Knowledgebase

Sort by:
  Overview Add Leads to Static Lists Use Custom Fields Overview Lead records have two primary components – lead attributes and activity logs. Lead attributes are the fields and field values within the lead record. For example, Job Title is a lead attribute. Lead Name is a lead attribute. Activity logs record the actions Marketo or the lead themselves have taken. For example, sending an email to a lead is an activity that would show in the activity log. If the lead opens the email or visits a tracked page, those activities would show in the activity log as well.   Activities in the activity log are only retained for 25 months, or 37 if you have purchased the premium data retention option. The main way to store activity data beyond the Data Retention Policy timeframe is to use the Bulk Extract API. There are two other ways you can keep a reference of these activities after the end of the Data Retention period, and they can be referenced within the Marketo UI. This article will show you how that can be done.     Add Leads to Static Lists Static lists will retain lead membership even if the activity of adding the lead to the list has been removed. This will let you have lists dedicated to specific criteria that would otherwise be removed after the data retention time period has been passed.   For example, Smart Campaign membership history is not retained after 25 months. If you are searching for members of a Smart Campaign, but a lead first became a member of the Smart Campaign more than 25 months ago, the search results would not include that lead.   An easy way to work around that is to add your leads to a static list as part of the flow of the campaign. When creating your Smart Campaign, create a new static list with the same corresponding name (makes it easier to identify later). When building the flow of your campaign, add the "Add to List" flow step so that all leads going through the campaign will be logged on the list.         Use Custom Fields Lead attributes and their field values are not affected by the Data Retention Policy. Use Smart Campaigns to populate custom fields with values based on activities your leads take. This will allow you to filter leads by these lead attributes that are not affected by the Data Retention Policy. A side benefit to this is that it is faster to search by lead attributes than by searching through lead activity logs.   Example: This approach can work for many different activities, but let’s use form fill outs as an example.   Let’s say you want to be able to identify leads who have been very active and have filled out more than 5 forms over their lifecycle. You could use the filter “Filled Out Form” with the “Min. Number of Times” constraint set to 5. However, if one of those forms filled out occurred more than 25 months ago, the filter would only be able to access 4 form fill activities in the activity log. Therefore, the lead would not pass the filter.   Instead of using the “Filled Out Form” filter, set up a Smart Campaign to write to custom fields that show you how many forms they’ve filled out, and when the first one was. Here’s how to do it:   1. Create two new custom fields in Marketo, one Score Field, and the second a Date Field.   2. Create a new Smart Campaign   3. Add the trigger “Fills Out Form” set to “is any” to the Campaign Smart List     4. Add these two Flow Steps to the Campaign Flow: Flow Step 1 : “Change Score” Score Field Name: your score field name Change: +1   Flow Step 2 : “Change Data Value” Add Choice to Flow Step Choice 1: If “your score field name”  “is empty” Attribute “your score field name” New Value: {{system.date}} Default Choice: Do Nothing       This campaign will listen for any time a lead fills out a form, add +1 to your score field, and if it’s the very first form they’ve ever filled out, it will log the date of when it was done. If the lead has ever filled out a form in the past, there will already be a date value in the date field, so the flow choice would just skip over it and do nothing.       Results You’ll See: With the original goal of identifying leads who have filled out more than 5 forms you’ll be able to filter for leads that have filled out at least 5 forms. In addition, this campaign will let you search for leads based on when they had filled out their very first form, regardless of how long ago it was. Since it’s stored in a lead field, it’s a lead attribute that is not affected by the Data Retention Policy at all.      
View full article
NOTE: To secure your Marketo landing pages requires either Marketo SSL for Landing Pages (obsolete service) or Secured Domains for Landing Pages. Please contact your Marketo Customer Success Manager for more information or to purchase.   With Marketo’s Secured Page Services: SSL for Landing Pages, Marketo customers were responsible for providing the original SSL certificate and updated certificates upon expiration. If you have reached this page because you are providing an updated certificate, an upgrade is required.   What’s changing: Marketo has discontinued the Secured Page Services: SSL for Landing Pages service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Landing Pages product which provides all needed certificates and manages renewals automatically.   Action Required: Please contact your Marketo Customer Success Manager to add the the Secured Domains for Landing Pages product to your subscription.   Once you’ve purchased Secured Domains for Landing Pages for your instance:   OPEN A NEW SUPPORT CASE Marketo login required. Select Case Type - "Help me setup/create" Select Case Issue - "System Configuration" If you have multiple instances, please provide us with the Munchkin Code (Found in Admin > Munchkin) of the instance that is ready. Format ###-XXX-###.   Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time.   How is the new Secured Domains for Landing Pages Better? With Marketo’s new Secured Domains for Landing Pages product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your pages! For more information, please see our Overview & FAQ: Secured Domains for Landing Pages.   Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Landing Pages certificate renewal process.
