Knowledgebase

Featured article

(Article Updated - August 2024) Overview A blocklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam. Internet Service Providers (ISPs) and business email networks use information from blocklists to filter out unwanted email. As a result there can be a drop to inbox delivery rates if the IPs or domains involved with sending email are listed on a blocklist. Marketo’s Email Delivery and Compliance team monitors blocklist activity on our IPs and domains daily. When an impactful listing occurs, we reach out to the blocklist, attempt to identify the sender that triggered it, and work with the blocklist organization to get the listing resolved. There are thousands of blocklists, most will not have a significant impact on your delivery rates. Below, we have compiled a list of the blocklists that commonly appear across our sender ecosystem. Each blocklist has been grouped into a top tier (Tier I) by most impactful, to the bottom least impactful tier (Tier III). These may have little to no impact across our sender network. Tier I Blocklist Spamhaus (SBL) Impact: Spamhaus is the only blocklist that we categorize as a Tier I for a reason: it has by far the greatest impact on delivery. It is the most well-respected and widely used blocklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%. Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blocklists, Spamhaus lists senders manually. This means they are proactively watching sender activity, collecting data, and base listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next Steps: Please note that every Spamhaus email can be quite different depending on the information provided and the nature of the listing . Because Spamhaus has multiple types of listings, the remediation steps are based on which type of blocklisting has occurred. We have listed the most common types to affect Marketo customers, from most to least impactful. Impact can range from a full block of top severity, to a partial block that is less severe (CSS Data, DBL). If remediation isn’t performed and the problem not addressed, these listings can increase in severity and turn into a full blocklisting. Spamhaus Blocklistings Types SBL (full blocklisting) Considered the most impactful. Remediation steps: Our team monitors closely for Spamhaus listings. Once alerted to the listing, we send an email notifying the customer, and reach out to the Spamhaus contact to start the remediation process. Only a Marketo delivery team member should be in direct correspondence with the Spamhaus contact, to speak on behalf of the customer, and to relay their questions and instructions, ensuring quick resolution and reduced impact. Senders that trigger this listing on a shared IP range will be moved to a more isolated, penalty range (IPB), so as not to impact the other shared senders. Those affected on a Dedicated IP, only impact their own sending and will not be moved. However, depending on the severity of the issue, our team may need to revoke a customer’s ability to send any emails until full resolution. The listing will last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem. SBL CSS Customers are alerted of the listing with an email containing all the information needed to immediately begin the remediation process. This is part of an automated trigger listing, that allows for a customer to delist directly on the Spamhaus website, after they’ve completed remediation. Remediation steps: Customers will go to the Spamhaus IP lookup website, at https://check.spamhaus.org, where they can check on the status of their IP and continue to monitor it in real time, until it is no longer listed there. Follow the remediation and delisting instructions provided, and check for specific details in the blocklist notification email. DBL (Domain blocklisting) Customers will receive an email notification alerting of the company domain being listed. The email will contain specific information to help narrow down and identify which email source likely triggered it within Marketo. It’s important to note that any email sent from outside of Marketo, that contained the company domain, is suspect. This means, if the sender uses multiple IPs and/multiple email platforms, then any of those could be the source. Remediation steps: Follow the detailed instructions in the email, which will also provide a link to the Spamhaus Domain reputation checker webpage, to check the real time listing status of the affected domain. Once the email source is identified and cause addressed, this customer will follow the online instructions to request to be delisted. Tier II Blocklist SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions, but it makes it to the Tier II list because it can have a significant impact on B2B email campaigns. SpamCop is considered a Tier I one blocklist for B2B marketers but a Tier II for B2C marketers. SpamCop is a dynamic IP blocklist, that can affect a single IP or a subset of IPs Typically, the block will automatically lift within one business day, but can take longer for relisted IPs. To have triggered a SpamCop listing likely means the sender has a list management problem that should be addressed. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Remediation steps: If you are seeing a significant number of bouncing emails caused by a SpamCop blocked IP but aren’t sure if your email activity triggered the listing, first identify whether you are sending on a shared sender network or not. If sending from a shared IP range when this occurs, you or any other customer sending from the same network may have contributed to the IP block. This IP block will automatically get dropped within a business day. For those on a Dedicated IP that trigger a listing, refer to the above remediation steps and resources, to address the list management issue. Tier III Blocklist (Low/ No impact ) These are considered the lowest tier and therefore cause the least impact across the Marketo sender ecosystem. Some of these blocklists were more impactful at one time, while others are only impactful based on the sender region (Manitu). Others still can suddenly flare up (Lashback). There are also many blocklists that are ignored (0spam), and are not taken seriously because they do not provide any means to delist once on the list (NoSolicitado) or that they charge money to have the listing removed ( UCEPROTECT ). The pay-to-delist model is not well respected in the email industry. When using blocklist tool checkers, such as MXToolBox, many blocklists will appear, but very few are relevant. Here is our selection of Blocklists you may come across that are least impactful: Project Honey Pot SpamAssassin URIBL/SURBL DrMX PSBL 0spam HostKarma Ascams ZapBL Barracuda Trendmicro Inc. Cloudmark Proofpoint Invaluement ISP Blocklists Some ISPs use internal blocklists to make blocking decisions. Examples include AOL, Yahoo, Gmail, Outlook and Hotmail. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for significant ISP blocks. Those experiencing deliverability issues with emails not making it to the Inbox and bulking in the spam folder may benefit from additional services with our Email Delivery Consultants. Remediation Steps: Email Delivery Compliance Team works to resolve any ISP blocks. ISP blocks are are usually resolved or lifted within less than 24 hours of a delisting request. Customers experiencing significant blocks for Microsoft domains (outlook.com, live.com, microsoft.com), can submit a request to the delivery team to seek mitigation on their behalf. Additional Resources: Blocklist Deep Dive Abuse Report Deep Dive What is a spamtrap, or spam trap, and why does it matter? Blocklist remediation Blocklist resolution flowchart Successful lead reconfirmation What is a blocklist?

