Overview & FAQ: Secured Domains for Tracking Links

Document created by Steven Vanderberg Employee on May 7, 2018Last modified by Matt Pergram on Apr 4, 2019
Version 6Show Document
  • View in full screen mode

Every link you include in your Marketo emails will have a tracking code automatically appended when sent. For those in highly regulated industries, your company may require that you securely encrypt the Marketo tracking links. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.


Setting Up Secured Domains for Tracking Links instructions - Setting Up Secured Domains for Tracking Links


Do I NEED Secured Domains for Tracking Links?

Secured Domains for Tracking Links ensures that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which more and more companies are choosing to enforce that tells the browser all subsequent requests for resources on that domain to be loaded through HTTPS. Securing your tracking links has additional benefits some companies find valuable:

- HTTPS is displayed instead of HTTP when hovering over the link within the email (for those provisioned post- Apr 15, 2019 - please open a support case if you're unsure or want HTTPS display enabled)

- It prevents the browser from temporarily displaying a "Not Secure" warning instead of the Lock icon (to the left of the address bar) while redirecting to your landing page

- Secured links may help improve deliverability, as that is a ranking factor in their algorithms.


If you have HSTS implemented on your top-level domains or sub-domains, you WILL NEED Secured Domains for Tracking Links.

Additional information on HSTS and how to check if your company has it implemented can be found here: SSL: The HSTS policy and your Marketo subdomains


Other Helpful FAQs

How many domains can I secure with the Secured Domains for Tracking Links?

Each Secured Domains for Tracking Links covers up to 2 tracking links domains. Contact your Marketo Customer Success Manager for scoping/pricing/quote. Each Domain can have up to 40 sub-domains/CNAMEs.


How is the Secured Domains for Tracking Links product different than the Secured Page Services, SSL for Tracking Links service?

Unlike the older Secured Page Services, SSL for Tracking Links service, the newer Secured Domains for Tracking Links product generates and manages all certificates needed for secured tracking links. This eliminates the need for you to share certificates and private keys with Marketo, making it a more secure process. And, because Marketo automatically renews the certificate, you no longer risk missing it's expiration date and having a lapse in your end-users' experience.


What setup/configuration is required before securing my Marketo Tracking Links?

You must configure your CNAMES for Email Tracking links. More information here: https://nation.marketo.com/docs/DOC-1103-brand-your-tracking-links


Can I secure my tracking links without securing my Marketo landing pages?

In most cases, if you have implemented HSTS at your site, you will need both secured landing pages and secured tracking links.


Do I need to provide a TLS/SSL Certificate?

Marketo’s new Secured Domains products manage all aspects of procuring, managing and renewing certificates for you. You do not provide the certificates with Marketo's Secured Domains products.


What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product?

The certificates are authored by DigiCert.


What type of certificate is provided?

We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.


Will my domains be on a shared SSL certificate with other companies?

As part of our Secured Domains products, each of your fully qualified domain names will get its own certificate. That means you will not be on a shared certificate with other companies.


Can I provide my own SSL certificate(s) to secure my domains?

We do not recommend providing your own certificates with the Secured Domains products. Marketo can automatically renew only the certificates we generate to secure your landing pages or landing pages + tracking links. Unless your company/industry regulations require you to procure your own (common ones are finance, government, healthcare, or

1 person found this helpful