Overview & FAQ: Secured Domains for Tracking Links

Version 5

    Note: This document applies to the Marketo Secured Domains for Tracking Links product only. For information on the Secured Page Services, SSL for Tracking Links service, please contact your Marketo Professional Services Consultant.

     

    Every link you include in your Marketo emails will have tracking code automatically appended when sent. For those in highly regulated industries, your company may require that you securely encrypt the Marketo tracking links. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.

     

    Setting Up Secured Domains for Tracking Links instructions - Setting Up Secured Domains for Tracking Links

     

    Do I need Secured Domains for Tracking Links?

    Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS.

     

    If you have implemented HSTS at your site on your subdomains, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages. Additional information on HSTS, including how to check if it's been implemented on your domain can be found here: SSL: The HSTS policy and your Marketo subdomains

     

    Other Helpful FAQs

    What is Marketo Secured Domains for Tracking Links?

    Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS. This is most common for those in highly regulated industries, such as financial and healthcare institutions. Please note, this does not convert tracking links in emails to HTTPS.

     

    How many domains can I secure with the Secured Domains for Tracking Links?

    Each Secured Domains for Tracking Links covers up to 2 tracking links domains. Contact your Marketo Customer Success Manager for scoping/pricing/quote. Each Domain can have up to 40 sub-domains/CNAMEs.

     

    How is the Secured Domains for Tracking Links product different than the Secured Page Services, SSL for Tracking Links service?

    Unlike the older Secured Page Services, SSL for Tracking Links service, the newer Secured Domains for Tracking Links product generates and manages all certificates needed for secured tracking links. This eliminates the need for you to share certificates and private keys with Marketo, making it a more secure process. And, because Marketo automatically manages the certificate lifecycle, there is less risk of security lapse from certificate expiration, making it a more robust process for securing your tracking links.

     

    What setup/configuration is required before securing my Marketo Tracking Links?

    You must configure your CNAMES for Email Tracking links. More information here: https://nation.marketo.com/docs/DOC-1103-brand-your-tracking-links

     

    Can I secure my tracking links without securing my Marketo landing pages?

    In most cases, if you have implemented HSTS at your site, you will need both secured landing pages and secured tracking links.

    Do I need to provide a TLS/SSL Certificate?

    Marketo’s new Secured Domains products manage all aspects of procuring, managing and renewing certificates for you. You do not provide the certificates with Marketo's Secured Domains products.

     

    What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product?

    The certificates are authored by DigiCert.

     

    What type of certificate is provided?

    We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.

     

    Will my domains be on a shared SSL certificate with other companies?

    As part of our Secured Domains products, each of your fully qualified domain names will get its own certificate. That means you will not be on a shared certificate with other companies.

     

    Can I provide my own SSL certificate(s) to secure my domains?

    We do not recommend providing your own certificates with the Secured Domains products. Marketo can automatically renew only the certificates we generate to secure your landing pages or landing pages + tracking links.