NOTE: To secure your Marketo landing pages requires either Marketo SSL for Landing Pages (obsolete service) or Secured Domains for Landing Pages. Please contact your Marketo Customer Success Manager for more information or to purchase. With Marketo’s Secured Page Services: SSL for Landing Pages, Marketo customers were responsible for providing the original SSL certificate and updated certificates upon expiration. If you have reached this page because you are providing an updated certificate, an upgrade is required. What’s changing: Marketo has discontinued the Secured Page Services: SSL for Landing Pages service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Landing Pages product which provides all needed certificates and manages renewals automatically. Action Required: Please contact your Marketo Customer Success Manager to add the the Secured Domains for Landing Pages product to your subscription. Once you’ve purchased Secured Domains for Landing Pages for your instance: OPEN A NEW SUPPORT CASE Marketo login required. Select Case Type - "Help me setup/create" Select Case Issue - "System Configuration" If you have multiple instances, please provide us with the Munchkin Code (Found in Admin > Munchkin) of the instance that is ready. Format ###-XXX-###. Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time. How is the new Secured Domains for Landing Pages Better? With Marketo’s new Secured Domains for Landing Pages product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your pages! For more information, please see our Overview & FAQ: Secured Domains for Landing Pages. Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Landing Pages certificate renewal process.

Issue description: The token {{member.webinar url}} does not populate when you send a confirmation using an Email Program within the Event program. Issue Resolution: When you use an Email Program to send your webinar confirmation, the token {{member.webinar url}} is only able to look at the membership properties of the Email Program, not the top-level Event program. Because of this, it is not able to populate the token. Instead, you should send your webinar confirmations using a Smart Campaign inside the Event program.

Article Text Explanation: In RTP the tracking is session-based, similar to most web analytics tools. A session starts with the first page view and ends 30 minutes after the last click on the website. For example: Scenario RTP Result Visitor views 1 page on the website and leaves 1 visit & 1 page view Visitor views 2 pages on the website within 30 minutes and then leaves 1 visit / 2 page views Visitor views 1 page on the website, leaves, then returns 45 minutes later and views 1 page 2 visits / 2 page views

