Knowledgebase

Sort by:
FAQs Included in this Article: Overview Your Marketo instance and your RTP instance end up interacting and transferring data in many different ways. Below are answers to some of the most frequently asked questions about RTP's integration with the Marketo instance. How clicks on RTP assets and campaigns are recorded in the activity log These activities are recorded as the 'Data Value Change’ Activity Type . The fields 'RTP Assets’ and  'RTP Campaigns’ are changing all the time to include all the assets and campaigns the lead clicked on. How often does RTP sync with Marketo Lead data gets synced every 5 minutes Data regarding programs and smart campaigns is synced every 15 minutes Is it possible to sync multiple MLM instances with one RTP account Currently, there is no way to do this. Each RTP account will be tied to one account in Marketo and vice versa. What custom field types are supported All field types are supported except for Formula fields. For more information on custom field types, visit Custom Field Type Glossary - Marketo Docs - Product Docs What is a unique visitor in RTP A unique visitor refers to an individual that has visited your web page, regardless of how often they visit. For example, w hen an individual goes to your web page on Tuesday, then again on Wednesday, this is recorded as two visits from one unique visitor. What is the time zone setting on the Marketo RTP server that is used to count impressions The server is set to record data in U.S. Central Time (CT), but the time stamps you will see in the UI are based on your local time zone. Very rarely, a visitor might show up twice if they visited on separate days according to CT but not your time zone.
View full article
Issue A Program or Smart Campaign was deleted and you would like to have it restored.   Solution Marketo Support cannot restore deleted programs or campaigns.   Landing pages and emails that are assets of a deleted program cannot be restored.  
View full article
Issue In Salesforce on the Account level for Marketo Sales Insight, it does not show all the activities of the associated contacts.   Solution Marketo Sales Insight only shows certain activities depending on how recently they occurred on the account level. Interesting moments: last 60 days Web Visit: last 3 days Score Change: last 30 days Email: Everything If you wanted to check activities past these dates you would need to go to the contact level and check the history there. The reason behind this is because at scale if there were 100s of contacts under one account and all contacts are active and creating activities it would be difficult to sift through the activities and may cause performance issues due to the sheer amount of data being displayed which is why this limitation is in place.   UPDATE: The above mentioned timelines have been updated to the following in the Insights Dashboard: Interesting moments: 90 days Web Visit: 90 days Score Change: 90 days Email: 90 days https://docs.marketo.com/display/public/DOCS/Insights+Dashboard+Feature+Overview
View full article
Issue Issue Description Changing your primary domain can be a bit of a daunting task if you don't know where to start, this guide will walk you through the steps you will need to take to use a new domain with your Marketo instance.   Solution Issue Resolution Create your new Landing Page CNAME and point that to your Marketo instance. If this new CNAME is going to be used as your primary domain, then the original Domain Name in Admin > Landing Pages will need to be changed to reflect your new domain.  The original domain should be added as a domain alias so any URLs referencing the original domain will continue to work. https://docs.marketo.com/pages/releaseview.action?pageId=2360189 http://docs.marketo.com/display/public/DOCS/Add+Additional+Landing+Page+CNAMEs   Adding a new primary branding domain (CNAME) for emails is also recommended when changing domains. This will allow tracked links in emails to reference the new domain going forward. You'll want to leave the original branding domain (CNAME) active and listed so that tracked links in any previously sent emails will continue to work. http://docs.marketo.com/display/public/DOCS/Add+an+Additional+Branding+Domain   If you plan on signing your emails with your new domain, setting up a new SPF/DKIM record is recommended to help keep your deliverability rates as high as possible. http://docs.marketo.com/display/public/DOCS/Set+up+SPF+and+DKIM+for+your+Email+Deliverability http://docs.marketo.com/display/public/DOCS/Set+up+a+Custom+DKIM+Signature
View full article
If you ever need to change your CNAME there are a few things you should consider. Old Links In order to ensure that old links sent out via email are not broken, you should: Remove the old CNAME Setup your new primary CNAME Add the old one back in as a domain alias. You can use Add Additional Landing Page CNAMEs for detailed instructions on adding a secondary CNAME. This will allow all old links to still be functional. Cookies Our recommendation is to change the sub-domain so that cookies can be shared. If you change the top level domain itself, the cookies cannot be shared and every lead would have to re-introduce itself to the new domain by either clicking on a link in an email or filling out a form. Same top level domain go.mycompany.com > info.mycompany.com Good! Cookies are shared. Different top level domains go.mycompany.com > go.mynewcompany.com Bad! Cookies are not shared.
