Knowledgebase

Featured article

Included in this article Overview Data you’ll get from Email Bounces Bounce Categories Hard Bounces Soft Bounces Bounce Details Building the Directory 1. Create 6 custom fields 2. Create a Program to house everything 3. Create a Static List 4. Create two Smart Campaigns Smart Campaign One - Logging Email Bounces with Bounce Details Smart Campaign Two - Remove Leads From the List After Successful Deliveries 5. Create Custom List View Showing Bounce Details Overview Bounce activities carry details for why the email was bounced, but it’s housed within the activity log entry, not in a field on the lead record, so it’s difficult to export that data. This article will show you how to extract that information to create a directory of leads bouncing emails and how to make the list automatically update. This will also create counters for bounces and successful re-deliveries after bounces happen. Data you’ll get from Email Bounces Bounce Categories Email bounces come in different types depending on why the email was bounced; Hard Bounces or Soft Bounces. Hard Bounces Hard Bounces come in two types, Category 1 and Category 2. Category 1 bounces are emails that have been marked as spam by the recipient mail server. Many email servers monitor blacklists or spam traps, so after de-listing with them, leads that have had a Category 1 bounce previously may be able to receive emails again. Category 2 bounces occur due to an email address that is invalid or doesn’t exist. Soft Bounces Soft Bounces come in three different types, Categories 3, 4 or 9. Category 3 bounces are usually temporary, caused by full mailboxes, timeouts, or throttling. Any email with this designation has been retried for up to 24 hours (36 for AOL). Category 4 bounces are caused by technical problems, Transient Failures, Admin Failures, DNS Failures. Any email with this designation has been retried for up to 24 hours (36 for AOL). Category 9 bounces are unknown, undetermined or gibberish details. Any email with this designation has been retried for up to 24 hours (36 for AOL). Bounce Details When an email is bounced, the recipient mail server includes details of why it was bounced. These are created by the admin of the recipient mail server and vary greatly, but most will give some explanation that can give valuable information. Email Bounce Codes Building the Directory 1. Create 6 custom fields You’ll need 6 custom fields, two DateTime fields, two Score fields, and two String fields Name the DateTime fields “Bounce Date” and “Email Delivered After Bounce”. Name the Score fields “Email Bounces” and “Deliveries After Bounces” Name the String fields “Email Bounce Details” and “Email Bounce Category” Directions for creating Custom Fields can be found here: Create a Custom Field in Marketo 2. Create a Program to house everything Use a default program type and name it "Directory of Leads Bouncing Emails". Info on creating programs can be found here: Create a Program 3. Create a Static List This static list will be your actual directory that contains all of the leads that are currently bouncing emails. Name it "Active Bounce List". Info on creating a static list can be found here: Create a Static List 4. Create two Smart Campaigns These two Smart Campaigns are what will be used to add and remove leads from your active bounce list. Info on creating Smart Campaigns can be found here: Create a New Smart Campaign Smart Campaign One - Logging Email Bounces with Bounce Details Your first Smart Campaign will be used to listen for any email bounces that occur. The campaign will populate the “Bounce Date”, “Email Bounce Category” and “Email Bounce Details” fields. It will then add one point to the “Email Bounces” score field which can be used to count how many bounces have occurred per lead. Lastly, the campaign will add the lead to the static list which will be an active directory of leads who are bouncing emails. Campaign Smart List Use the two triggers of “Email Bounces” and “Email Bounces Soft” in the Smart List. Set both triggers to “is any” so that they will fire whenever any email bounces for any reason. Campaign Flow The Flow of the campaign will have 5 flow steps. The flow will use a System Token and some Trigger Tokens, which can be used to pull details out of the action that activated the trigger. In this case, the Trigger Tokens will be pulling out the details on why the emails were bounced. That info is in the bounce message and is logged in the lead's activity log. Normally you'd have to comb through the activity log one at a time to find these details for each individual lead. This method, however, will pull the details out automatically for all leads. Flow Step 1: Change Data Value Attribute: “Bounce Date” New Value: {{system.dateTime}} Flow Step 2: Change Data Value. Attribute: “Email Bounce Category” New Value: {{trigger.category}} Flow Step 3: Change Data Value Attribute: “Email Bounce Details” New Value: {{trigger.details}} Flow Step 4: Change Score Score Name: “Email Bounces” Change: +1 Flow Step 5: Add to List List Name: “Active Bounce List” Smart Campaign Two - Remove Leads From the List After Successful Deliveries Campaign Smart List The Smart List of the campaign will need a trigger for “Email is Delivered” set to “is any” and also a filter of “Member of List” looking just for leads that belong to your Static List. This way, the campaign will only apply to leads who have had an email bounce but have then had an email successfully delivered afterwards. Campaign Flow The Flow of the campaign will have 3 flow steps to do the following; log when the email was delivered, add a point to the "Deliveries After Bounce" Score Field, and remove the lead from the "Active Bounce List". Flow Step 1: Change Data Value Attribute: “Email Delivered After Bounce” New Value: {{system.dateTime}} Flow Step 2: Change Score Score Name: “Deliveries After Bounces” Change: +1 Flow Step 3: Remove from List List Name: Operational.Active Bounce List 5. Create Custom List View Showing Bounce Details The custom fields you’ve created for email bounce information won’t show automatically in the view of your list. You can create a new view of the list to show just this information so that when it is exported it will give you only the email bounce information you need. Once the list has the necessary details, it can be exported with those columns included so that you can work with it. You can identify emerging trends and issues with your deliverability by looking for common themes among the bounce details. Directions for creating Custom Views can be found here