View full article
!!EASTER EGG!! The ball with the Marketo logo in the upper-left corner of the screen is your Superball.  Here's a quick trick to make it bounce like it did when you first got into your Marketo instance: Hold down Ctrl (Command for Macs) + Shift, then hit the 's' key. Happy bouncing!    
View full article
NOTE: To secure your Marketo landing pages requires either Marketo SSL for Landing Pages (obsolete service) or Secured Domains for Landing Pages. Please contact your Marketo Customer Success Manager for more information or to purchase.   If you have already secured your Marketo landing pages with Secured Domains for Landing Pages and now need to add additional subdomains to be served securely, please follow the steps below: Step 1. Create your new subdomains (CNAMEs and Domain Aliases) Step 2. Submit a support case to secure your new subdomain STEP 3: Create New Landing Pages   Step 1. Create your new subdomains (CNAMEs and Domain Aliases) To secure a new subdomain, please create the CNAME(s) and domain alias(es) in your instance. For more information on this, please see: Add Additional Landing Page CNAMEs.   Step 2. Submit a support case to secure your new subdomain Once you’ve created the new subdomain (CNAME and domain alias), please click the link below to create a support case. OPEN A NEW SUPPORT CASE Marketo login required. Select Case Type - "Help me setup/create" Select Case Issue - "System Configuration" If you have multiple instances, please provide us with the Munchkin Code (Found in Admin > Munchkin) of the instance that is ready. Format ###-XXX-###.   Marketo will have any additional certificate(s) generated and loaded to cover the new subdomain(s). This step may take up to 3-business days. Marketo will contact you when this step has been completed.   STEP 3: Create New Landing Pages Once you receive confirmation that the subdomain has been added, you can now create new HTTPS landing pages. Please be sure all images, JavaScript files and other external links in your landing pages are HTTPS. If you previously created landing pages, please review each of these and update all references to HTTPS. Please contact Marketo Support with any issues you may encounter.   If you purchased the SSL for Landing Pages service, you may need to upgrade to Secured Domains for Landing Pages, our new solution to secure landing pages.  Please contact your Marketo Customer Success Manager to add Secured Domains for Landing Pages to you subscription. Please note, with this upgrade, Marketo will provide the required certificate(s) and manage their ongoing approval.
View full article
Issue: When selecting multiple values in a string field, it only shows 300 entries in the 'Select...' window. NOTE: This is expected behavior, we have limited the number of records to show to 300.   Workaround: If there is a value that is not in the 'Selected Values' window, you will need to start typing in the 'Select...'field so the autosuggest will start to filter the values, whatever value that is not already selected in the 'Selected Values'window, will show up in the 'Select...' window.
View full article
Issue: When building 'Program Membership Analysis' reports in RCE, the Program Status is not sorted according to the step values in the Program Channel. For example in the below screenshot: The value of the steps are clearly showing the progression of statuses from start to finish.   However when building a 'Program Membership Analysis' report, it is showing that the order of the status is not correct. 'New Member (Influenced)' should be appearing after 'Subscribed by Form - Non Member.'   Troubleshooting: Make sure that you do not have any other Programs Channels with the same Status, as this will cause issues. There is a deduplication that occurs in the backend which causes an issue when a 'Program Membership Analysis' report is created, if there is more than one Program Channel that has the same Program Status it will deduplicate and the one displayed might be due to the lower step.   Another issue that might happen also due to having more than one occurance of Program Status in other Program Channels is that other Program Statuses might appear in the report due to this.   Resolution: We currently do not support having more than one Program Status appear in the Program Channels, each Program Status has to be unqiue or issues with displaying Program Statuses will appear.
View full article
Following the Q2 Spring Quarterly Release, we identified that that two new permissions had been enabled by default for all API users. Any role that had "Access API" checked in the permissions for the role had "Read-Only Named Account List" and "Read-Write Named Account List" added to their permissions.   With the upcoming minor release, we will be reverting the defaults for these permissions back to disabled.  After the rollback, some customers may receive an API error 603 when making API calls.  Customers who receive these errors can resolve them by re-enabling the new permissions.   To manage role permissions, go to Admin > Users & Roles > Roles. Re-Enable (check) and save the two permissions shown below:           If you continue to receive 603 errors after enabling these permissions, please contact Marketo Support for further assistance.
