Setting Up Secured Domains for Tracking Links

For those in highly regulated industries, your company may additionally require that you securely encrypt the Marketo tracking links embedded in Marketo emails. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.

Overview & FAQ - Overview & FAQ: Secured Domains for Tracking Links

What's Changing

Marketo has discontinued the Secured Page Services: SSL for Tracking Links service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Tracking Links product which provides all needed certificates and manages renewals automatically.

Action Required

To secure your email tracking links, contact your Marketo Customer Success Manager to add the Secured Domains for Tracking Links product to your subscription.

Once you’ve purchased Secured Domains for Tracking Links for your instance:

An automated message will be sent to the Support Admin on your account

They will need to respond to the message with the Munchkin ID of the instance needing Tracking Links set up. Responding to this case will auto generate a Support Case for a Marketo technical support engineer to help complete the process.

Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time.

Do I need Secured Domains for Tracking Links?

Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS.

If you have implemented HSTS at your site on any domain that you are choosing for either your Landing Page CNAME or your branded email tracking links domain, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages.

How is the new Secured Domains for Tracking Links Better?

With Marketo’s new Secured Domains for Tracking Links product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your links in emails!

Do I have to upgrade?

An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Tracking Links certificate renewal process.

Will my tracking links automatically convert to HTTPS?

You will not see tracking links in your Marketo emails changed to HTTPS (they will remain prefixed HTTP). However, when an end user clicks the link, if HSTS is enabled for the domain in the link being clicked and the browser is aware, the request will be automatically changed to HTTPS by the browser and served securely via HTTPS before re-directing to the destination of the link.  

This means that no insecure connection occurs because the browser recognizes the HSTS security policy.  HSTS preload is required for this to work.   If a tracking link top level domain is not on the HSTS preload list, then link clicks will be insecure until the browser becomes aware of the HSTS policy on the target domain by visiting the site.

Will my old links in emails continue to work?

Links in emails will continue to function normally.

Is this article helpful ?

YesNo

Labels (1)