The Google Apps antispam system uses a unique means of allowlisting. Customers on shared IPs should allowlist Marketo's entire sending ranges, because we sometimes need to move customers between IPs for technical reasons. The way to allowlist a range in Google Apps is to configure a manual IP block with a pass through. G Suite enables you to specify an IP address or range of addresses within a domain, and allow messages from those addresses only. This feature is sometimes referred to as IP lock. In G Suite, you set up this feature in the Content compliance setting. IP lock is a method that readily enables an administrator to simultaneously whitelist all incoming traffic from a particular domain while equally preventing spoofing by manually defining the allowed IP ranges. The following instructions are particularly useful with domains that do not have an SPF record and/or use third party applications to legitimately spoof their address. Setting up IP lock with the Content compliance setting includes three separate procedures: Adding the domain, defining the allowed IP range, and setting the correct disposition and NDR. See this page of Google documentation for more information: Enforce 'IP lock' in G Suite - G Suite Administrator Help Instead of using a CIDR range, this interface asks for the first and last IPs in the given range. Here are ours: 199.15.212.0 - 199.15.212.255 199.15.213.0 - 199.15.213.255 199.15.214.0 - 199.15.214.255 199.15.215.0 - 199.15.215.255 192.28.146.0 - 192.28.146.255 192.28.147.0 - 192.28.147.255 94.236.119.0 - 94.236.119.63 185.28.196.0 - 185.28.196.255 103.237.104.0 - 103.237.104.255 103.237.105.0 - 103.237.105.255 130.248.172.0 - 130.248.172.255 130.248.173.0 - 130.248.173.255 Is this article helpful ? YesNo