View full article
Ready to SSL-secure your Marketo landing pages? Whether you’re securing your pages for the first time, adding additional CNAMEs to your already secured instance, or renewing your SSL certificate, you’re in the right place!   NOTE: To secure your Marketo landing pages requires either Marketo SSL for Landing Pages (obsolete service) or Secured Domains for Landing Pages. Please contact your Marketo Customer Success Manager for more information or to purchase.   To get started, please choose one of the options below:   Setting Up Secured Domains for Marketo Landing Pages - FIRST TIME SETUP Setting Up Secured Domains for Marketo Landing Pages - ADDING NEW SUBDOMAIN Setting Up Secured Domains for Marketo Landing Pages - RENEWING SSL CERTIFICATES        
View full article
Issue:   You create Marketo campaigns but they are not showing up in Sales Insight in Salesforce. The steps below illustrates all the steps that are required to make these campaigns show in Sales Insight.     Resolution:   1. Make sure the trigger campaign in Marketo that you want to access through Sales Insight is using the "Campaign is Requested" trigger with a source of "Sales Insight"   2. Activate the campaign you created in Step 1 above from the "Schedule" tab of your campaign. This is very important. If the campaign not activated, it will never show up in Sales Insight.  
View full article
In offering a premium email delivery platform to our customers we carefully monitor our IPs for listings on blacklists (Top Blacklists – What You Need to Know.) The Marketo Privacy team maintains relationships with the major blacklists to better assist our customers in resolving these issues. When we find that one of our customers was responsible for a blacklisting we contact that customer and request some actions be taken to remediate the issue. In many cases we find that sending an email to a spamtrap address (What Is a Spamtrap and Why Do They Matter?) caused the blacklisting.  Spamtraps are email addresses that have either never been used or have not been used for a long time and are now owned by anti-spam organizations. They are considered by these organizations as a sign of poorly maintained or inappropriately acquired addresses. Based on this assessment they conclude that the marketer is sending spam and consequently blacklist the sender.  To prevent future blacklistings you'll need to review your recent activity to remove the spamtrap from your mailing. Finding the spam trap address can be difficult; they are closely guarded secrets of the blacklisting organizations and they do not share these addresses. We describe several strategies below. The best approach for you depends on the make-up of your database and the amount of behavioral history in your Marketo system.The goal is to isolate potential spamtrap addresses and remove them. The group of addresses you select should be broad enough to capture those potentially bad addresses but small enough not to suppress a huge portion of your database. Blacklists are not all the same - some provide Marketo with more information, some with less. If at all possible we will provide you with a date and a subject line to help you isolate potential traps.          Step 1         To narrow the list of potential traps you should consider the following: Have you recently added any new leads or new lead sources? What is the source of these leads? Any purchased or appended email addresses should be removed because these data sources are often the source of newlyintroduced spamtraps. In addition lead sources like this can violate Marketo's Email Use and Anti-Spam Policy Have you recently added any older leads from another database that have not received email in the past year?  Some email providers will turn an address into a spamtrap after a year of inactivity.  If you have a list of addresses that had not received email for a year or more before recent email campaigns this list should be removed. Does your system use any custom fields to indicate customer status, event attendance, recent contact with your sales team, or other forms of engagement?  Take advantage of this and isolate the inactive or nonresponsive segments of your database using all activity data you have available. Is there anything different about this specific mailing that makes it different compared to your previous email campaigns? Did you send any other mail on the same day?  You could compare the recipient lists. Step 2   If you were able to identify newly introduced email addresses to your email program that are likely the source of the spamtrap suppress or remove those from your database so they will not receive email in future email campaigns.    If you have not identified a specific data source than you should target the inactive or nonresponsive segments of your database for potential spamtraps.  Because an individual does not manage spamtrap addresses, they are generally part or a larger spamtrap network; they will generally not show any form of activity. If you have behavioral history, the best approach to take is to identify the people who are not interacting with your company - not opening or clicking emails, not visiting the web page, not attending events, etc.   Build an inactive Smart List using ALL filters: Was sent email the day of and day before the spam trap hit (please contact support@marketo.com for the date of the trap hit if you do not have this information already.) Lead “was created” date is at least 6 months ago Inactivity Filters Not visited web page is “any”; constraint date of activity “in past 3 months” Not filled out form is “any”, constraint date of activity “in past 6 months” Not clicked link in email is “any”, constraint date of activity “in past 6 months” Not opened email is “any”, constraint date of activity “in past 6 months” If you have custom database fields that would show other forms of activity feel free to add this into your inactive Smart List to exclude active leads.   Step 3   Once you have created a smart list to identify these suspect leads you have several options. [Leads Tab > Lead Actions > Flow Actions] Remove leads from database Why waste your time on inactive leads?   