Article Text If you're finding that boxes in your Facebook Lead Ads setup are not staying checked, the issue may be related to your sandbox. This fix applies only if you have ever previously set up the same pages in your sandbox. In this situation, you began by going to Admin > Integration > LaunchPoint and adding Facebook Lead Ads. During initial setup, you checked the boxes for the Facebook pages you want to connect to Marketo. It appeared to be set up correctly. However, you later discovered that one or more of them actually fail to work. The next time you looked at it, some of the boxes were mysteriously un-checked. The issue here is that the page/s you selected were previously used in a sandbox (for instance, to test them out before setting them up in production). Once you decided to move them to production, your natural assumption was that you needed to delete the sandbox integration and re-create it in production. However, deleting the integration from the sandbox does not break the connection with Facebook. As far as Marketo is concerned, that page is still in use by the sandbox, even if the integration is deleted. To resolve this issue, you will need to clear the page from use on the old instance and allow it to be used on the new instance. Follow these steps: Log into the instance where the Facebook page was previously used. Create a new FB Lead Ads integration (with the user who has admin rights on the page that unchecked itself). Uncheck the page and click Next. Ignore mapping and click Save. Note: It isn't possible for Marketo Support to tell you which instance the Facebook page was used on.

When trying to sync updates to your salesforce.com instance from Marketo you see one of the following errors in the activity log : Failed: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY INSUFFICIENT_ACCESS_OR_READONLY INVALID_CROSS_REFERENCE_KEY This is an error sent to Marketo from Salesforce. There are a number of reasons why this error could occur. INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY means that the user who is trying to make the update does not have access to a related element that is required for the record to be updated and saved in SFDC. There are a number of specific examples of what might be the cause but these will vary from organisation to organization depending on the configuration of your salesforce.com. If you were to connect to sfdc as the Marketo user and try manually updating the same record that Marketo is trying to update then you will get the same error in the salesforce.com UI. Here are a list of some elements that you should check in SFDC if you see this error: Do you use record types? If so make sure that the the Marketo user has access to all required record types and that the Record Type Id in Marketo is correct for the Lead or Contact. Sometimes, when a Lead is converted to a Contact in SFDC, the Record Type ID fails to update in Marketo, causing the sync to fail. This is one of the most common causes for these errors. Are there any look-up or master detail fields on the object in question? If these types of fields are being updated then make sure that the Marketo user has access this object/ these records. Do you use Apex? If so you may have trigger that fire on the the update of a record, you will need to make sure that the Marketo user has profile access to the relevant Apex classes. If you have any workflow rules or assignment rules that send an email when the record is saved then you will need to make sure that the Marketo user has the send email permission and has access to the email folder that contains the mails that are sent rules are triggered. Make sure "Convert Leads" is turned-on within SFDC. If it is not, you will get this error message when trying to merge leads that exist within Marketo and SFDC.

Issue There is a significant delay of several hours or days between when an update is made to a contact record in Dynamics and when the change shows on that record in Marketo. Solution To determine what may be causing this, follow these steps: Check under Admin > Microsoft Dynamics to make sure your sync is turned on. Take a look at the Admin > Sync Status tab as described here: https://docs.marketo.com/display/public/DOCS/Sync+Status. If there is a backlog of updates or inserts showing here, this is likely what is causing the delay. Check the Sync Errors tab to see if there are any errors indicating issues with your sync. Find an example record that has a sync delay, and locate the GUID of the record in Dynamics. Check the Marketo Log to see if the update to that record was written to it. The logs can be found under Settings > Extensions or under Workplace (this can potentially be customized). Once the logs have been located, you'll want to click on each one individually, and it will show the current view. If not all of the columns are visible, edit the view and include all the column and save/publish that change. Once all of the columns are visible, click on the export option as a static sheet. Once you've exported the Marketo Log, do a search for the GUID in the file. If there is a record of the update on the date-time you made it, that means it was successfully written to the log. In this case, there is likely a backlog of updates to be made, particularly if a large update was made recently, so it may come in later. If there is no record of an update to that record, there is something on the Dynamics side preventing it from being written. You will want to work with Dynamics Support to narrow down the issue in this case. Who This Solution Applies To Customers using the Microsoft Dynamics CRM integration

Issue The Smart List in a Campaign gives 'Invalid URL' error for a valid URL (non-Marketo landing page URL). Solution To make sure non-Marketo landing page URL will show up in Smart List's filters, the following steps have to be done. Make sure the Marketo Munchkin Tracking code is implemented and placed within the non-Marketo webpages. The non-Marketo URLs would show in the filter if a known lead/person has visited the web page and tracked into the activity log. Therefore, make a lead/person and visit the webpage to allow Marketo to track and log that URL visit.