View full article
Issue Description Changing your primary domain can be a bit of a daunting task if you don't know where to start, this guide will walk you through the steps you will need to take to use a new domain with your Marketo instance. Issue Resolution Create your new Landing Page CNAME and point that to your Marketo instance. If this new CNAME is going to be used as your primary domain, then the original Domain Name in Admin > Landing Pages will need to be changed to reflect your new domain.  The original domain should be added as a domain alias so any URLs referencing the original domain will continue to work.   https://docs.marketo.com/pages/releaseview.action?pageId=2360189   https://docs.marketo.com/display/public/DOCS/Add+Additional+Landing+Page+CNAMEs   Adding a new primary branding domain (CNAME) for emails is also recommended when changing domains. This will allow tracked links in emails to reference the new domain going forward. You'll want to leave the original branding domain (CNAME) active and listed so that tracked links in any previsouly sent emails will continue to work.   https://docs.marketo.com/display/public/DOCS/Add+an+Additional+Branding+Domain   If you plan on signing your emails with your new domain, setting up a new SPF/DKIM record is recommended to help keep your deliverability rates as high as possible.   https://docs.marketo.com/display/public/DOCS/Set+up+SPF+and+DKIM+for+your+Email+Deliverability   https://docs.marketo.com/display/public/DOCS/Set+up+a+Custom+DKIM+Signature
View full article
Summary When submitting a file for bulk import via the REST API, the uploads appears to stall with no response. Issue Occasionally Bulk Import API calls will "hang" or "stall" never returning a response. This may appear to be a blank or missing response when the API is actually still waiting for the end of the file to be transferred. Solution You can add the following header: 'Transfer-Encoding: chunked' to your API calls and it will fix this issue. Please note that adding this header on the client side will cause cURL to send data in chunks. For more information on chunked file transfer, see Wikipedia: Chunked Transfer Encoding Environment REST API Bulk Import
View full article
Summary Unable to update Person Source as expected for records created with the LinkedIn Lead Gen Forms and Facebook Lead Ads integrations. Issue New records created through LinkedIn Lead Gen forms as well as Facebook Lead Ads results in the records not updating the Person Source field as expected.  Solution Person Source may be set to block updates to the field as noted in the example for Block Updates to a Field - Marketo Docs - Product Documentation.  To resolve the issue ensure the field is not set to block updates for the desired update method.  Alternatively the Person Source values populated by the integrations can be kept and expected values can be updated to include these sources.  Root Cause The LinkedIn Lead Gen Forms and Facebook Lead Ads integrations automatically update the Person Source to preset values when a new record is created in Marketo through the integrations. Blocking field updates to the field may prevent the value from changing to pre-configured values as a value already exist for the integration created records.  Environment LinkedIn Lead Gen Forms Facebook Lead Ads
View full article
Full Details of all Marketo Support Offerings:   Support Levels Offered Service Level Response Targets   Global Contact   https://support.marketo.com :             Online Support Portal for Case management and Knowledgebase search support@marketo.com :                     Email to Case Submission supportescalations@marketo.com :   Contact Support management regarding Support services marketocares@marketo.com :            Questions regarding Support or Community access   Regional Contact Information Americas: Hours: M-F, 6am to 6pm Pacific Toll Free US: +1 877 270 6586 Direct: +1 650 376 2303   Languages Supported: English, Spanish Observed Holidays: New Year's Day Independence Day Thanksgiving Day and the Day After Christmas Day New Year's Eve Europe, Middle East, & Africa: Hours: M-F, 8am to 5pm GMT Europe: +353 (0)1 511 9556 UK: 0800 151 3030   Languages Supported: English, French, German, Portuguese Observed Holidays: New Year's Day Easter Monday Christmas Day St. Stephen's Day Australia Hours: M-F, 9am to 6pm AET ANZ: +61 2 8310 7646   Languages Supported: English Observed Holidays: New Year's Day                            ANZAC Day Christmas Day                             Good Friday Easter Monday                             Boxing Day Japan: Hours: M-F, 9am to 6pm JST JP: +81.03.4233.9014   Languages Supported: Japanese Observed Holidays: New Year's Holiday                      Marine Day Coming of Age Day                      Respect for Senior Citizens Day National Founding Day                National Holiday Spring Equinox Day                     Autumnal Equinox Day Day of Showa                              Sports Day Constitution Memorial Day          Culture Day Green Day                                   Labor Thanksgiving Day Children's Day                             Emperor's Birthday Substitute Public Holiday             Year End After-hours Support for Production Down Issues: Online: Enter a Support Portal Case with Priority=P1 Phone: Call Support Line and follow the P1 prompts   Initial Response SLT We ask that you use the following priority definitions when setting your case priority: Priority Description P1 Mission Critical: Core Business function down or potential loss of mission critical data P2 Urgent: Major feature or workflow is not functioning, mission critical workflow and majority of user community is not blocked P3 Important: Normal usability or task completion is impacted but functional or workaround is available P4 Minor: Minor issue requiring a correction, normal workflow is not impacted
View full article