Overview A blocklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam. Internet Service Providers (ISPs) and business email networks use information from blocklists to filter out unwanted email. As a result there can be a drop in inbox delivery rates or overall delivery rates if the IPs or domains involved with sending email are listed on a blocklist. Marketo’s Email Delivery and Compliance team monitors blocklist activity on our IPs and domains daily. When we are alerted to a listing we reach out to the blocklist, attempt to identify the sender that triggered it, and work with the blocklist organization to get the listing resolved. There are thousands of blocklists out there most will not have a significant impact on your delivery rates. Below we have compiled a list of the blpcklists that our customers most commonly encounter. Tier 1 Blocklist Spamhaus Impact: Spamhaus is the only blocklist that we categorize as a tier 1 for a reason: it has by far the greatest impact on delivery of all of the blocklists. It is the most well-respected and widely used blocklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%. Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blocklists, Spamhaus lists senders manually. This means that they are proactively watching sender activity, collecting data, and basing the listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next steps: Our team monitors closely for Spamhaus listings. When we see a listing we immediately alert the customer and contact Spamhaus to start the remediation process. Listings last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem. Tier 2 Blocklists SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions but it makes it to the Tier 2 list because it can have a significant impact on B2B email campaigns. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Next steps: SpamCop is a dynamic blocklist, listings typically resolve themselves within one business day. There is no action you will need to take to action the delisting with SpamCop, the Privacy Team researches every SpamCop listing and will request delistings when an alert is received that an IP is listed. If your email activity triggered a SpamCop listing it likely means that you have a list management problem that should be addressed. Manitu Impact: Manitu is a German blocklist and has a wide footprint in Europe. Email senders with European audiences tend to encounter this blocklist most frequently. Manitu is not used by North American ISPs to inform blocklist decisions but if you’re sending to Europe a listing could be problematic. How it works: Listings are automatically activated when a sender mails to a Manitu owned spam trap address. Next steps: The Privacy Team researches and requests delisting when an alert is received that a Marketo IP is listed. By working with this blocklist the Privacy Team is usually able to identify the customer and let them know that email activity from their subscription triggered a listing. Because Manitu operates solely on the use of spam trap addresses, getting listed by Manitu is a clear indication that senders need to audit their mailing lists. Tier 3 Blocklists SORBS Impact: The impact of a listing at SORBS is very minimal. How it works: SORBS uses several methods to identify potential spammers. Most of their lists use spam traps to identify problematic senders. But SORBS will also list a sender based on their own user complaints, if SORBS administrators have received spam from the sender, or if they identify other high-level sending behavior patterns characteristic of spammers. Next steps: The Privacy Team monitors SORBS activity and makes delisting requests for Marketo IPs as necessary. Oftentimes, SORBS will refuse to delist within a certain timeframe based on the severity of the issue. Sometimes this can be up to several weeks. UCEPROTECT Impact: The impact of a listing at UCEPROTECT is very minimal, though the blocklist has a greater footprint in Europe. The organization does not have a good reputation in the industry because they charge senders to request delisting. How it works: UCEPROTECT lists IPs that send mail to their spam trap addresses. Next steps: We ignore these listings because the only way to have them removed is to pay. The pay-to-delist model is not well respected in the email industry so UCEPROTECT has a very limited reach. ISP Blocklists Some ISPs have their own blocklists that they use to inform blocking decisions. A few examples are Comcast and Verizon. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for this type of ISP specific blocklisting and the the Privacy Team works to resolve these as soon as possible. Usually blocks at Comcast and Verizon are resolved within less than 24 hours of a delisting request. Additional Resources: Blocklist Deep Dive Abuse Report Deep Dive What is a spamtrap, or spam trap, and why does it matter? Blocklist remediation Blocklist resolution flowchart Successful lead reconfirmation What is a blocklist?

Quick points: *Spamtraps are addresses owned by antispam organizations *Emailing a spamtrap (usually) gets your IP or domain blocklisted *Maintain current, direct opt-in with an active lead database to avoid this What is a spam trap or spamtrap? A spam trap, or spamtrap is an email address secretly owned by an antispam organization that is used to detect spam. Antispam organizations do not sign up for mailing lists, so they consider any email sent to these addresses to be spam. Once email is sent to the spamtrap, the antispam organization that owns this address will blocklist the IP that sent the email (or, less often, domains that are linked in the message). Email administrators purchase subscriptions to various blacklists, and use the lists to block all incoming email from listed IPs or containing listed domains. From the marketer’s perspective, this can mean a high number of bounced emails leading to low lead engagement, and ultimately to weak revenue performance. There are two types of spamtraps – pristine traps, and repurposed/recycled traps. A pristine trap is an email address that was never used by a person. A repurposed trap is an email address that once belonged to someone but is no longer a valid address; these addresses will bounce as bad addresses for at least six months before an antispam organization will turn them into live traps. How can a spamtrap get into my Marketo lead database? Purchased data Purchased data is unreliable. The antispam world does not like the use of purchased data so antispam administrators have made a concerted effort to get spamtrap addresses into the databases of data vendors. While data vendors may say they provide opt-in data in reality consent should be direct to your company. Sending unsolicited email is prohibited by the Marketo Terms of Use because this practice has a high risk of causing blocklist issues that can destroy deliverability for multiple Marketo customers. To avoid spam traps get direct opt-in before sending email. If you have purchased data in the past we recommend setting any inactive purchased leads to marketing suspended or simply removing them from your database. Old data Repurposed traps are email addresses that were once valid but are now owned by an antispam organization. This can happen when a company goes out of business; expired domains are often purchased by antispam organizations. Sometimes a company that has a direct partnership with an antispam organization will allow email addresses of former employees or users to become spamtraps. Because antispam organizations will generally make sure future spam traps return a bounce as bad addresses for at least six months before they become spam traps you can prevent repurposed traps in your database by emailing remaining engaged with everyone in your database at least once every six months. Avoid “wake the dead” campaigns to addresses you have not contacted in more than six months. Unconfirmed form entries People can unintentionally enter spamtrap addresses into forms either by making a typo or by intentionally using a fake email address that happens to be a spamtrap. If you use single opt-in, you may add spamtraps to your mailing list. This is more likely to happen if you are a B2C company or if someone thinks they can get whitepapers or free trials simply by filling out a form with made-up information. How can I identify spamtrap addresses? Spamtrap addresses are considered trade secrets by the antispam organizations. They do not share these addresses because their goal is for senders to change their mailing practices rather than to simply remove spamtraps from their mailing lists. That said, one thing we do know about spamtraps is that they tend to be automated processes and do not engage. Spamtraps do not click links. You can use smart list filters to identify inactive leads in Marketo. How can I prevent spamtraps in my database? Maintain active, direct opt-in for all leads. Don’t purchase data (to grow your list, sponsor events, use list rental services that send the first message for you, or use co-branded content that sends you only good leads) Email everyone you want to email at least once every six months Don’t add old data directly to your mailing list (if you need to, add in small batches and send a welcome email with a slightly different subject to each batch) Regularly clean your database of inactive leads Grant access to assets such as free trials and whitepapers as email links to discourage intentional use of fake email addresses on forms Use scripting on your forms to identify potential typos Is this article helpful ? YesNo