Issue Issue Description When trying to reference a Custom Object in a Smart List with a Filter, there are no filters for the Custom Object. Yet, when checking within a Smart Campaign, there are Triggers for the Custom Object. Solution Issue Resolution Filters are not included in the original design of the Marketo Custom Object setups that act as an intermediary/bridge between two other objects. Check the object setup within Marketo Admin > Marketo Custom Objects - how many linked objects are there? If there are two linked objects, that means the selected Custom Object is an intermediary/bridge between the two linked objects. For these, there will not be any Filters, however there will be Triggers for these objects. Who This Solution Applies To Clients with Marketo Custom Objects

Issue By design, there are several fields that are ignored by the sync during the integration with SFDC. These fields cannot be mapped to a Marketo field. Solution If you want one of these fields synced to Marketo, you will want to create a custom SFDC field to map to Marketo, then put a process in place for SFDC to populate the standard field data into the custom field. System fields ignored for all objects: 'CreatedById' 'LastActivityDate' 'LastModifiedDate' 'LastModifiedById' 'MasterRecordId' 'SystemModstamp' Account: 'Fax' 'Ownership' 'Rating' 'ShippingCity' 'ShippingCountry' 'ShippingPostalCode' 'ShippingState', 'ShippingStreet' 'TickerSymbol' Contact: 'Name' 'AssistantName' 'AssistantPhone' 'HomePhone' 'LastCURequestDate' 'LastCUUpdateDate' 'MailingCity' 'MailingCountry' 'MailingPostalCode' 'MailingState' 'MailingStreet' 'OtherCity' 'OtherCountry' 'OtherPhone' 'OtherPostalCode' 'OtherState' 'OtherStreet' 'ReportsTo' User: 'Name' 'Department' 'Alias' 'CallCenterId' 'City' 'CompanyName' 'ContactId' 'Country' 'Division' 'EmailEncodingKey' 'EmployeeNumber' 'Extension' 'ForecastEnabled' 'LanguageLocaleKey' 'LastLoginDate' 'LocaleSidKey' 'OfflineTrialExpirationDate' 'OfflinePdaTrialExpirationDate' 'PostalCode' 'ProfileId' 'ReceivesAdminInfoEmails' 'ReceivesInfoEmails' 'State' 'Street' 'TimeZoneSidKey' 'UserPermissionsAvantgoUser' 'UserPermissionsMarketingUser' 'UserPermissionsOfflineUser' 'UserPermissionsCallCenterAutoLogin' 'UserRoleId' 'Username' Lead: 'Name' 'IsUnreadByOwner' Campaign - None Opportunity - None

Issue How to work effectively with Marketo Support to quickly resolve your issues. Solution Best Practices: Be specific about the issue you are experiencing. Describe the expected behavior or appearance of the asset we are troubleshooting - what you believe should be happening Describe the actual behavior or error in the asset we are troubleshooting. Provide links to the assets we need to troubleshoot. Click on the specific asset in the navigation tree and then copy the URL displayed in the address bar of your browser into your case. This will take us directly to the asset. If we are troubleshooting a specific asset inside a program, such as a Smart Campaign or an email, provide the link to the asset itself rather than to the program containing the asset. Provide examples of the issue: Provide links to specific leads that are examples of the issue you are having. Even if the issue affects multiple leads, we still need to start by looking at specifics. Provide the exact text of any error messages you might be receiving, along with the timestamps. Screenshots can be very useful for this. When troubleshooting API call issues, attach copies of the the request and the response that show the issue you are having. If the issue concerns a non-Marketo asset such as a webpage, please include the URL. Include screenshots and log files: Since we do not have access to your CRM, if there is information in the CRM we need to see, attach an uncropped screenshot of an example record to your case. When taking the screenshot, log into the CRM using the Marketo sync credentials. This will allow us to see what Marketo sees through the sync. If you are using MS Dynamics, attach the Marketo logs and Marketo error logs to your case. Involve other resources as necessary, even if they aren't Marketo users. We may need to work with your CRM admin, your IT department, or your web developer. CC-ing them on the case is a simple way to loop them into the support case so you don't have to run questions back and forth. Please be aware that Marketo support are not trained as web developers or CRM admins. We are happy to help you troubleshoot issues with your Marketo instance and integrations, but we are not able to troubleshoot custom code or advise you on details of your CRM administration.