Set leads to Marketing Suspended = true to suppress from future mailings Marketing suspended is functionally equivalent to unsubscribe. These leads will still be available for other flow actions, tracking, or operational emails. To avoid suppressing an active lead’s email address you can create a daily recurring batch campaign to take any marketing suspended lead who "wakes up" and engages and set them back to marketing suspended is false.    The daily batch campaign would be set to change Marketing Suspended back to false if the lead performed any specific activity in the last 24 hours like if they visit a web page, open or click a link in an email, fills out a form or has a lead status change. Here's how to set up the campaign:   Smart List (using the "ANY" filter, not "AND"): "Visits Web Page" "Clicks Link in Email" "Fills Out Form" "Opened Email"           All selectors for these filters should be set to 'any'.   Flow: "Change Data Value" flow step Attribute: "Marketing Suspended. New Value: "False".     Opt-In reconfirmation pass Create and release an email to inactive list with the following sample copy: "We have not heard from you in a while. Click this link to continue to receive messages." Anyone who does not click the link within 2 weeks should be set to Marketing Suspended. For recommendations on successful reconfirmation messages search our help articles on Successful Reconfirmation.   Some mix of the above Many of our customers take a tiered approach to blacklist remediation. If they can identify inactive, low-priority leads they may choose to immediately delete or Marketing Suspend these while reserving a reconfirmation pass for higher priority leads. If your list includes extremely high value sales targets you might consider having your sales team reach out individually. If considering this approach we recommend that you export the list and try various sorting techniques to get a feel for the leads you're looking at before deciding on the best way to segment them for different tiers of attention.     Step 4 – You’re Done! Don't forget to fill out the delisting form  
View full article
An email being filtered to a quarantine or bulk mail folder happens after the recipient mail server has accepted message.  Once an email has been accepted by a mail server, it is impossible to tell where it went or what happened to it.  Note that this is true of any mail sent by any system on the Internet.   Every mail server has configurable filters that determine how received mail will be handled.  The mail server administrator should be able to adjust those filters to ensure delivery of emails based on their business standards, or there may even be end-user-configurable controls that can accomplish the same thing.   If test mailings you are sending to yourself or your colleagues are being filtered to a quarantine or bulk mail folder, you should consider asking your email administrator to whitelist Marketo’s IP ranges.  They can be found here .   You can also improve your deliverability in general by setting up SPF and DKIM records , and branding your tracking links .
View full article
What is HSTS? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.  This prevents man-in-the-middle attacks by telling the browser it should never interact with their domain without first establishing a secure HTTPS connection.   What does this mean for Marketo assets? A domain can assert the HSTS policy for all of it's subdomains.  This means both the subdomains used for Marketo landing pages and the subdomains for Marketo tracking links must also be secured with SSL certificates.  If HSTS is asserted and the Marketo subdomains are not secured, people that visit landing pages or click on tracked links in emails will receive security errors and browsers will not load the pages.   This is resolved by purchasing both Secured Domains for Landing Pages and Secured Domains for Tracking Links.  There are very few exceptions where a domain utilizing HSTS will not need to secure both landing page domains and tracking link domains.   How do I know if my domain is using HSTS? Reach out to your IT and/or web development team to confirm whether or not your domain utilizes HSTS and if both Secured Domains and Tracking Links are necessary for your business.  If your website utilizes HSTS and has the "include subdomains" flag set to true, you will need to secure both your landing page domains and tracking link domains in almost all circumstances.   Google Chrome has a built in HSTS checker that you can use to verify your HSTS settings.   1.  Visit the root domain of your website with the Chrome browser.  For example, if your Marketo landing pages use visit.acme.com, navigate to acme.com.  This will load the domain's HSTS policy into Chrome.   2.  Navigate to chrome://net-internals/#hsts in Chrome.  This will load Chrome's HSTS checker.   3.  In the "Query HSTS/PKP domain" section, type in your domain you wish to check.  Click "Query".     4.  If the query returns "Found" with a list of configuration settings, you will need to check two settings: If either "status_upgrade_mode" or "dynamic_upgrade_mode" have the value "FORCE_HTTPS" or "STRICT", then the domain is enforcing HSTS and all connections are made over HTTPS. If either "static_pkb_include_subdomains" or "dynamic_pkp_include_subdomains" are equal to "true", then all subdomains are subject to the HSTS policy. If both of the above are true then both Secured Domains for Landing Pages and Tracking Links may be required.   If the query returns "Not Found", or is not using a "FORCE_HTTPS" or "STRICT" policy then the landing page and tracking link subdomains may not have strict HTTPS requirements.   Always verify with your IT and/or web development team as to what your domain's security policies and requirements are.  Failure to properly secure your landing page or tracking domains according to your domain's security policy may result in landing pages or tracking links not resolving in browsers.  A lack of a strict HSTS policy does not necessarily mean you do not need to secure your Marketo domains.       My domain asserts HSTS on my subdomains but I do not have HTTPS encryption with my Marketo subscription.  What do I do? Reach out to your Customer Success Manager to discuss purchasing Secured Domains for Landing Pages and Secured Domains for Tracking Links.  Configuration instructions can be found below: Overview & FAQ: Secured Domains for Landing Pages Overview & FAQ: Secured Domains for Tracking Links