What is a Blocklist? Can I Still Send My Emails, or Are You Blocking Me from Sending? What Is a Spamtrap and Why Do They Matter? Can You Give Me the Spam Trap Address That Triggered the Blocklist So I Can Remove It from My Database? Can You Give Me More Information regarding the Blocklist Issue? What Is the Quarantined IP Range? I Sent This Email Campaign a While Ago. Why Am I Only Getting Notification of the Blocklist Issue Now, and Am I Still Blocklisted? The Blocklist Notification Went to the Wrong Email Address. Why Was It Sent to That Address? Which blocklists should I be concerned about? - Top Blocklists – What You Need to Know How do blocklist issues get resolved? What steps do I need to take to resolve the blacklist issue? - Blocklist Remediation

Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp= An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers) should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b.example.com include:_spf-c.example.com include:_spf-ssg-a.example.com include:spf-a.anotherexample.com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh.example.m0.net ~all" [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.anotherexample.com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all" [+3 = 10 mechanisms] spfa.anotherexample.com text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c.example.com ~all" [+2 = 12 mechanisms] _spf-ssg-b.example.com text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all" [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html http://www.string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".) Strings in SPF and TXT records should be no longer than 255 characters. However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application. In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below. Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26 ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record. Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22“ <- accurate text = "v=spf1 ip4: 199.15.212.0/22“ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record. More than that and the record will break. This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup http://network-tools.com/nslook/ SPF creation wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors http://www.openspf.org/FAQ/Common_mistakes SPF syntax definitions http://www.openspf.org/SPF_Record_Syntax

Setting an email to "operational" does the following No unsubscribe link automatically added Email will be sent to leads set to Unsubscribed Email will be sent to leads set to Marketing Suspended Note - when sending an operational message, Unsubscribed and Marketing Suspended leads will still be included in the "blocked from email" count on the schedule tab of the campaign. When is it OK to use the operational setting? Sending marketing email to unsubscribed addresses is illegal. For this reason, you should be extremely careful to only use this setting in extremely limited circumstances. Using this setting incorrectly violates Marketo's Terms of Service, and most antispam laws. There may be legal consequences for using this setting incorrectly. Good uses of the operational setting fall into two categories: Transactional messages Relationship messages What's a transactional message? A transactional message is part of a transaction that a lead has initiated and you are responding to. Here's some examples of transactional messages: Receipts for purchases Registration confirmations Download links in response to form fill-outs Requested assets (whitepapers, spec sheets, etc.) What's a relationship message? A relationship message describes something that affects your business relationship with the lead. Here's some examples of relationship messages: Downtime notifications Changes to terms of service Recall notices End of service notifications Operational messages should not contain any marketing content at all. In other words, do not use the operational setting to send a message that contains a receipt and a promotion, only a receipt.