Issue You or your customer have a global block on emails sent from servers with the domain "mktomail.com." You would like to keep the global block but allow email from your own Marketo instance to pass through. Solution The return-path (or envelope_from) in the header of most Marketo emails includes the domain "mktomail.com." Some email servers may have a global block on this domain which prevents delivery of your Marketo emails. There are two options for bypassing this global block. Contact your account manager to see about added the Branded Envelope_From feature to your instance. This will replace the "mktomail.com" domain with a domain of your choice. Have the email admin add a Regex version of your return-path/envelope_from to the Allow List. Which Regex you use will depend on which datacenter houses your instance. To determine the datacenter, look at the URL for your Marketo instance and see which letters come after the "https://app-". "SJ" is for San Jose, "AB" is Ashburn, "E" is London, "SN" is Sydney The Regex you will use is as follows: San Jose datacenter - "munchkin_id.(\d+.)*\d+@em-sj-77.mktomail.com" London datacenter - "munchkin_id.(\d+.)*\d+@eu-lon-188.mktomail.com" Ashburn datacenter - "munchkin_id.(\d+.)*\d+@potomac1050.mktomail.com" Sydney datacenter - "munchkin_id.(\d+.)*\d+@snsmtp.mktomail.com" Netherlands datacenter - "munchkin_id.(\d+.)*\d+@em-nld1-01.mktomail.com" Replace "munchkin_id" with the Munchkin ID for your Marketo instance. This operates as the unique identifier to allow only email from your Marketo through the block. Other email from the "mktomail.com" domain will still be blocked.

Issue A Smart Campaign with a Data Value Change trigger for a specific field does not pull in newly created leads, even though the leads have the specified value in the field. Solution Marketo does not log Data Value Change activities for fields that are populated in the creation of a lead. If the value changes after the lead is created, we log the Data Value Change which would then trigger the appropriate campaign. If you want to include newly created leads along with existing leads in your campaign: Add a "Lead is Created/Person is Created" trigger to the campaign along with the Data Value Change trigger Add a filter for the specific field and the desired value. This will allow the campaign to fire for both new and existing leads.

Issue You receive an error "Salesforce Sync Error: Daily API Limit Reached" or "TotalRequests Limit Exceeded" Solution The API limit for Salesforce is determined by your Salesforce agreement. The Marketo sync bundles updates to minimize API calls, but depending on the amount of data you need to sync and your Salesforce API limit, you may encounter this error. To minimize the number of API calls made to Salesforce by your Marketo instance, try the following: Avoid "Sync to SFDC" flow steps. These require one API call per lead. Use the Marketo Program to SFDC Campaign sync to add people to SFDC Campaigns Use Salesforce assignment rules to route leads and contacts rather than using Marketo to update lead ownership To see your Salesforce API limit (per 24 hour period) and your current usage (for past 24 hours) in SFDC, Navigate to: Setup > Administration Setup > Company Profile > Company Information Look for the field called "API Requests, Last 24 Hours" This will display API usage for the past 24-hour period as well as your current 24-hour limit (in parenthesis). Who This Solution Applies To Customers integrated with Salesforce

What is HSTS? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. This prevents man-in-the-middle attacks by telling the browser it should never interact with their domain without first establishing a secure HTTPS connection. What does this mean for Marketo assets? A domain can assert the HSTS policy for all of it's subdomains. This means both the subdomains used for Marketo landing pages and the subdomains for Marketo tracking links must also be secured with SSL certificates. If HSTS is asserted and the Marketo subdomains are not secured, people that visit landing pages or click on tracked links in emails will receive security errors and browsers will not load the pages. This is resolved by purchasing both Secured Domains for Landing Pages and Secured Domains for Tracking Links. There are very few exceptions where a domain utilizing HSTS will not need to secure both landing page domains and tracking link domains. How do I know if my domain is using HSTS? Reach out to your IT and/or web development team to confirm whether or not your domain utilizes HSTS and if both Secured Domains and Tracking Links are necessary for your business. If your website utilizes HSTS and has the "include subdomains" flag set to true, you will need to secure both your landing page domains and tracking link domains in almost all circumstances. Google Chrome has a built in HSTS checker that you can use to verify your HSTS settings. 1. Visit the root domain of your website with the Chrome browser. For example, if your Marketo landing pages use visit.acme.com, navigate to acme.com. This will load the domain's HSTS policy into Chrome. 2. Navigate to chrome://net-internals/#hsts in Chrome. This will load Chrome's HSTS checker. 3. In the "Query HSTS/PKP domain" section, type in your domain you wish to check. Click "Query". 4. If the query returns "Found" with a list of configuration settings, you will need to check two settings: If either "status_upgrade_mode" or "dynamic_upgrade_mode" have the value "FORCE_HTTPS" or "STRICT", then the domain is enforcing HSTS and all connections are made over HTTPS. If either "static_pkb_include_subdomains" or "dynamic_pkp_include_subdomains" are equal to "true", then all subdomains are subject to the HSTS policy. If both of the above are true then both Secured Domains for Landing Pages and Tracking Links may be required. If the query returns "Not Found", or is not using a "FORCE_HTTPS" or "STRICT" policy then the landing page and tracking link subdomains may not have strict HTTPS requirements. Always verify with your IT and/or web development team as to what your domain's security policies and requirements are. Failure to properly secure your landing page or tracking domains according to your domain's security policy may result in landing pages or tracking links not resolving in browsers. A lack of a strict HSTS policy does not necessarily mean you do not need to secure your Marketo domains. Is this article helpful ? YesNo My domain asserts HSTS on my subdomains but I do not have HTTPS encryption with my Marketo subscription. What do I do? Reach out to your Customer Success Manager to discuss purchasing Secured Domains for Landing Pages and Secured Domains for Tracking Links. Configuration instructions can be found below: Overview & FAQ: Secured Domains for Landing Pages Overview & FAQ: Secured Domains for Tracking Links