Marketo offers a number of ways to contact Marketo Support directly for assistance from our different support regions.   Support Portal (https://support.marketo.com)   The Marketo Support Portal features a web form submission to submit support cases to Marketo Support.  The form gives authorized support contacts the ability to provide details on the support issue that allows Marketo Support to efficiently and effectively assign your case to the best suited available support engineer.   Email to Case Submission Authorized Support Contacts can email their cases to: support@marketo.com Reminder: Cases submitted by email are all submitted with a P3 Priority   Regional Phone Contact Information Marketo does feature the tried and true means of contact support, by the phone.  Authorized Support contacts with any support entitlement of Business level or higher can contact Marketo Support by calling one of the regional phone numbers listed below.   Region Contact Details Observed Holidays North America Hours: M-F, 6am to 6pm Pacific Toll Free US: +1 877 270 6586 Direct: +1 650 376 2303 Languages Supported: English, Spanish New Year's Eve and Day Independence Day Thanksgiving Day and the Day After Christmas Eve and Day Europe, Middle East, Africa Hours: M-F, 8am to 5pm GMT Europe: +353 (0)1 511 9556 UK: 0800 151 3030   Languages Supported: English, French, German, Portuguese New Year's Eve and Day Easter Monday Christmas Eve and Day St. Stephen's Day Asia Pacific Hours: M-F, 9am to 6pm AET ANZ: +61 2 8310 7646 Language Supported: English New Year's Day Good Friday Easter (following Monday) ANZAC Day Christmas Day Boxing Day Japan Hours: M-F, 9am to 6pm JST JPN: +81 3 6478 6080 Language Supported: Japanese New Year's Day Coming of Age Day National Foundation Day Emperor's Birthday Spring Equinox Showa Day Constitution Memorial Day Greenery Day Children's Day Marine Day Health and Sports Day Respect for the Aged day Fall Equinox Labor Thanksgiving Day
View full article
Issue Issue Description When I go to the Support area of Nation, my access to the Portal is incorrect.       Solution Issue Resolution Our system is particular about how you need to access the Support Portal before we can authorize you to use it.   The proper steps to take for us to authorize, and for you to submit cases, are as follows:   Log into your instance Click the Community tile (step 1 image) Click Support in the top banner (step 2 image) Click Submit a Case option (step 3 image) Choose from top options depending on what you need to do (step 4 image) Create a case, Manage authorized contacts, edit your Info   Simply going straight to the nation.marketo.com will not have the desired result. You must access the Support Portal from your instance by using these steps so that our system recognizes you properly. If this is your first time following these steps, your view of Step 3 will be different- not to worry, as that will be updated for you manually. Step 1 Step 2   Step 3 Step 4   If you experience issues, please email marketocares@marketo.com  
View full article
Issue: When updating program or campaign names, those name changes are not updated in other smart lists or flow steps that reference those assets. This is expected behavior for any smart list filter or flow step that uses a string search method to match campaign or program name. This would be all custom fields or any default field that utilizes a string search for matching program/campaign name.  
View full article
As referenced, please find all of the necessary links below. They are listed in order as mentioned in the Welcome video. Marketo Support Portal:  https://nation.marketo.com/t5/Product-Blogs/How-to-Use-the-Support-Portal/ba-p/297884 Adobe Help Center: https://helpx.adobe.com/support.html Adobe Community: https://community.adobe.com/ Marketo Engage Support: https://nation.marketo.com/t5/Support/ct-p/Support Marketo Community (you're in it!): https://nation.marketo.com/ Magento Help Center: https://support.magento.com/ Adobe Status Page: https://status.adobe.com/ Adobe Digital Learning: https://learning.adobe.com/ Adobe How-Tos: https://experienceleague.adobe.com/#quick-how-tos Adobe Developer Docs: https://www.adobe.io/ Marketo University: https://nation.marketo.com/t5/Marketo-University/ct-p/marketo-university Marketo Product Docs: https://docs.marketo.com/ Marketo Developer Docs: https://developers.marketo.com/
View full article
Summary Result for Smart List using Web Page constraint is greater than the result for the total of conversion on Landing Page Performance Report.  Issue Result for Smart List using Web Page constraint is greater than the result for the total of conversion on Landing Page Performance Report.  Solution Ensure to append version number to the Landing Page when renaming and ensure each Landing Page has a unique name. Root Cause •             Smart List looks at the information written to the lead’s activity log. •             The Web Page constraint looks at the label and not the ID of the Landing Page. If the Landing Page was renamed, it will show a different result depending what is written to the lead’s activity log. >> Example 1: Lead A filled out the Form when the Landing Page was called LP1. Lead B filled out the Form when the Landing Page was called LP2. Smart List: Filter 1: Filled out Form Form is XXX Web Page is LP2 Result: In this scenario, the result will only display Lead B. >> Example 2: Lead A filled out the Form when the Landing Page was called LPX (ID111) Lead B filled out the Form when the Landing Page was called LPX (ID112) Smart List: Filter 1: Filled out Form Form is XXX Web Page is LPX Result: In this scenario, the result will display Lead A and Lead B. •             Landing Page Performance Report look at data specific to the asset ID. •             Landing Page Performance Report only look at active Landing Pages, therefore data for the deleted Landing Page(s) will not be included. •             If the Landing Page is renamed, it will be reflected on the Landing Page Performance Report (i.e. the Landing Page Performance Report will display the new name going forward).   Environment > Landing Page Performance Report conversion  > Smart List constraint Web Page
