I'm sure that the best way for me to solve the following problem is to use the Marketo API. Unfortunately, that's not possible. With that said, my sales team is using SalesLoft (integrated with SalesForce) for cold email outreach. I'd like to be able to track these leads via Marketo. I'm trying to figure out if the following process is good/bad/crazy/insecure:
- Hash lead email address in SalesForce with a unique key
- Send encrypted email address to be included as a query string on all links in emails being sent by SalesLoft
- blind submit a Marketo form with the email address to merge the anonymous with the known lead
Am I crazy? Thanks!
Actually, using the API would *not* be better. You'd be creating a DoS vulnerability because you're giving end users the ability to consume individual API calls. (This is always bad.)
The automatic background form post is fine and even scaleable. Even better, use the Munchkin associateLead function. See my recent post: http://blog.teknkl.com/generating-munchkin-associator-tokens-in-sfdc-apex-or-flowboost-js/
Also, the hashing part of your solution doesn't make sense really... if you actually mean encrypting with a key that is present in plain text on your destination pages, that's not secure! Just use reversible encoding like Base64.
Thanks for the response. I mostly wanted to encrypt the email address so that it wouldn't trip any spam filters by showing up in urls.
As for your blog post, will that be possible with the "Spark" edition of Marketo?
You might encode (not encrypt) the info to look more professional to the end user, but I wouldn't worry about spam filters. There's nothing more spammy about an email address vs. a key that represents the address.
As for Munchkin API w/Spark -- not sure. There aren't any other APIs available with Spark, but this may be an exception. Test and see!
I feel like this solution is unnecessarily complex. We have a similar issue, which I have not solved due to time and lack of real need.
1. Spark, I believe no longer exists, but never came with many tools, nor an API. This may have changed recently. Ask your account manager.
2. If you want to track SLFT emails because SFDC is in the way, I'd try a couple of things:
- figure out a way to leverage Munchkin code vs. Salesloft clicks.
But without the Munchkin API associateLead, Munch activities will be anonymous. Since these are either existing leads in Marketo or net new (but preidentified) leads it makes sense that you don't want their activities quarantined on the anonymous side.
I agree that if these activities can come through SFDC that would be another way around.