SOLVED

Subdomains and Branded Tracking Links/SPF & DKIM

Go to solution
Highlighted

Subdomains and Branded Tracking Links/SPF & DKIM

I have a question on using subdomains and getting the branded links set up with a customer. Just using coffee as an example....my client is coffee.com. They want to use quick.coffee.com as their email send/reply to.

As such, I've sent instructions to their IT team to create 2 CNAME records (one for email and one for the landing pages) in the DNS for the subdomain quick.coffee.com for go.quick.coffee.com and go2.quick.coffee.com pointing to the appropriate information from Marketo for each. Will this present an issue at all when setting it up in Marketo by having multiple "dots" in there? Sorry I don't have the correct terminology here.

I've also asked them to create 2 TXT records for SPF and DKIM with the appropriate information from Marketo for quick.coffee.com since this will be where the email is sent from. There seems to be a ton of confusion on their end in getting this set up. Is there a better way to communicate these pieces?

Thanks!

Chelsey

---

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Subdomains and Branded Tracking Links/SPF & DKIM

Please do try to use the official example domain, which is example.com (this is an internet standard and avoids confusion because it cannot be mistaken for a real registered domain).

Anyway...

As such, I've sent instructions to their IT team to create 2 CNAME records (one for email and one for the landing pages) in the DNS for the subdomain quick.coffee.com for go.quick.coffee.com and go2.quick.coffee.com pointing to the appropriate information from Marketo for each. Will this present an issue at all when setting it up in Marketo by having multiple "dots" in there? Sorry I don't have the correct terminology here.

No, that's fine. The subdomains just happen to have 4 labels (go, quick, example, and com). That's quite common: subdomains like pages.example.co.uk also have 4 labels (the private domain suffix takes up the rightmost 3 labels in that case, instead of the rightmost 2 labels example.com but that makes no difference as far as DNS naming rules).

It's true that IT people (inexperienced ones) might be confused by the request, but it's a totally valid request for you to make.

There are some parts of your question that don't quite tie together, though.

You say "they want to use quick.example.com as their email send/reply to". You mean their From: (not Sender:) and Reply-To: headers will be mailbox​@quick.example.com, to be exact when talking to them.

This still doesn't mean you need to do anything vis-a-vis SPF. The only time SPF matters is when you've specifically set up a branded sender domain with Marketo. Branded sender can be included in your subscription if you have a dedicated instance or if you're on the trusted IP range, or can be purchased separately, but a generic shared Marketo instance doesn't have it. And if you do have it, the branded sender domain you'd want would be another subdomain of quick dedicated for this purpose, like marketing.quick.example.com. It would not be merely quick.example.com. And the SPF record would be for that subdomain, not its parent domain. Again, that's only if you need SPF; trying to set up SPF when you don't need it has broken many a Marketo instance. That's because neither the requester nor the requestee (IT) usually gets the rules of SPF, they just ask for Marketo's SPF record to be included -- and Bam! SPF is broken* for email that really needed it.

As for DKIM, a 5-label TXT record (m1._domainkey.quick.example.com) is totally legit. Again it's like m1._domainkey.example.co.uk. Nothing particularly long about it, just may take a bit of insistence on your part: Yes, person in charge of DNS Control Panel who isn't an experienced DNS admin, I need a subdomain that's a level deeper than you usually set up.

* "Broken" in this case typically means only "de facto nonexistent". It doesn't mean SPF fails,

but that SPF errors out because of the malformed record. So you neither pass nor fail.

View solution in original post

4 REPLIES 4
Highlighted
Level 10 - Community Moderator

Re: Subdomains and Branded Tracking Links/SPF & DKIM

Please do try to use the official example domain, which is example.com (this is an internet standard and avoids confusion because it cannot be mistaken for a real registered domain).

Anyway...

As such, I've sent instructions to their IT team to create 2 CNAME records (one for email and one for the landing pages) in the DNS for the subdomain quick.coffee.com for go.quick.coffee.com and go2.quick.coffee.com pointing to the appropriate information from Marketo for each. Will this present an issue at all when setting it up in Marketo by having multiple "dots" in there? Sorry I don't have the correct terminology here.

No, that's fine. The subdomains just happen to have 4 labels (go, quick, example, and com). That's quite common: subdomains like pages.example.co.uk also have 4 labels (the private domain suffix takes up the rightmost 3 labels in that case, instead of the rightmost 2 labels example.com but that makes no difference as far as DNS naming rules).

It's true that IT people (inexperienced ones) might be confused by the request, but it's a totally valid request for you to make.

There are some parts of your question that don't quite tie together, though.

You say "they want to use quick.example.com as their email send/reply to". You mean their From: (not Sender:) and Reply-To: headers will be mailbox​@quick.example.com, to be exact when talking to them.

This still doesn't mean you need to do anything vis-a-vis SPF. The only time SPF matters is when you've specifically set up a branded sender domain with Marketo. Branded sender can be included in your subscription if you have a dedicated instance or if you're on the trusted IP range, or can be purchased separately, but a generic shared Marketo instance doesn't have it. And if you do have it, the branded sender domain you'd want would be another subdomain of quick dedicated for this purpose, like marketing.quick.example.com. It would not be merely quick.example.com. And the SPF record would be for that subdomain, not its parent domain. Again, that's only if you need SPF; trying to set up SPF when you don't need it has broken many a Marketo instance. That's because neither the requester nor the requestee (IT) usually gets the rules of SPF, they just ask for Marketo's SPF record to be included -- and Bam! SPF is broken* for email that really needed it.

As for DKIM, a 5-label TXT record (m1._domainkey.quick.example.com) is totally legit. Again it's like m1._domainkey.example.co.uk. Nothing particularly long about it, just may take a bit of insistence on your part: Yes, person in charge of DNS Control Panel who isn't an experienced DNS admin, I need a subdomain that's a level deeper than you usually set up.

* "Broken" in this case typically means only "de facto nonexistent". It doesn't mean SPF fails,

but that SPF errors out because of the malformed record. So you neither pass nor fail.

View solution in original post

Highlighted

Re: Subdomains and Branded Tracking Links/SPF & DKIM

Thank you so much for the detailed response!

It's been quite the process with the IT team to get this all sorted out (going on 4 weeks now) and I recall in one instance last year I had to change from . to a - to get the email piece working. (so, go2-quick.example.com) but that one was also on a subdomain of quick-fast.example.com instead. Could that have been the reason why? I just wanted to make sure once they get this all sorted out that I wouldn't have any issues on the Marketo side because of go2.quick.example.com.

For this: You say "they want to use quick.example.com as their email send/reply to". You mean their From: (not Sender:) and Reply-To: headers will be mailbox@quick.example.com, to be exact when talking to them." you are correct. Their From and Reply-To headers will be mailbox@quick.example.com.

Thank you for the additional insight into SPF. That definitely helps. I feel like I'm at a point right now with the IT team that if I make/retract anything else... 😕

Level 10 - Community Moderator

Re: Subdomains and Branded Tracking Links/SPF & DKIM

One reason you may hear IT folks trying to convince you to switch from sub.domain.example.com to hyphen-domain.example.com is if they already have a wildcard SSL cert which covers the latter but not the former. This wouldn't apply when setting things up from scratch.

For example, *.example.com won't cover sub.domain.example.com. But *.domain.example.com will.

Highlighted

Re: Subdomains and Branded Tracking Links/SPF & DKIM

Thank you for the clarification! So that was most likely because of the way they had the SSL cert set up. Good to know!