View full article
  Ready to secure your Marketo landing pages? Whether you’re securing your pages for the first time or adding additional CNAMEs to your already secured instance, you’re in the right place!   NOTES: As of late 2019, ALL subscriptions now include a base Secured Domains offering - this covers your first landing page domain and first tracking link domain. Additional domains may be purchased a la carte. Secured Domains includes the necessary SSL certificates; therefore, Marketo no longer accepts customer-provided certificates, unless they are EV type. These certificates auto-renew annually, eliminating the risk of expiration and hassle of having to renew them yourself. Please contact your Marketo Customer Success Manager for more information or to purchase additional domains.   To get started, please choose one of the options below:   Setting Up Secured Domains for Marketo Landing Pages - FIRST TIME SETUP Setting Up Secured Domains for Marketo Landing Pages - ADDING NEW SUBDOMAIN Legacy SSL vs. Secured Domains Overview    
View full article
Overview   A blocklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam.  Internet Service Providers (ISPs) and business email networks use information from blocklists to filter out unwanted email.  As a result there can be a drop in inbox delivery rates or overall delivery rates if the IPs or domains involved with sending email are listed on a blocklist. Marketo’s Email Delivery and Compliance team monitors blocklist activity on our IPs and domains daily. When we are alerted to a listing we reach out to the blocklist, attempt to identify the sender that triggered it, and work with the blocklist organization to get the listing resolved. There are thousands of blocklists out there most will not have a significant impact on your delivery rates. Below we have compiled a list of the blpcklists that our customers most commonly encounter. Tier 1 Blocklist Spamhaus​ Impact: Spamhaus is the only blocklist that we categorize as a tier 1 for a reason: it has by far the greatest impact on delivery of all of the blocklists. It is the most well-respected and widely used blocklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%.  Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blocklists, Spamhaus lists senders manually. This means that they are proactively watching sender activity, collecting data, and basing the listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next steps: Our team monitors closely for Spamhaus listings. When we see a listing we immediately alert the customer and contact Spamhaus to start the remediation process. Listings last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem.   Tier 2 Blocklists SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions but it makes it to the Tier 2 list because it can have a significant impact on B2B email campaigns. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Next steps: SpamCop is a dynamic blocklist, listings typically resolve themselves within one business day.  There is no action you will need to take to action the delisting with SpamCop, the Privacy Team researches every SpamCop listing and will request delistings when an alert is received that an IP is listed. If your email activity triggered a SpamCop listing it likely means that you have a list management problem that should be addressed. Manitu Impact: Manitu is a German blocklist and has a wide footprint in Europe.  Email senders with European audiences tend to encounter this blocklist most frequently. Manitu is not used by North American ISPs to inform blocklist decisions but if you’re sending to Europe a listing could be problematic. How it works: Listings are automatically activated when a sender mails to a Manitu owned spam trap address. Next steps: The Privacy Team researches and requests delisting when an alert is received that a Marketo IP is listed.  By working with this blocklist the Privacy Team is usually able to identify the customer and let them know that email activity from their subscription triggered a listing. Because Manitu operates solely on the use of spam trap addresses, getting listed by Manitu is a clear indication that senders need to audit their mailing lists.   Tier 3 Blocklists      SORBS   Impact: The impact of a listing at SORBS is very minimal. How it works: SORBS uses several methods to identify potential spammers. Most of their lists use spam traps to identify problematic senders. But SORBS will also list a sender based on their own user complaints, if SORBS administrators have received spam from the sender, or if they identify other high-level sending behavior patterns characteristic of spammers. Next steps: The Privacy Team monitors SORBS activity and makes delisting requests for Marketo IPs as necessary. Oftentimes, SORBS will refuse to delist within a certain timeframe based on the severity of the issue.  Sometimes this can be up to several weeks.   UCEPROTECT Impact: The impact of a listing at UCEPROTECT is very minimal, though the blocklist has a greater footprint in Europe. The organization does not have a good reputation in the industry because they charge senders to request delisting. How it works: UCEPROTECT lists IPs that send mail to their spam trap addresses. Next steps: We ignore these listings because the only way to have them removed is to pay. The pay-to-delist model is not well respected in the email industry so UCEPROTECT has a very limited reach.   ISP Blocklists   Some ISPs have their own blocklists that they use to inform blocking decisions. A few examples are Comcast and Verizon. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for this type of ISP specific blocklisting and the the Privacy Team works to resolve these as soon as possible. Usually blocks at Comcast and Verizon are resolved within less than 24 hours of a delisting request.   Additional Resources: Blocklist Deep Dive​ Abuse Report Deep Dive​ What is a spamtrap, or spam trap, and why does it matter? Blocklist remediation Blocklist resolution flowchart Successful lead reconfirmation What is a blocklist?