We manage our network to provide our customers with the highest server availability and best deliverability possible. Marketo Engage has a strong anti-spam policy and a team that handles blocklist notifications in our IP space and spam complaints. We also cooperate with most major anti-spam providers and ISPs. In addition, we maintain feedback loops for many of the most popular email providers. For more information on feedback loops and ISPs with whom we have this arrangement, click here. Blocklistings are usually caused by sending mail to a spam trap email address. For an explanation on what causes blocklisting, click here. When we receive notification of a blocklisting, we react in two ways. First, we go through the procedures to remove the listing from that blocklist as soon as possible. Second, we determine (if possible) which of our customers caused the blocklisting and work with them to improve their mailing lists to prevent a reoccurrence in the future. This is usually a cooperative process, most frequently, a review of mailing policies and strategic pruning of a customer’s lead database will return them to best practices. Blocklists: Frequently Asked Questions Is this article helpful ? YesNo

This originally appeared on the Brand Driven Digital blog, 9/19/2013. Written by Marketo's Digital Marketing Evangelist, DJ Waldow. Used with permission. Unemotionally Subscribed – People on your list who have not opened or clicked an email message from you in an extended (several months) period of time. They have not unsubscribed. They have not marked your message as spam. They either ignore it or take the time to actually delete it every time it lands in their inbox. Now, it depends on who you ask, but the percentage of your list that is considered “unemotionally subscribed” can be as high as 30%. Yup. Nearly one out of every three folks on your email list are not interacting with your emails … not at all. As I mentioned in this What Counts guest post, once you figure out who fits this “inactive” criteria, you have a few options: Immediately unsubscribe or delete them. I call this the “DO NOT PASS GO, DO NOT COLLECT $200″ approach. Move to a new list and mail to less frequently. I call this the “I think I need to see you a bit less often” approach. Send a last ditch “We missed you” type email. If they don’t respond, then do #1. I call this the “I’m going to give you one more chance” approach. Set up a re-engagement email series. I call this the “I really don’t want to break up, but if you are not responding at all, well, it’s over” approach. No one method is necessarily better than the other. I’ve seen all 4 executed before. As I often say, the best practice here is the one that’s best for your subscribers (and your business). I recently came across a great – creative, human, funny – example of #3, the last ditch “we missed you” email. Thanks to Suzanne Oehler who forwarded me this email. Check out this email from NTEN: The Nonprofit Technology Network The subject line – We miss you! - was certainly one that would stand out in many inboxes. The intro paragraph was short and to the point, but nothing crazy. But then it got fun … and creative. The first call to action read: “If you’d like to continue receiving NTEN emails, click here by Friday, August 2nd. Yay! This makes us very happy.” Again, they get right to the point. They even add a bit of “human” (Yay! This makes us very happy.) But it gets better. The “click here” link leads to hilarious Happy Dog video. IF you are a dog owner, you’ll love this. The second call to action read: “If you’d rather not receive NTEN emails, we’re sad to see you go. Simply delete this email and in a short time your account with NTEN will be removed from our systems.” Nothing crazy. Direct. Clear. Simple. However, the “sad” link again goes to a video – this one goes to a Sad Cat Diary video. Warning: some language in this video is NSFW. Then again, if you’ve ever owned a cat, you’ll appreciate the humor. The third, and final, call to action read: “Of course, if you change your mind, you can always sign up again” with the “sign up” link taking clickers to their email subscription landing page, of course. Now, fun and creative is one thing. If campaigns like these do not meet their intended goals (getting folks re-engaged), then, well, they are just “fun and creative.” So … Did It WORK? I contacted the team at NTEN to see how effective this campaign was. Below is what they shared with me. They sent this email to a list of 24,000 subscribers who had not opened in email from them in the past year. For this particular campaign, they reported the following metrics: Open rate – 38.89% vs. 26.73% “average” over the previous few emails Click-to-Open Rate* – 47.37% vs. 12.3% “average” over the previous few emails *in other words, of the 38.89% who opened the email, nearly 50% clicked at least one link Of those who clicked a link, the Top 4 most-clicked links were: 41.14%: Click Here (Happy Dog … to stay subscribed) 4.91%: Unsubscribe 2.21%: Sign up 2.14%: Sad (Sad Cat … to opt-out) By all accounts, I’d say this “We Miss You” campaign was a HUGE success? What do you think? Have you tried a “reenagement campaign in the past? If so, how effective was it for you? Drop a note in the comments below! P.S. The email marketing team at NTEN shared their “lessons learned” from this campaign in this blog post. I love their transparency. Is this article helpful ? YesNo

