As you know, Marketo issued a security patch on 4/6/16 in order to strengthen token encryption within email links. At Marketo, security is a top priority and we will continue to invest in changes that make the platform more robust.
In reference to this patch, Marketo Support has been answering several common questions that are documented here for your reference. Please find this information below and, as always, contact Marketo Support if you still have any unanswered questions.
No, the vast majority of links within emails are not impacted in any way. By default, Marketo converts all email links to shortened tracking links. These links were not impacted by this patch. These links should continue to function as expected, regardless of when your email was sent.
Note: This also applies to any links that contain the “mktNoTrack” or “mktNoTok” class. These links were also not impacted by this patch.
The only links that were impacted were links that contain pre-generated mkt_tok values. There are three ways these type of links can be present in your email:
1. You use one of the following system tokens in your email:
2. You use the “Include View as Web Page” option in the Email Editor and your Admin > Email defaults for “View as Web Page Text” explicitly includes an mkt_tok value like this: mkt_tok=##MKT_TOK##
3. You use Marketo’s default functionality to auto-insert “Unsubscribe” footers at the bottom your emails and your Admin > Email defaults for “Unsubscribe Text” explicitly includes an mkt_tok value like this: mkt_tok=##MKT_TOK##
1. System Tokens
For emails sent out prior to 4/6/16:
Note: For all of the above system tokens, any emails sent out post-patch are not impacted.
2. “View as Webpage” - If you implement a “View as Webpage” experience in your emails by using Marketo defaults, selecting “Include View as Web Page” from the Email Editor, then you will see the following behavior:
Note: any emails sent out post-patch are not impacted.
3. “Unsubscribe” - If you implement an “Unsubscribe” experience in your emails by using Marketo’s defaults, then you still see the following behavior:
Note: any emails sent out post-patch are not impact