View full article
  What is HSTS? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.  This prevents man-in-the-middle attacks by telling the browser it should never interact with their domain without first establishing a secure HTTPS connection.   What does this mean for Marketo assets? A domain can assert the HSTS policy for all of it's subdomains.  This means both the subdomains used for Marketo landing pages and the subdomains for Marketo tracking links must also be secured with SSL certificates.  If HSTS is asserted and the Marketo subdomains are not secured, people that visit landing pages or click on tracked links in emails will receive security errors and browsers will not load the pages.   This is resolved with Marketo's Secured Domains solution. Your first tracking link is included as part of the base Secured Domains offering, but if you have multiple tracking link domains, you'll need to purchase additional coverage a la carte. Contact your CSM to add additional domains to your contract, or reach out to Support to help connect your two. There are very few exceptions where a domain utilizing HSTS will NOT need to secure both landing page domains and tracking link domains.   How do I know if my domain is using HSTS? Reach out to your IT and/or web development team to confirm whether or not your domain utilizes HSTS and if both Secured Domains and Tracking Links are necessary for your business.  If your website utilizes HSTS and has the "include subdomains" flag set to true, you will need to secure both your landing page domains and tracking link domains in almost all circumstances.   Google Chrome has a built in HSTS checker that you can use to verify your HSTS settings.   1.  Visit the root domain of your website with the Chrome browser.  For example, if your Marketo landing pages use visit.acme.com, navigate to acme.com.  This will load the domain's HSTS policy into Chrome.   2.  Navigate to chrome://net-internals/#hsts in Chrome.  This will load Chrome's HSTS checker.   3.  In the "Query HSTS/PKP domain" section, type in your domain you wish to check.  Click "Query".     4.  If the query returns "Found" with a list of configuration settings, you will need to check two settings: If either "status_upgrade_mode" or "dynamic_upgrade_mode" have the value "FORCE_HTTPS" or "STRICT", then the domain is enforcing HSTS and all connections are made over HTTPS. If either "static_pkb_include_subdomains" or "dynamic_pkp_include_subdomains" are equal to "true", then all subdomains are subject to the HSTS policy. If both of the above are true then both Secured Domains for Landing Pages and Tracking Links may be required.   If the query returns "Not Found", or is not using a "FORCE_HTTPS" or "STRICT" policy then the landing page and tracking link subdomains may not have strict HTTPS requirements.   Always verify with your IT and/or web development team as to what your domain's security policies and requirements are.  Failure to properly secure your landing page or tracking domains according to your domain's security policy may result in landing pages or tracking links not resolving in browsers.  A lack of a strict HSTS policy does not necessarily mean you do not need to secure your Marketo domains.   My domain asserts HSTS on my subdomains but I do not have HTTPS encryption with my Marketo subscription.  What do I do? If you have yet to secure your first tracking link domain in your instance, simply open a Support case and we'll handle the rest, since the first tracking link domain is covered with the base Secured Domains offering on all subscriptions. If you are looking to secure multiple tracking link domains (or landing page domains), you'll need to contact your CSM to purchase additional domains a la carte.  Configuration instructions can be found below: Brand Your Tracking Links | Marketing Nation Community   Additional Secured Domains content: Legacy SSL to Secured Domains Explained Overview & FAQ: Secured Domains for Landing Pages Overview & FAQ: Secured Domains for Tracking Links  
View full article
  Note: This document applies to the Marketo Secured Domains for Tracking Links product only.   Every link you include in your Marketo emails will have tracking code automatically appended when sent. For those in highly regulated industries, your company may require that you securely encrypt the Marketo tracking links. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails.   Setting Up Secured Domains for Tracking Links instructions - Setting Up Secured Domains for Tracking Links   Do I need to secure my Tracking Links? If your company (likely IT) has implemented HSTS, you WILL need to secure your tracking links for your recipients' email->web page redirect to function correctly. Additional information on HSTS, including how to check if it's been implemented on your domain can be found here: SSL: The HSTS Policy and Your Marketo Subdomains.   HSTS is a web server directive companies may choose to enforce which forces all subsequent requests for resources on that domain to be loaded through HTTPS.  This is most common for those in highly regulated industries, such as financial and healthcare institutions. Please note, enforcing HSTS does not also convert Marketo tracking links in emails to HTTPS - that must be done via Marketo Support.   Other Helpful FAQs What is Marketo Secured Domains for Tracking Links? This secures the tracking link domains (which is what makes the URLs appear as HTTPS instead of HTTP) by providing the SSL certificate for each unique domain. Please note tracking links are NOT the same as your SPF/DKIM domain, which is the domain from which your emails are sent., whereas this is the domain located within your emails that tracks click-throughs.   How many domains can I secure with the Secured Domains for Tracking Links? Technically, there is no limit to the number of tracking link domains a customer may have. The base Secured Domains offering included on all subscriptions covers the cost to secure your first tracking link domain; however, if you need more, you may simply add additional domains to your contract a la carte, so you only pay for what you need (in contrast to the previous bundled offering). Contact your Marketo Customer Success Manager for more information.   How is the Secured Domains for Tracking Links product different than the Secured Page Services, SSL for Tracking Links service? Unlike the legacy SSL-only service, Secured Domains not only generates and auto-renews all certificates needed for securing your domains, but provides an exponential layer to what 'secured' entails - it's not just an SSL certificate anymore. For a full explanation of Marketo's Secured Domains offering, and how it differs from just the SSL certificate, please see this Nation Post or check out this Marketo Blog Post about cyber-security and marketing.   What setup/configuration is required before securing my Marketo Tracking Links? You must configure (brand) your CNAMES for Email Tracking links. More information here: Brand Your Tracking Links   Can I secure my tracking links without securing my Marketo landing pages? Technically? Sure. But while secured tracking links have yet to be enforced by email clients, secured landing pages have been enforced by browsers since 2018, which is why we include both in our base bundle. The general public is far more likely to not stick around or enter personal data on an unsecured landing page than they are to not click an unsecured tracking link.   Do I need to provide a TLS/SSL Certificate? No. Secured Domains moves 100% of the SSL ownership to Marketo - all aspects of procuring, managing and renewing certificates is done automatically without human interaction. In fact, we only allow customer-provided certificates on an exception-only basis, OR if you require an Extended Validation (EV) type certificate.   What Certificate Authority issues the certificate(s) for the Marketo’s Secured Domains for Landing Pages product? The certificates are authored by DigiCert.   What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.   Will my domains be on a shared SSL certificate with other companies? As part of our Secured Domains products, each of your fully qualified domain names will get its own certificate. That means you will not be on a shared certificate with other companies.   Can I provide my own SSL certificate(s) to secure my domains? Not unless it's an Extended Validation (EV) type certificate. Marketo can only automatically renew the certificates we generate to secure your domains.  