View full article
For those in highly regulated industries, your company may additionally require that you securely encrypt the Marketo tracking links embedded in Marketo emails. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.   Overview & FAQ - Overview & FAQ: Secured Domains for Tracking Links   What's Changing Marketo has discontinued the Secured Page Services: SSL for Tracking Links service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Tracking Links product which provides all needed certificates and manages renewals automatically.   Action Required To secure your email tracking links, contact your Marketo Customer Success Manager to add the Secured Domains for Tracking Links product to your subscription.   Once you’ve purchased Secured Domains for Tracking Links for your instance:   OPEN A NEW SUPPORT CASE Marketo login required. Select Case Type - "Help me setup/create" Select Case Issue - "System Configuration" If you have multiple instances, please provide us with the Munchkin Code (Found in Admin > Munchkin) of the instance that is ready. Format ###-XXX-###.   Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time.   Do I need Secured Domains for Tracking Links? Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS. If you have implemented HSTS at your site on any domain that you are choosing for either your Landing Page CNAME or your branded email tracking links domain, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages.   How is the new Secured Domains for Tracking Links Better? With Marketo’s new Secured Domains for Tracking Links product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your links in emails!   Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Tracking Links certificate renewal process.   Will my tracking links automatically convert to HTTPS? You will not see tracking links in your Marketo emails changed to HTTPS (they will remain HTTP). However, when an end user clicks the link, if the browser had been instructed to load that domain via HTTPS, the request will be automatically changed to HTTPS and served securely via HTTPS before re-directing to the destination of the link.   Will my old links in emails continue to work? Links in emails will continue to function normally.
View full article
Note: This document applies to the Marketo Secured Domains for Tracking Links product only. For information on the Secured Page Services, SSL for Tracking Links service, please contact your Marketo Professional Services Consultant.   Every link you include in your Marketo emails will have tracking code automatically appended when sent. For those in highly regulated industries, your company may require that you securely encrypt the Marketo tracking links. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.   Setting Up Secured Domains for Tracking Links instructions - Setting Up Secured Domains for Tracking Links   Do I need Secured Domains for Tracking Links? Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS.   If you have implemented HSTS at your site on your subdomains, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages. Additional information on HSTS, including how to check if it's been implemented on your domain can be found here: SSL: The HSTS Policy and Your Marketo Subdomains   Other Helpful FAQs What is Marketo Secured Domains for Tracking Links? Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS. This is most common for those in highly regulated industries, such as financial and healthcare institutions. Please note, this does not convert tracking links in emails to HTTPS.   How many domains can I secure with the Secured Domains for Tracking Links? Each Secured Domains for Tracking Links covers up to 2 tracking links domains. Contact your Marketo Customer Success Manager for scoping/pricing/quote.   How is the Secured Domains for Tracking Links product different than the Secured Page Services, SSL for Tracking Links service? Unlike the older Secured Page Services, SSL for Tracking Links service, the newer Secured Domains for Tracking Links product generates and manages all certificates needed for secured tracking links. This eliminates the need for you to share certificates and private keys with Marketo, making it a more secure process. And, because Marketo automatically manages the certificate lifecycle, there is less risk of security lapse from certificate expiration, making it a more robust process for securing your tracking links.   What setup/configuration is required before securing my Marketo Tracking Links? You must configure your CNAMES for Email Tracking links. More information here: Brand Your Tracking Links   Can I secure my tracking links without securing my Marketo landing pages? In most cases, if you have implemented HSTS at your site, you will need both secured landing pages and secured tracking links.   Do I need to provide a TLS/SSL Certificate? Marketo’s new Secured Domains products manage all aspects of procuring, managing and renewing certificates for you. You do not provide the certificates with Marketo's Secured Domains products.   What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product? The certificates are authored by DigiCert.   What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.   Will my domains be on a shared SSL certificate with other companies? As part of our Secured Domains products, each of your fully qualified domain names will get its own certificate. That means you will not be on a shared certificate with other companies.   Can I provide my own SSL certificate(s) to secure my domains? We do not recommend providing your own certificates with the Secured Domains products. Marketo can automatically renew only the certificates we generate to secure your landing pages or landing pages + tracking links.