For those in highly regulated industries, your company may additionally require that you securely encrypt the Marketo tracking links embedded in Marketo emails. Remember that Marketo takes the URLs you place inside of emails and shortens them using the "Branded Tracking Link" domain (this is another CNAME you set up in Marketo under Admin--> Email). These tracking links are how Marketo enables you to track engagement with your emails. Overview & FAQ - Overview & FAQ: Secured Domains for Tracking Links What's Changing Marketo has discontinued the Secured Page Services: SSL for Tracking Links service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Tracking Links product which provides all needed certificates and manages renewals automatically. Action Required To secure your email tracking links, contact your Marketo Customer Success Manager to add the Secured Domains for Tracking Links product to your subscription. Once you’ve purchased Secured Domains for Tracking Links for your instance: An automated message will be sent to the Support Admin on your account They will need to respond to the message with the Munchkin ID of the instance needing Tracking Links set up. Responding to this case will auto generate a Support Case for a Marketo technical support engineer to help complete the process. Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time. Do I need Secured Domains for Tracking Links? Secured Domains for Tracking Links ensure that tracking links can be served securely for domains which have implemented HSTS (HTTP Strict Transport Security). HSTS is a web server directive which forces all subsequent requests for resources on that domain to be loaded through HTTPS. If you have implemented HSTS at your site on any domain that you are choosing for either your Landing Page CNAME or your branded email tracking links domain, you will need Secured Domains for Tracking Links and/or Secured Domains for Landing Pages. How is the new Secured Domains for Tracking Links Better? With Marketo’s new Secured Domains for Tracking Links product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your links in emails! Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Tracking Links certificate renewal process. Will my tracking links automatically convert to HTTPS? You will not see tracking links in your Marketo emails changed to HTTPS (they will remain prefixed HTTP). However, when an end user clicks the link, if HSTS is enabled for the domain in the link being clicked and the browser is aware, the request will be automatically changed to HTTPS by the browser and served securely via HTTPS before re-directing to the destination of the link. This means that no insecure connection occurs because the browser recognizes the HSTS security policy. HSTS preload is required for this to work. If a tracking link top level domain is not on the HSTS preload list, then link clicks will be insecure until the browser becomes aware of the HSTS policy on the target domain by visiting the site. Will my old links in emails continue to work? Links in emails will continue to function normally. Is this article helpful ? YesNo

Issue Marketo program Members are taking a long time to get updated in SFDC Campaigns. Solution The Marketo Program to Campaign sync is not real time and will take time to update. The feature is dependent on the Marketo to SFDC background bi-directional sync. Marketo will generally sync SFDC and Marketo objects in the following order: Lead Account Contact User Task Opportunity Opportunity Contact Role Campaign Campaign Member Campaign Member Status As per the order, Campaign related objects are towards the bottom of the list. This means that all objects above it are synced first, and if there are any backlogs on those objects, the Campaign objects can queue up and cause delays.