View full article
  Securing your Marketo Landing Pages By default, Marketo serves domains as HTTP, and historically we’ve given our customers the choice of whether or not to secure their Marketo domains (HTTPS); however, in 2018, browsers enforced new security measures to better protect their users - one of which was to flag all non-secure (HTTP) web pages with a visible "Not Secure" warning (the unlocked pad lock icon in the address bar). This effectively shifted the choice of using secured (HTTPS) domains from a best practice to a requirement. Marketo's Secured Domains solution secures any and all domains defined in your instance so they will be served via HTTPS.  For a full explanation of the benefits Secured Domains provides, in contrast with a basic SSL certificate, please see this Nation Post.   NOTE: As of late 2019, Marketo changed it's pricing/packaging to now automatically include a base Secured Domains package with ALL subscriptions. This base offering secures the first landing page domain and first tracking link domain to provide all of our customers with the basic necessities of digital marketing. Should you use more than these two domains, they may be purchased a la carte, so customers only pay for what they need. Contact your Marketo Customer Success Manager to purchase additional Secured Domains or discuss further.   Identifying Landing Page Domains in Your Instance Please note the below only covers securing your Landing Page domains. For steps on how to secure your Tracking Link domains, please visit this Nation Post.   New Subscriptions: If you’re a new Marketo customer with a new subscription, one of the steps in setting up your instance is to set your CNAMES, landing pages domain name, and any domain aliases. For more information see, Customizing Your Landing Pages URL with a CNAME and Adding Additional Landing Page CNAMEs. Once this is done, you’ll be ready to count the unique domains (as described below) and initiate the Secured Domains provisioning process through Support.   Established Subscriptions: Have you had your Marketo subscription for a while and want to know how many landing page domains you’ve got setup in your instance? If you’re a Marketo Admin, you can see your landing pages domain name and domain aliases by clicking on Landing Pages in the Integration section of the Admin console:   On the Landing Pages tab, you’ll see your landing pages Domain Name. The first part of the URL (info.) is your CNAME and the second part (gladiatorapps.com) is the domain. Here’s an overview of the pieces that make up a full domain name:   Next, you’ll also need to check the Rules tab and look for Domain Aliases. In the example below, there are two domain aliases. One has the same domain as the landing pages domain (gladiator.com) and the other has a different domain (theappninjas.com). For the instance in the example above, it has been set up with two unique domains (gladiatorapps.com and theappninjas.com). It’s important to note that when it comes to securing your Marketo landing pages, the Secured Domains for Landing Pages process will secure all of the domains in your instance. It’s an all-or-nothing action, meaning you cannot chose which domains to secure for HTTPS and which to leave HTTP.  And don’t worry – we’ll count these up for you so we can scope your subscription correctly.   The Secured Domains Provisioning Process The process to secure your landing page domains includes steps that must be completed on Marketo’s side as well as steps that you’ll need to complete in your instance prior to us enabling HTTPS.   First, you'll need to configure your domains, choose a CNAME, and point it to your unique Marketo domain (i.e. prefix.mktoweb.com). These first-time-setup instructions can be found here.   Then, you'll need to contact Marketo Support to complete the process. NOTE: Domains are NOT automatically secured once they're configured in your instance - you MUST contact Support for any domain changes!   On our side, we’ll first provision your prefix.mktoweb.com domain on Cloudflare servers, then complete the secure handshake validation between DigiCert and Cloudflare to provision the necessary SSL certificates to serve your landing pages over HTTPS.   On your side, to ready your instance for the conversion to HTTPS, you’ll need to review, update and re-approve your landing pages: Change all images, JavaScript files and other external links in landing pages to HTTPS. Pages with HTTP links may display an “Insecure Content on Secure Pages” error. You can read more about that here: What Exactly Is a Mixed Content Warning? Note: any images hosted in Marketo will be updated automatically unless you’ve explicitly referenced them as HTTP. If you use Marketo Forms 1.0 on a non-Marketo webpage, you will need to update the post URL to HTTPS (Forms 2.0 does not need to be updated). If you do a server-side post to a Marketo Form and use your CNAME as the Post URL, you also need to change that to HTTPS.  Please note that server-side form posts are not supported and you should make a Marketo form submission in the background instead. If you include a Marketo landing page on a secure website using an iframe, you will need update the HTML to load the secure version of the landing page, otherwise the end user will get a security warning. If you use a Marketo Form on a non-Marketo page, you will need to update the follow-up URL to HTTPS if you’ve explicitly referenced a HTTP page.   Once you’ve completed the steps above, it’s time to coordinate the cut-over to HTTPS with Marketo. You’ll need let Marketo Support know that you’re ready to initiate the cut-over process. NOTE: To help ensure a smooth transition, please confirm with your IT team that they have NOT placed a CAA against DigiCert on your top-level domain (this grants permission to only specific vendors to issue SSL certificates to your domain). We’ll work with you to plan a time when you have few or no upcoming batch campaigns running, and also a time when your team is available, if needed, to make a few updates in your Marketo instance.   