into the office and deliver the email to every individual desk, they deliver it to the mailroom and the clerks in the mailroom are responsible for getting the email to the desk or inbox of the appropriate person.  Just as the post office considers the mail delivered when it is dropped off at the mailroom and doesn't know how the mailroom handles it from there, Marketo considers an email to be delivered when it's accepted by the server and loses visibility to what happens to it from there.


So in our virtual mailroom, the clerks have instructions to sort out spam and possibly malicious email.  Depending on the instructions they have been given, they may throw some of the email away, or they may send it to the recipient but put it in the Junk/Spam folder.  Why they do so is not something the post office/Marketo can see or speak to, but we can help the the recipient's IT department start to figure it out.


What Marketo can do is provide the recipient's IT department with the timestamp, return-path, sending IP, and receiving IP from our logs. This would be like the post office providing the mailroom supervisor with the time the mail was delivered, the mail carrier who made the delivery, and the mailroom clerk who received the delivery.  Then they can go to the right mailroom clerk and ask, "What did you do with the email for so-and-so that we received on this date?", and since email servers log everything (which mailroom clerks usually do not) they can get the answer to this question.  After the IT department determines why the emails are not being delivered, we can help them make the necessary adjustments to allow the email through, usually by altering or updating their whitelist.


There's one more behavior you can sometimes get from a very security-consious email server/mailroom.  Sometimes you will look at an activity log and see that some or all of the links in the email were clicked immediately on delivery.  Obviously, people need some time to receive, open, read, and click on emails, so this insta-click looks weird, but what is causing it?  Well, some email security software packages have what is called link testing.  The email security software itself clicks on the links in the email to check for malicious sites before delivering it into the inbox.  This would be kind of like having a mailroom clerk open and check all the mail before delivering it.  In the Marketo system, clicks are clicks, whether they come from a person or from an email security bot, so this can sometimes throw off your engagement statistics.  Link testing in email security is not super-common, though, so it shouldn't be to much of an issue.  It's just good to know  what is causing this otherwise baffling behavior.

Is this article helpful ?


Frequently people ask me for clarification on the different sorts of IPs Marketo offers, and the pros and cons of each, so I thought I would write a post on it, and since I love analogies, that's what I am going to do here.


There are three kinds of IP that Marketo offers, shared, trusted, and dedicated.


Being on a shared IP is kind of like living in an apartment building.  The upside is that it costs less than living in a house, but the downside is that you can be affected by the neighbors who share a roof and walls with you.  If one neighbor throws a wild party, all the neighbors get to hear it.  If someone starts a fire in their living room, the fire department evacuates everyone from the building, no matter who started it.  Similarly, on a shared IP, if one of your neighbors hits a spam trap, then the entire IP and everyone on it suffers the consequences until the IP is delisted.  If you get sick of having to deal with your neighbors in the Shared IP Apartments, what are your options?


One option would be to move to the Trusted IP instead.  It's a shared IP range reserved for low-volumes instances with good marketing practices.  It costs the same as the shared IP, but there's a  application process to qualify and not everyone can get in.  So it's kind of like living in an apartment that does a credit and reference check before letting you in and has a very strict on-site manager who evicts people who misbehave.  The upside is, it's a nice, quiet place to live at no extra price, but on the downside, if you slip up, you may find yourself headed back to the Shared IP Apartments.


If you send more than 100,000 emails per month and you are done with "apartment living", you might want to spend the money to get your own house - a dedicated IP.  With your dedicated IP house, you don't have to worry about whether or not the person on the other side of a wall has a loud party or leaves candles unattended, because you have the whole thing to yourself.  Of course, you do have to spend a little extra on it, and if you leave a candle unattended and burn the place down, you have no one to blame but yourself.


If you are currently living in the Shared IP and want to make the make the move to Trusted, you must meet the following requirements: You must not be responsible for any spamtrap hits in the past year, you must send less than 75,000 emails per month, and you must adhere to best practices in your lead acquisition (opted-in leads and current customers, no purchased lists).  You can find the application for Trusted IP here -



Is this article helpful ?


In a previous post, I talked about troubleshooting hard bounces.  In this one, I'm going to talk a bit about soft bounces, specifically soft bounces due to throttling.


What is throttling?


Throttling is an issue that occurs primarily with the large ISPs such as AOL, Yahoo, and Hotmail.  When the ISPs are experiencing high volumes, they will throttle bulk email senders such as Marketo.  It works kind of like this:


Marketo walks up to ISP with a big basket of emails.


Marketo: Hi, I'm here to deliver these emails--


ISP: I'm busy.  Come back later.


(Two minutes later)


Marketo: Hi, I'm back to deliver these emails?


ISP: I'm busy...Fine!  I'll take this many. (Grabs a handful of email.)


Marketo: What about the rest?


ISP: Come back later.


(Four minutes later)


Marketo: Hi, I'm back to deliver these emails?


IP: I'll take this many. (Grabs a handful of email.) Come back later.


(Eight minutes later)


...The cycle repeats with the time interval doubling each time.



Marketo is pretty patient, it will keep coming back and trying to deliver for 24 hours (36 hours for AOL). While it is still attempting to get the ISP to accept delivery on the emails, the emails will show in reporting as status "Pending."  Once the 36 hours are up, Marketo will give up and bounce or soft bounce the emails as appropriate.


The challenge with throttling is that it's like weather or traffic congestion - there's not a lot you can do about it.  One strategy is to break out your sends into smaller blocks - if you think of Marketo with the basket of email, it might be better to have multiple baskets and hope that the ISP takes a handful from each one.  If you have a large number of leads on the commercial ISPs, you might even want to break each one out to a separate send.  This doesn't necessarily help with the throttling, but it does give you better visibility to possible throttling issues that may be occurring on a specific ISP.


A third strategy is to try and massage your sender reputation, to make the ISP more likely to accept your email.  To go back to my nightclub analogy, if you have a bunch of girls who want to get into the nightclub together, they usually send the cutest one of the group to go charm the doorman.  From an email perspective, you want to send to your most engaged leads first - people who are likely to open and click on your emails, improving your reputation.  The next day, you send your somewhat engaged leads, and the day after that, your least engaged leads.


If you're seeing persistent throttling, evidenced by high rates of pending mail and subsequent 'soft bounces' once the retry window is over, please reach out to support.  Our deliverability team may be able to mediate on your behalf with the mailbox provider.


If you are in the B2B space and don't deal much with the large consumer ISPs, the chances are that throttling won't have a big impact on your deliverability.  In the B2C space, however, throttling can definitely step on your overall email performance.  Setting up reporting to keep an eye on your emails and trying different strategies to mitigate the effect can be an important part of your email marketing practice.



Is this article helpful ?