Double opt-in is the gold standard of email permission. Also known as confirmed opt-in or COI, this practice is where a person fills out an opt-in form and is then sent an email and must click a confirmation message before they are added to the mailing list. Here are some great reasons to use double opt-in: Protects against typos and bots Protects against spamtraps Reduces bounce rates, improves deliverability Required in some regions Increases engagement rates If you'd like to set up double opt-in with Marketo you can do this with the use of the Marketing Suspended function. Marketing Suspended is a status that is functionally equivalent to Unsubscribe - Marketo will not send these leads marketing emails, but will send them operational emails. You'll need an opt-in form and a pair of trigger campaigns. First, set up a trigger campaign such that, when the form is filled out, the flow has a Change Data Value to mark the lead as Marketing Suspended, and then a Send Email step to send an operational email that you will use to confirm their request to join your mailing list. Your confirmation email should be short and to the point, and make sure to set it as an operational email. We recommend that it is clearly branded, use a simple subject line such as "Confirm Your Request to Join Our Mailing List" or similar, and include a link within to a simple confirmation landing page. Set a second trigger campaign such that whenever someone clicks the confirmation link to the confirmation landing page, the flow will change data value Marketing Suspended new value is false. A follow up flow should be set up that if the recipient doesn't activate the link in the confirmation email the address is either deleted or set to Blacklist within the database after a reasonable timeframe, usually 2 weeks. The Blacklist status will ensure that no email is set to that lead until they have completed the subscription process. This prevents future operational emails from being sent to this email address unintentionally. That's it! Now, when someone fills out your opt-in form, they will be set to Marketing Suspended until they click the confirmation link in your operational confirmation email. You'll be well on your way to increasing the quality of leads on your mailing list by implementing this simple process.

Note: Once you have migrated to Admin Console, you can manage your support cases through the feature provided in the Admin Console Platform. To learn more, visit: https://experienceleague.adobe.com/docs/customer-one/using/home.html. Once you have submitted a case to Marketo support, we provide a simple way of staying connected to your case and the cases submitted from your company through the Marketo Support Portal. You can access the support portal through your Marketo instance by selecting Community in the top right corner: This is a article attached image You can also access the support portal directly at https://support.marketo.com and login with your Marketo credentials (login and password). This will not work for users with SSO. Once you are in the support portal you can Create a Case for Marketo Support or you can also review any cases that are open and being worked on by support or review your case history. Navigate to My Case management: This is a article attached image From the My Cases navigation you can access the following case views: This is a article attached image My Recent Cases* - Cases that you have opened in the past 30 days All Company Recent Cases* - Cases that any authorized support contact has opened in the past 30 days My Open Cases – Cases created by you that are being triaged by Support and pending Support’s response and are more than 30 days old My Closed Cases – Cases that were created by you and are now closed My Awaiting Fix Cases – Cases that were created by you where Marketo is developing a fix which will be implemented at a later date All Company Closed Cases – Cases that were created by you or your colleagues that are now closed All Company Open Cases - All open cases submitted for the account Company Awaiting Fix Cases – Cases that were created by you or your colleagues where Marketo is developing a fix which will be implemented at a later date Management Escalations - Escalations opened by you or your colleagues Survey Cases - Surveys that are available for you to fill out after a case is closed *Cases that have been opened for more than 30 days will move from Recent cases to Open cases To view specific case details, click a case number. This is a article attached image From the Case Details, you can perform the following: Close your Case - Select the "My Case is Resolved" button to close your case Add Comments - Provide additional comments to support or respond to a Support question Add Attachment - Provide any screenshots or documents that will help illustrate the issue you are reporting If your case has been closed there are two options available to you. Reopen - You can reopen your case if you are not satisfied with the case resolution by adding a comment in the case. Case Survey - Once your case has closed, please consider offering feedback on the level of Support you received.