RECOMMENDATION: After the cut-over, you may notice that images are not displayed in the Marketo email editor or preview mode. Rest assured your emails will send correctly and the images will render for recipients. To see the images in Marketo, you must adjust the image URLs from HTTP to HTTPS in the editor. Again, whether you take this step or not, the images will render properly for your email recipients. In the example below, you would adjust the HTTP to HTTPS.   That’s it! Once our team enables Secured Landing Pages for your instance, your landing pages will be served via HTTPS. Of course, it’s a good idea to do some validation of your pages after the cut-over to be sure your pages are loading correctly, images are loading, and that you didn’t miss any hard-coded HTTP links. Moving your pages to HTTPS, you can rest assured that you’re providing critical security and data integrity for both your pages and your visitors’ personal information. Good job, you!   OTHER HELPFUL FAQs Do I need to provide a TLS/SSL Certificate? No, in fact, to avoid the unnecessary hassle, risk and fire drills caused by expired certificates, Marketo now only accepts customer-provided certificates on an exception-only basis. The certificates included with Secured Domains auto-renew annually without any human interaction on either side.   What Certificate Authority (CA) issues the certificates for the Marketo’s Secured Domains? The certificates are authored by DigiCert.   What type of certificate is provided? We produce a pack of two certificates; The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.   Will my domains be on a shared SSL certificate with other companies? Absolutely NOT! That's like sharing the same car lock with other people - avoid dealing with vendors who offer this service. Each of your domains will get its own certificate, meaning you will not be on a shared certificate with other companies.   Will all the subdomains be covered? Marketo defines a subdomain interchangeably with CNAME for billing purposes. As an example, with your company.com domains, the subdomains go.company.com, info.company.com, help.company.com etc. would could as 3 unique subdomains. Please keep in mind that company.com, company.com.uk, company.com.ca are separate top-level domains.   Can I choose which domains/subdomains to secure? Securing your domains is all-or-nothing, meaning the process automatically secures all domains/subdomains you've set up in your instance. If you do not use or need old domains lingering in your instance, be sure to delete them so you're not charged.   If I have a CAA record, can it affect my certificate issuance? Yes, CAA records MUST be configured to allow DigiCert issuance, or else we will be restricted from issuing one. Please check with your IT team to ensure this is not a blocker. Further information: https://www.digicert.com/dns-caa-rr-check.htm   Can I provide my own SSL certificate to secure my domains? Not unless they are the Extended Validation (EV) certificate type. If not, but your IT team has instructed you they must manage them, please reach out to your CSM with the business use case and any details to request an exception. Please note this only causes additional risk, hassle, time, and effort on all parties.   We require an Extended Validation (EV) certificate. Can the Secured Domains for Landing Pages product accommodate this? Since the certificate provided with Secured Domains is not an Extended Validation (EV) type, Marketo absolutely allows customers who require this (typically healthcare, finance, government) to procure the EV certificate/private key and provide this to Marketo Support; however, please note you will then be 100% liable for managing/renewing/sending Marketo the new certificate with ample time to install it to avoid expiration. Expired certificates will not be categorized as a P1.   What Marketo configuration is required to complete the Secured Domains setup? One or more CNAMEs for the Marketo Landing Pages must be configured in the Admin section of the application as described here: Setup Steps - Marketo Docs - Product Docs   How many domains can I secure? Technically, as many as you like. However, please note there is an additional cost associated with secured multiple domains beyond the first two covered by the base offering.   If I am using Domain Aliases in my Marketo subscription, do I have to secure each of these? Securing your Marketo landing pages requires you to secure all domains used in your instance including your Domain Aliases.   How do I see the Landing Page domains in my instance? Marketo Admins can see your landing pages domain name and all domain aliases by clicking on Landing Pages in the Integration section of the Admin console. On the Landing Pages tab, you will see your full Landing Page Domain Name. On the Rules tab, you will find all Domain Aliases set up for your instance. For the Secured Domains for Landing Pages you will need to count the number of domains used in your instance. When counting domains, please provide the number of unique domains – only the orange part below:   Are Domain Aliases for different countries counted separately? When counting domains, you might have the same CNAME but unique top-level domains: info.mydomain.com, info.mydomain.au, info.mydomain.de. Even though the CNAME is the same, the top-level domains (mydomain.com, mydomain.au and mydomain.de) are unique and thus counted as such (3 total domains). Vice-versa, unique CNAMEs (info., go., pages.) with the same top-level domain (mycompany.com) are considered unique as well.    Will URLs to the existing non-secure (HTTP) Marketo Landing Pages continue to work? Your existing HTTP URLs will continue to work and will automatically be redirected to the secure (HTTPS) pages. There are only few situations where you may have to manually update the URL, specifically when you include a Marketo landing page on a secure website using an iframe. In this case, you will need to load the secure version of the landing page, otherwise the end user will get a security warning.   