View full article
Securing your Marketo Landing Pages By default, Marketo serves landing pages by HTTP, and historically we’ve given our customers the choice of whether or not to secure their Marketo landing pages to HTTPS. With the recent changes to Chrome browser, there’s increasing interest in securing Marketo landing pages to avoid the “Not Secure” warning visitors will see when entering data on HTTP pages. Marketo’s Secured Domains for Landing Pages product secures any and all landing page domains defined in your instance so they will be served via HTTPS.  Contact your Marketo Customer Success Manager to purchase Secured Domains for Landing Pages for your subscription.   Note: This new product replaces our previous SSL for Landing Pages service. Marketo will begin selling Secured Domains for Landing Pages on December 1, 2017.   Identifying Landing Page Domains in Your Instance Marketo’s Secured Domains for Landing Pages product secures up to 4 domains (per unit purchased) to enable secured (HTTPS) landing pages for your instance.   New Subscriptions: If you’re a new Marketo customer with a new subscription, one of the steps in setting up your instance is to set your CNAMES, landing pages domain name, and any domain aliases. For more information see, Customizing Your Landing Pages URL with a CNAME and Adding Additional Landing Page CNAMEs. Once this is done, you’ll be ready to count the unique domains (as described below) and initiate the Secured Domains for Landing Pages process (if purchased or included in your instance).   Established Subscriptions: Have you had your Marketo subscription for a while and want to know how many landing page domains you’ve got setup in your instance? If you’re a Marketo Admin, you can see your landing pages domain name and domain aliases by clicking on Landing Pages in the Integration section of the Admin console:   On the Landing Pages tab, you’ll see your landing pages Domain Name. The first part of the URL (info.) is your CNAME and the second part (gladiatorapps.com) is the domain. Here’s an overview of the pieces that make up a full domain name:   Next, you’ll also need to check the Rules tab and look for Domain Aliases. In the example below, there are two domain aliases. One has the same domain as the landing pages domain (gladiator.com) and the other has a different domain (theappninjas.com). For the instance in the example above, it has been set up with two unique domains (gladiatorapps.com and theappninjas.com). It’s important to note that when it comes to securing your Marketo landing pages, the Secured Domains for Landing Pages process will secure all of the domains in your instance. It’s an all-or-nothing action, meaning you cannot chose which domains to secure for HTTPS and which to leave HTTP.  And don’t worry – we’ll count these up for you so we can scope your subscription correctly.   Adding Secured Domains for Landing Pages to Your Marketo Subscription Contact your Marketo Customer Success Manager to add Secured Domains for Landing Pages to your instance.   The Secured Domains for Landing Pages Process If Marketo Secured Domains for Landing Pages has been added or is a part of your subscription, the process to secure your pages includes steps that must be completed on Marketo’s side as well as steps that you’ll need to complete in your instance prior to us enabling HTTPS.   On our side, we’ll install the necessary security certificates to create secure server end point to serve your landing pages over HTTPS.   On your side, to ready your instance for the conversion to HTTPS, you’ll need to review, update and reapprove your landing pages: Unapprove and re-approve all landing pages. This can be done in bulk in the Landing Pages section of Design Studio by selecting a group of pages for unapprove and re-approve via the “Landing Page Actions” menu. If you have a developer, they can use Marketo’s API to unapproved/reapprove landing pages (see our Developer's site documentation here). Change all images, JavaScript files and other external links in landing pages to HTTPS. Pages with HTTP links may display an “Insecure Content on Secure Pages” error. You can read more about that here: What Exactly Is a Mixed Content Warning? Note: any images hosted in Marketo will be updated automatically unless you’ve explicitly referenced them as HTTP. If you use Marketo Forms 1.0 on a non-Marketo webpage, you will need to update the post URL to HTTPS (Forms 2.0 does not need to be updated). If you do a server-side post to a Marketo Form and use your CNAME as the Post URL, you also need to change that to HTTPS.  Please note that server-side form posts are not supported and you should make a Marketo form submission in the background instead. If you include a Marketo landing page on a secure website using an iframe, you will need update the HTML to load the secure version of the landing page, otherwise the end user will get a security warning. If you use a Marketo Form on a non-Marketo page, you will need to update the follow-up URL to HTTPS if you’ve explicitly referenced a HTTP page.   Once you’ve completed the steps above, it’s time to coordinate the cutover to HTTPS with Marketo.  You’ll need let Marketo Support know that you’re ready to initiate the cutover process. To help ensure a smooth transition, we’ll work with you to plan a time when you have few or no upcoming batch campaigns running, and also a time when your team is available, if needed, to make a few updates in your Marketo instance.   RECOMMENDATION: After the cutover, you may notice that images are not displayed in the Marketo email editor or preview mode. Rest assured your emails will send correctly and the images will render for recipients. To see the images in Marketo, you must adjust the image URLs from HTTP to HTTPS in the editor. Again, whether you take this step or not, the images will render properly for your email recipients. In the example below, you would adjust the HTTP to HTTPS.   