What’s changing?

Previously, customers could choose whether they wanted to secure their pages and tracking links via SSL. The responsibility of procuring, maintaining, renewing, and securely sending the certificates to Marketo lie entirely with the customer – Marketo just hosted them. In 2017, Chrome and Firefox announced they would begin flagging any unsecured pages with clear ‘NOT SECURE’ warnings in their 2018 releases to encourage the use of SSL, and even distrusted certificates from certain providers. This essentially designated the certificate as a foundational security necessity to prevent customers fleeing from unsecured sites.


This change reinforced the increasing need for companies to protect their data and mitigate against online security threats. Recent studies have shown that ~45% of organizations are targets of Distributed Denial of Service (DDoS) attacks, typically lasting a few hours, and potentially costing companies not only lost revenue, but also customer data and overall trust. [1]


Simply put, an SSL certificate just isn't enough anymore, which is why Marketo updated how we manage SSL certificates and the overall security of our customers' landing pages with the introduction of Secured Domains, a comprehensive managed service, in early 2018.


How is Secured Domains different than an SSL certificate?

In contrast to our previous solution, Secured Domains is less focused on the SSL certificate itself, and rather the security and performance benefits gained from our partnership with Cloudflare, an industry leader in secure solutions. Secured Domains not only includes the necessary SSL certificates, but, more importantly, provides robust security protection thanks to the investment made to secure our servers, which host Marketo landing pages, behind Cloudflare’s trusted security infrastructure.


With Cloudflare’s enterprise-grade tools securing our servers, we protect against security vulnerabilities and attacks on your Marketo pages. Once Secured Domains is implemented for your instance, your domains will be protected via the following:


  • Managed Web Application Firewall (WAF): keeps your pages secure by filtering and deflecting malicious attacks
  • DDoS Protection:  keeps your pages live by absorbing attacks and preventing the pages (and Marketo's infrastructure) from crashing
  • Content Delivery Network (CDN): a load balancer to distribute page views based on geolocation, which allows landing pages to load more quickly


Secured Domains also shifts the ownership of SSL certificates onto Marketo, which eliminates the hassle of Marketing & IT teams having to manage them and, because they renew automatically, you no longer need to worry about your landing pages crashing due to an expired certificate. The certificates are provisioned by Cloudflare and authored by DigiCert at an enterprise-level offering. For more information, please see our Overview & FAQ: Secured Domains for Landing Pages.

How do I learn more about Secured Domains?

If you’re an existing customer, please contact your Marketo Customer Success Manager to add Secured Domains to your subscription. As of September 2019, a base Secured Domains package, which secures your first landing page domain and first tracking link domain, is now included automatically upon your next Marketo renewal. If you are unsure how to get in touch with your Customer Success Manager, please contact CustomerCare@marketo.com.


If you’re considering Marketo for your marketing automation solution and would like more information on Secured Domains and how it can improve your site security and performance, please contact GRP-Marketo-Sales@adobe.com.



Due to the security and risk mitigation enhancements we've made to protect Marketo servers, all customer domains are now hosted on Cloudflare. Marketo customers will be required to use the auto-renewing SSL certificate included with Secured Domains unless an exception is granted (more information on exceptions can be found in the FAQ). If you use more than the 1 landing page domain and 1 tracking link domain covered under the base offering, additional domains may simply be added on a la carte - talk to your CSM or Sales contact for pricing details.


[1] Tim Matthews, Imperva, DDoS Impact Survey Reveals the Actual Cost of DDoS Attacks, 12 Nov. 2014


Labels (1)