Does securing my Marketo landing pages also secure my corporate website? No. Marketo Secured Domains only affects the landing pages served by Marketo, because the underlying domain is technically a Marketo domain (i.e. your CNAME 'points' to prefix.mktoweb.com). It does not affect any pages on your corporate (non-Marketo) website.   If I don’t use Marketo Landing Pages, do I need Secured Domains for Landing Pages? Most likely, as there are many aspects of Marketo that rely on your domains being secured, such as assets and images. Further, if you are embedding Marketo Forms on secured non-Marketo webpages, the default form code snippet that Marketo provides uses //app-aba.marketo.com which is a Marketo domain that can be served securely on a HTTPs parent page (the // indicates the request will use whatever protocol the parent uses). With this, your Marketo form will take on the security level of the page it’s embedded on regardless of whether you’re using our Secured Domains for Landing Pages product. However, if you prefer not to have any reference to “marketo” on your corporate website, you may choose to change this code snippet from //app-aba.marketo.com to //<MY_LP_CNAME> to serve the form. In this case, you would need the Secured Domains for Landing Pages product since the LP CNAME will need a security certificate associated with it to serve securely.   Will the Munchkin JavaScript API also be encrypted via SSL? Calls to the Munchkin JavaScript API automatically switch to SSL if the page on which the calls are made is SSL encrypted.   Can I add additional Domains to my instance and secure these too? Once you’ve secured your landing page domains with the Secured Domains for Landing Pages process, you will need to contact Marketo when adding additional domains/domain aliases. Please contact your Marketo Customer Success Manager. There is an additional a la carte charge depending on the number of domains you are adding.   If I previously secured my Marketo Landing Pages with the SSL for Landing Pages Service, do I need to switch to Secured Domains for Landing Pages? We have discontinued the SSL for Landing Pages service and process, so you will need to switch. Your Customer Success Manager will work with you to understand the switch to Secured Domains at either your next SSL certificate renewal or subscription renewal, whichever comes first. NOTE: to avoid the unnecessary cost of renewing your 3rd party certificate, please inform your IT team of this change, and reach out to us at least a week in advance of your certificate's expiration. Not sure when it expires? Just plug in your full domain (CNAME.domain.com) on SSL Shopper.   Do I need to secure my tracking links as well? If your company enforces HSTS (a web directive that denies any redirects from HTTP links), you WILL need to also secure your Tracking Links for your recipients' email->landing page functions correctly. For more information on HSTS and Marketo subdomains, please see the following documentation SSL: The HSTS Policy and Your Marketo Subdomains If not, Marketo still recommends using secured links as a best practice, as it can help with deliverability and avoid spam traps; plus, it looks far more professional to have secured links, and can foster brand confidence when your recipients know their email->web page redirect is fully secure.
View full article
  If you have submitted a support case and you feel that the case was improperly handled or that the solution being offered does not meet the communicated Marketo support expectations, then we would welcome the opportunity to look deeper at your specific support engagement and work with you on delivering a better resolution. Caution: If the item you're looking to escalate is related to a Production Down incident, please call the support line for your region to receive immediate assistance. Support Manager escalations are only handled during normal business hours. The phone numbers for each region are listed below, follow the prompts for P1: Americas: +1.877.270.6586, Direct: +1.650.376.2303 Europe, Middle East, & Africa: +353 (0)1 242 3030,  UK: 0800 151 3030 Asia Pacific: +61 2 8310 7646  Japan: +81.03.4233.9014 How to Escalate: Option 1: Step 1. Navigate to the "Case Management" area of the support portal either by mousing over the Support tab and selecting "Case Management" or clicking the Support tab and click on the “My Case Management” button. NOTE: You will need an open or recently closed case in order to escalate to support leadership. Step 2. From here you will need to click on either an open or a recently closed* case: *Support Cases that have been closed for longer than 10 days are no longer eligible to be re-opened and we ask that you open a new support ticket for your current issue prior to escalating to a Support Manager. We ask that you have an open support ticket for a Support Manager to be able to address specific issues. Step 3. After selecting a case, click on the Escalate to Manager button: Step 4. A pop up will display and you will need to the purpose for the escalation and click on the “Escalate” button. Once your support escalation case has been submitted a Marketo Support Manager will contact you within 1 business day of your support region's support hours to address the issue. Option 2: You can email supportescalations@marketo.com to escalate your issues to our support management team.  NOTE: Be sure to include your currently open Support Case number and the details of your escalation. This will help to ensure that a Support Manager can quickly identify the case tied to your escalation and follow up with you. Before you send an email to supportescalations@marketo.com you must have a current active support case closed support case that has been closed or is pending.  Support Escalations are focused on the handling of current or recent cases.  Brand new technical support issues that are sent to Support Escalations will be re-routed to our general case flow.    
View full article