That’s it! Once our team enables Secured Landing Pages for your instance, your landing pages will be served via HTTPS. Of course, it’s a good idea to do some validation of your pages after the cutover to be sure your pages are loading correctly, images are loading, and that you didn’t miss any hard-coded HTTP links. Moving your pages to HTTPS, you can rest assured that you’re providing critical security and data integrity for both your pages and your visitors’ personal information. Good job, you!   OTHER HELPFUL FAQs Do I need to provide a TLS/SSL Certificate? Marketo’s new Secured Domains for Landing Pages product available in December 2017, manages all aspects of procuring, managing and renewing a certificate and key for you. You do not have to provide a certificate. If you purchased a SSL for Landing Pages service prior to this date and provided a certificate, you will be updated to the new process at your next certificate renewal.   What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product? The certificates are authored by Digicert.   What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.   Will my domains be on a shared SSL certificate with other companies? As part of our Secured Domains for Landing Pages each of your domains will get its own certificate. That means you will not be on a shared certificate with other companies.   Will all the subdomains be covered? Up to 40 subdomains per unique top-level domain may be covered. As an example, with your company.com domains, the subdomains go.company.com, info.company.com, help.company.com etc. may be covered. Please keep in mind that company.com, company.com.uk, company.com.ca are separate top-level domains.   Can I choose which domains/subdomains to secure? Securing your domains is all-or-nothing, meaning the process automatically secures all domains/subdomains you've set up in your instance.   If I have a CAA record, can it affect my certificate issuance? Yes, CAA records must be configured to allow Digicert issuance, or your certificate will not be able to issue. Further information: https://www.digicert.com/dns-caa-rr-check.htm   Can I provide my own SSL certificate(s) to secure my domains? We do not recommend providing your own certificates.   We require an Extended Validation (EV) certificate. Can the Secured Domains for Landing Pages product accommodate this? Serving Extended Validation (EV) certificates requires you to procure the EV certificate/private key and provide this to Marketo. The standard Secured Domains for Landing Pages does not include EV certificates.   What Marketo configuration is required to complete the Landing Page SSL Setup? One or more CNAMEs for the Marketo Landing Pages must be configured in the Admin section of the application as described here: Setup Steps - Marketo Docs - Product Docs   How many domains can I secure? Each Secured Domains for Landing Pages product secures up to 4 domains. You’ll need to purchase multiple quantities to cover all the unique domains in your instance. Contact your Marketo Customer Success Manager for scoping/pricing.   If I am using Domain Aliases in my Marketo subscription, do I have to secure each of these? Securing your Marketo landing pages requires you to secure all domains used in your instance including your Domain Aliases.   How do I see the Landing Page domains in my instance? Marketo Admins can see your landing pages domain name and all domain aliases by clicking on Landing Pages in the Integration section of the Admin console. On the Landing Pages tab, you will see your full Landing Page Domain Name. On the Rules tab, you will find all Domain Aliases set up for your instance. For the Secured Domains for Landing Pages you will need to count the number of domains used in your instance. When counting domains, please provide the number of unique domains – only the orange part below:   Are Domain Aliases for different countries counted separately? When counting domains, you might have: info.mydomain.com, info.mydomain.au, info.mydomain.de. In this case mydomain.com, mydomain.au and mydomain.de are all counted as separate domains (in this example there are 3 unique domains that must be secured).   Will URLs to the existing non-secure (HTTP) Marketo Landing Pages continue to work? Your existing HTTP URLs will continue to work and will automatically be redirected to the secure (HTTPS) pages. There are only few situations where you may have to manually update the URL, specifically when you include a Marketo landing page on a secure website using an iframe. In this case, you will need to load the secure version of the landing page, otherwise the end user will get a security warning.   Does securing my Marketo landing pages also secure my corporate website? No. Marketo Secured Domains for Landing Pages only affects the landing pages served by Marketo. It does not affect any pages on your corporate (non-Marketo) website.   If I don’t use Marketo Landing Pages, do I need Secured Domains for Landing Pages? You may if you are embedding Marketo Forms on secured non-Marketo webpages. The default form code snippet that Marketo provides uses //app-aba.marketo.com which is a Marketo domain that can be served securely on a HTTPs parent page (the // indicates the request will use whatever protocol the parent uses). With this, your Marketo form will take on the security level of the page it’s embedded on regardless of whether you’re using our Secured Domains for Landing Pages product. However, if you prefer not to have any reference to “marketo” on your corporate website, you may choose to change this code snippet from //app-aba.marketo.com to //<MY_LP_CNAME> to serve the form. In this case, you would need the Secured Domains for Landing Pages product since the LP CNAME will need a security certificate associated with it to serve securely.   