Issue If your IT department or a client asks for your Marketo dedicated sending IP address in order to whitelist your marketing emails, here is how you can find it. Solution Your Marketo instance's dedicated IP address can be found by sending yourself a live version of one of your Marketo emails, then checking the message headers for the IP address that it was sent from. It should also be included in the original documentation that Marketo's deliverability team would have provided you when the dedicated IP was set up. If you are unable to locate the IP address in the emails, or are unable to find your original documentation, please reach out to Marketo Support and we can look it up for you. Who This Solution Applies To Customers with a dedicated sending IP

Issue You see a record in the database has something similar to the following Email Suspended Cause: "554- Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means." Solution The 554 error is generated by a hard bounce due to a spam block. It is possible that one of the sending IP addresses used may have been on a temporary blacklist the day of the attempted send. This happens while using shared IPs when another Marketo instance using the same IP hits a spam trap, putting the IP on a blacklist for 24 hours. This error can also happen to users on a dedicated IP if they hit a spam trap with one of their email sends.

Marketo Champions are customers who have demonstrated outstanding leadership in the Marketo Community, are experts in Marketo products, are avid contributors in the social world, and are loyal advocates of the Marketo brand. Benefits and perks our Champions receive include: Access: Meetings with our product and marketing teams to give exclusive feedback Previews: Given early previews to products, features, and releases when available Publicity: Exclusive speaking opportunities at our annual Marketo Summit and other events Networking: Special networking events with Marketo executives and fellow Champions and semi-annual conference calls Ownership: Ownership of content and exclusive activities at our annual Marketo Summit that showcase your expertise and thought leadership Credibility: Special Champion badge on Marketo Community profiles, and profiled on Marketo's corporate website Sweet Swag: Champion-exclusive swag To find out more information and apply, click here. To view a complete list of current Champions, click here. Join the Marketo Elite Today!

Leads can be auto unsubscribed due to default Feedback Loop setup with the ISPs listed on this page. You can use the following filters to find leads that have clicked the SPAM button in your emails: Filter 1: Data Value Changed Attribute: Unsubscribe New Value: True Reason: Contains, Customer Complaint Received from ISP. (Optional to Specify what Email Domain) Filter 2: Email Address Email Address: Contains, @domain.

This is a article attached image Upon signing a contract with Marketo you are provisioned a Marketo instance and a Support Service. There are four different types of Support Services which are available to meet different customer support needs: Online (Legacy) Business or PREMIER SUPPORT BUSINESS (Legacy) Premier or PREMIER SUPPORT ENTERPRISE (Legacy) Elite or PREMIER SUPPORT ELITE Each Support Service has a different Service Level Target (SLT). An SLT is the amount of time Marketo Support targets to make first contact with you after a support case has been submitted. SLTs differ for each Support Service and priority level. Priority levels range from Priority P1 to Priority P4. Here are the SLTs and priority levels for each Support Service: Priority Online (Legacy) Business PREMIER SUPPORT BUSINESS (Legacy) Premier PREMIER SUPPORT ENTERPRISE (Legacy) Elite PREMIER SUPPORT ELITE P1 1 hour 1 hour 1 hour 30 minutes 30 minutes 30 minutes 15 minutes P2 4 hours 3 hours 2 hours 2 hours 1 hour 2 hours 30 minutes P3 6 hours 5 hours 4 hours 4 hours 2 hours 2 hours 1 hour P4 3 days 1 day 1 day 1 day 1 day 1 day 1 day Here are the descriptions for each priority level: Priority Description P1 Mission Critical: Core business function down or potential loss of mission critical data P2 Urgent: Major feature or workflow is not functioning. Mission critical workflow and majority of user community is not blocked P3 Important: Normal usability or task completion is impacted but functional, or workaround is available P4 Minor: Minor issue requiring a correction. Normal workflow is not impacted Find more information About Support here!

If you have submitted a support case and you feel that the case was improperly handled or that the solution being offered does not meet the communicated Marketo support expectations, then we would welcome the opportunity to look deeper at your specific support engagement and work with you on delivering a better resolution. Caution: If the item you're looking to escalate is related to a Production Down incident, please call the support line for your region to receive immediate assistance. Support Manager escalations are only handled during normal business hours. The phone numbers for each region are listed below, follow the prompts for P1: Americas: +1.877.270.6586, Direct: +1.650.376.2303 Europe, Middle East, & Africa: +353 (0)1 242 3030, UK: 0800 151 3030 Asia Pacific: +61 2 8310 7646 Japan: +81.03.4233.9014 How to Escalate: Step 1. Navigate to the "Case Management" area of the support portal either by mousing over the Support tab and selecting "Case Management" or clicking the Support tab and click on the “My Case Management” button. NOTE: You will need an open or recently closed case in order to escalate to support leadership. This is a article attached image Step 2. From here you will need to click on either an open or a recently closed* case: This is a article attached image *Support Cases that have been closed for longer than 10 days are no longer eligible to be re-opened and we ask that you open a new support ticket for your current issue prior to escalating to a Support Manager. We ask that you have an open support ticket for a Support Manager to be able to address specific issues. Step 3. After selecting a case, click on the Escalate to Manager button: This is a article attached image Step 4. A pop up will display and you will need to the purpose for the escalation and click on the “Escalate” button. This is a article attached image Once your support escalation case has been submitted a Marketo Support Leader will contact you within 1 business day of your support region's support hours to address the issue.