This is a article attached image Upon signing a contract with Marketo you are provisioned a Marketo instance and a Support Service. There are four different types of Support Services which are available to meet different customer support needs: Online (Legacy) Business or PREMIER SUPPORT BUSINESS (Legacy) Premier or PREMIER SUPPORT ENTERPRISE (Legacy) Elite or PREMIER SUPPORT ELITE Each Support Service has a different Service Level Target (SLT). An SLT is the amount of time Marketo Support targets to make first contact with you after a support case has been submitted. SLTs differ for each Support Service and priority level. Priority levels range from Priority P1 to Priority P4. Here are the SLTs and priority levels for each Support Service: Priority Online (Legacy) Business PREMIER SUPPORT BUSINESS (Legacy) Premier PREMIER SUPPORT ENTERPRISE (Legacy) Elite PREMIER SUPPORT ELITE P1 1 hour 1 hour 1 hour 30 minutes 30 minutes 30 minutes 15 minutes P2 4 hours 3 hours 2 hours 2 hours 1 hour 2 hours 30 minutes P3 6 hours 5 hours 4 hours 4 hours 2 hours 2 hours 1 hour P4 3 days 1 day 1 day 1 day 1 day 1 day 1 day Here are the descriptions for each priority level: Priority Description P1 Mission Critical: Core business function down or potential loss of mission critical data P2 Urgent: Major feature or workflow is not functioning. Mission critical workflow and majority of user community is not blocked P3 Important: Normal usability or task completion is impacted but functional, or workaround is available P4 Minor: Minor issue requiring a correction. Normal workflow is not impacted Find more information About Support here!

Issue You have the Munchkin tracking code on your non-Marketo web page but visits to the page are not being tracked. Solution If you have customized the Munchkin tracking code, it may not work. Marketo only supports the Munchkin code as it is provided in your instance. If you need to alter the code, you would need to work with your web developer to determine why the customized code is not working. To find the supported Munchkin tracking code: Go to Admin > Munchkin. Select the version of Munchkin you intend to use. Place the Munchkin code on your page as outlined in our document on adding Munchkin tracking to your site.

Issue A lead/person completes an action that should trigger a Smart Campaign located in a Workspace, but the campaign does not trigger. Solution If you have Workspaces and Partitions set up on your instance, some leads may not be available to some campaigns, due to workspace and partition restrictions. When a workspace only has access to certain lead partitions, leads in other partitions are unable to trigger campaigns in that workspace. So if Workspace 1 has access to Partitions A and B, leads in Partition C cannot be included in any campaigns for Workspace 1. To resolve this issue, you would need to change the restrictions that are preventing the leads from being able to trigger campaigns in a particular workspace. These can be changed by going to Admin > Workspaces & Partitions > Edit Workspace (with the appropriate workspace selected). Whether it makes sense to make this change should be reviewed first. Often workspaces are setup to be specific to regions, so check whether it makes sense from a business point of view for leads in a partition to qualify for campaigns in a certain workspace. It may not be desired, and instead it should be checked whether the lead should be in fact in a different partition. Who This Solution Applies To Customers who have Workspaces & Partitions set up in their instance.

Knowledgebase

Maintaining a Directory of Leads Bouncing Emails

Top Blocklists - What You Need to Know

Setting Up Secured Domains for Marketo Landing Pages - RENEWING SSL CERTIFICATES

Building a Lead Lifecycle Program (Video)

Token {{member.webinar url}} not populating in email

How does Web Personalization (RTP) calculate views and visits?

Facebook Lead Ads Pages Spontaneously Removing Themselves

SFDC Sync Error “INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY” or "INVALID_CROSS_REFERENCE_KEY" or "INSUFFICIENT_ACCESS_OR_READONLY"

Troubleshooting Sync Delay from Microsoft Dynamics CRM

Smart List does not recognize a valid URL

Marketo Custom Object Filters Missing

Salesforce Standard Fields Ignored by the Sync

Best Practices for Working With Marketo Support

Adding mail from only YOUR instance to your Allow List

Smart Campaign with Data Value Change Trigger Does Not Fire When New Lead is Created

Salesforce Sync Error: Daily API Limit Reached

SSL: The HSTS policy and your Marketo subdomains

Setting Up Secured Domains for Tracking Links

Delay in Sync between Marketo Program Members and SFDC Campaign

Service Level Targets (SLT)

Munchkin Not Tracking Page Visits to Non-Marketo Page

Lead/Person Fails to Trigger Smart Campaign Located in a Specific Workspace