Will the Munchkin JavaScript API also be encrypted via SSL? Calls to the Munchkin JavaScript API automatically switch to SSL if the page on which the calls are made is SSL encrypted.   Can I add additional Domains to my instance and secure these too? Once you’ve secured your landing page domains with the Secured Domains for Landing Pages process, you will need to contact Marketo when adding additional domains/domain aliases. Please contact your Marketo Customer Success Manager. There may be an additional charge depending on the number of domains you are adding.   If I previously secured my Marketo Landing Pages with the SSL for Landing Pages Service, do I need to switch to Secured Domains for Landing Pages? We have discontinued the SSL for Landing Pages service and process, so you will need to switch. Your Customer Success Manager will work with you to add Secured Domains for Landing Pages at your next SSL certificate renewal or at your subscription renewal, whichever comes first.   Do I need to secure my tracking links as well? If your domain enforces a strict HSTS policy on all subdomains you will need to also purchase our Secured Domains for Tracking Links service.  Please contact your Marketo Customer Success Manager to purchase this add-on.  For my information on HSTS and Marketo subdomains, please see the following documentation SSL: The HSTS Policy and Your Marketo Subdomains
View full article
  What is the Email API? What is the Email API used for? What is Email 2.0? Does the Email API Work on Email 2.0 Assets? Will the Email API Break when Enabling Email Experience 2.0? How Are 1.0 Assets Upgraded to 2.0 Assets? What to Do When an Email Was Accidentally Converted to Email 2.0 format?     What is the Email API? API stands for Application Programming Interface and the Email API allows an automated process to create and edit emails in Marketo. There are also other API calls that involve emails, such as Approve Snippet (assuming the Snippet is used in an Email) and Clone Program (assuming the Program contains Emails). There are also API calls to create and update Email Templates. Essentially, the API can do many things that you can also do through the Marketo user interface, but then in an automated fashion.     What is the Email API used for? There are many scenarios: an external system could create Emails in Marketo using data that lives outside of Marketo. A translation service provider could clone a master Email, translate it to many languages, then save them back into Marketo as localized Emails. A reporting system could extract Emails from Marketo to use in reports that are generated outside of Marketo. An external system could Clone a Program that contains Emails, then populate the Program Tokens and schedule the Email to be sent out at a specific time. There could be an external email template creation system that creates new Email templates in Marketo through the API.     What is Email 2.0? “Email Experience 2.0” is the new Marketo product feature with the enhanced email editor, documented here: https://docs.marketo.com/display/public/DOCS/Email+Editor+v2.0+Overview. It can be switched on in Admin > Email > Edit Email Editor Settings. All Emails and Email Templates also have a version number, either 1.0 (the old version) or 2.0 (the new version). If we refer to “Email 2.0 asset” we mean an email or email template in the new upgraded 2.0 format.     Does the Email API Work on Email 2.0 Assets? Yes.     Will the Email API Break when Enabling Email Experience 2.0? No. Enabling Email 2.0 will not automatically upgrade Emails or Email Templates to the new 2.0 format. The Email API can still create new Emails and Email Templates in the 1.0 format.  However – after enabling Email 2.0 – any Email or Email Template that is created or edited and approved through the Marketo User Interface will automatically be upgraded to the 2.0 format.     How Are 1.0 Assets Upgraded to 2.0 Assets? If you edit an “Approved" or “Approved with Draft” 1.0 Email with Email 2.0 enabled, the draft is converted to the 2.0 format. You can still discard the draft to go back to the approved 1.0 format. Once you approve the email and it becomes 2.0, the Email cannot be converted back to 1.0. If you edit a “Draft” 1.0 Email (never been approved), this will automatically be converted to 2.0 with no option to revert back to the 1.0 format. The same applies to Email Templates.     What to Do When an Email Was Accidentally Converted to Email 2.0 format? If an Email or Email Template was accidentally converted to the 2.0 format, you’d have to copy the asset contents to a text editor, disable Email 2.0, then create a new 1.0 asset using the content that you copied.
View full article
No. You can only have one RTP Javascript tag per web page. Having more than one tag will not work and may cause issues.
View full article
  Yes. You can sync down new fields to Marketo as long as the sync user has access to these fields. You can sync down new fields by going to Admin > Microsoft Dynamics > Field Sync Details. Please note that we will only be syncing new values for these fields, we don’t do complete initial sync for this field. For options to do a complete initial sync for a particular field, please contact Support.
View full article
The fields and records that will sync from Salesforce are defined by the permissions of the Marketo sync user. Therefore, if you want to prevent specific records or fields from syncing with Marketo, change the permissions of the sync user so they do not have access to the records and fields you do want to sync. Alternatively, you can work with Marketo Support to set up a Custom Sync Filter that will prevent records from syncing based on the value in a specified field. Restricting Leads from Syncing to SFDC With Sync Filters 
View full article
Yes. You will need a dedicated Microsoft Dynamics user for the purpose of the integration. We call this user the Sync User.
View full article