Issue You receive a DMARC report from an ISP saying that your email failed to pass the SPF alignment check, but when you check your SPF listing in Admin > Email > SPF/DKIM, SPF is verified. Solution The SPF record in Admin > Email > SPF/DKIM is tied to your FROM domain. DMARC alignment (using SPF) aligns the domain in the FROM address with the domain in the “return-path” address. This “return-path” address, usually using a '*.mktomail.com' domain, is generally unseen by recipients and directs email bounces and errors back to Marketo for processing. Failed DMARC alignment, between these two domains, is what is triggering the failure your DMARC reporting. DMARC compliance requires EITHER DKIM or SPF compliance, not both in most cases. This article reviews the two methods available for DMARC alignment - https://nation.marketo.com/docs/DOC-1202-technical-tip-set-up-dmarc-verified-domains-in-a-few-easy-steps Having DKIM DMARC alignment may be enough and you may not need to rely on full SPF DMARC alignment. In order to set up SPF DMARC alignment, Branded Return-Path will allow you to align the “return-path” domain with your sending FROM address domain. If you have a dedicated IP on the current pricing plan or are on the Trusted IP range, Marketo can brand your return path at no additional charge. If you have a legacy Silver Dedicated IP package, or are on the Shared IP range, you can purchase the Branded Return Path as an add-on. More technical info can be found here: What is DMARC? - https://nation.marketo.com/docs/DOC-1097 https://nation.marketo.com/docs/DOC-5910-branded-envelopefrom-on-shared-or-trusted-ips https://nation.marketo.com/docs/DOC-5951-branded-envelopefrom-on-dedicated-ips

Syntax Recommendations Common Look Up mechanisms Common Modifiers Too Many Mechanisms Character String Too Long Null Records in the SPF Record Repetitive Records in the SPF Record - Void Lookups Validation Tools Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp= An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers) should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b.example.com include:_spf-c.example.com include:_spf-ssg-a.example.com include:spf-a.anotherexample.com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh.example.m0.net ~all" [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.anotherexample.com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all" [+3 = 10 mechanisms] spfa.anotherexample.com text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c.example.com ~all" [+2 = 12 mechanisms] _spf-ssg-b.example.com text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all" [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html http://www.string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".) Strings in SPF and TXT records should be no longer than 255 characters. However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application. In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below. Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26 ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record. Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22“ <- accurate text = "v=spf1 ip4: 199.15.212.0/22“ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record. More than that and the record will break. This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup http://network-tools.com/nslook/ SPF creation wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors http://www.openspf.org/FAQ/Common_mistakes SPF syntax definitions http://www.openspf.org/SPF_Record_Syntax

Knowledgebase

Maintaining a Directory of Leads Bouncing Emails

Allowlisting with Google Apps

Top Blocklists - What you need to know

What is a spamtrap and why do they matter?

Customer User Guide - Marketo Customer Support Links

Blocklists: Frequently Asked Questions

Common SPF Errors & Fixes

Operational Emails - Important Information

How does Marketo respond to blocklisting and spam notifications?

A Creative Re-Engagement Email Campaign

Which blacklists should I be concerned about?

How to Set Up Double Opt-In (COI)

Managing your Support Cases

Where Can I Find My Dedicated IP Address?

Email suspended cause 554 error

Marketo Champion Program

Finding Leads that are Auto Unsubscribed for Email Spam Complaints / Feedback Loop (FBL)

Service Level Targets (SLT)

Escalating a Support Issue

DMARC Report Says an Email Fails SPF but the SPF Record Shows as Verified.

Common SPF Errors and Fixes