SOLVED

Branded Domain Set Up with redirect

Go to solution
ovhcloud_bg
Level 1

Branded Domain Set Up with redirect

Hi There, 

We noticed that our branded domain security certificate expired. So we had a question on what the best practice to fix this would be. 

 

Questions: 

  1. If our existing branded domain security certificate has expired is it easiest to have your IT department renew this certificate. In our case the branded domain is info.us.ovhcloud.com, but we have a SPF and DKIM with us.ovhcloud.com my IT guy seems to think that maybe the certificate expired on the adobe side, but I am not certain and need clarity. 
  2. Is there a reason we'd want to keep our domain as info.us.ovhcloud.com? 
  3. If we change this, do we need marketo or someone to set up redirects? 

Thanks in advance for any advice. 

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Branded Domain Set Up with redirect

I'm assuming you do actually mean branding domain. (Not "custom branded envelope sender domain" which is extremely different.)

 

The branding domain is the click tracking domain: Marketo rewrites all tracked links so they bounce off the branding domain, then are redirected to the final destination URL.

 

1. You should have Adobe/Marketo issue and install your SSL certs for the branding domain unless you have a commanding security rule that you must issue all certs from specific CA. This is very rare.

 

2. If you have SPF and DKIM for us.ovhcloud.com then that's not your branding domain, nor can it be. If you set your From: header to mailbox@us.ovhcloud.com then you need a DKIM record at m1._domainkey.us.ovhcloud.com (you do not need SPF for that domain). Alternately, if you set your From: header to mailbox@ovhcloud.com and us.ovhcloud.com is your branded envelope sender domain, then you need a DKIM record at m1._domainkey.ovhcloud.com and an SPF record for us.ovhcloud.com.

 

In neither case does this have anything to do with your branding domain, which again processes inbound clicks and appears only in the email body. It does not appear in the header or envelope of Marketo emails.

 

Your branding (sub)domain must be unique and not used for any other purpose.

 

3. Do not change your branding domain. Have Marketo install the right cert. You should do this ASAP!

View solution in original post

3 REPLIES 3
Michael_Florin
Level 10

Re: Branded Domain Set Up with redirect

Marketo Support needs to take care of the SSL certificate for your branded domain. 

 

And there's no specific reason for having a specific branded domain. You may choose whatever you like. If you change it, you first need to set it up internally and then have Marketo appy the certificate.

 

https://experienceleague.adobe.com/docs/marketo/using/product-docs/administration/email-setup/add-mu...

SanfordWhiteman
Level 10 - Community Moderator

Re: Branded Domain Set Up with redirect


And there's no specific reason for having a specific branded domain. You may choose whatever you like. If you change it, you first need to set it up internally and then have Marketo appy the certificate.


You can't actually choose whatever you like as it's an alias for mkto-nnnn.com and therefore cannot be used for any other purpose.

 

It can't be the same as your Landing Page domain/domain alias, nor branded envelope sender domain, nor any domain that receives emails/replies.

SanfordWhiteman
Level 10 - Community Moderator

Re: Branded Domain Set Up with redirect

I'm assuming you do actually mean branding domain. (Not "custom branded envelope sender domain" which is extremely different.)

 

The branding domain is the click tracking domain: Marketo rewrites all tracked links so they bounce off the branding domain, then are redirected to the final destination URL.

 

1. You should have Adobe/Marketo issue and install your SSL certs for the branding domain unless you have a commanding security rule that you must issue all certs from specific CA. This is very rare.

 

2. If you have SPF and DKIM for us.ovhcloud.com then that's not your branding domain, nor can it be. If you set your From: header to mailbox@us.ovhcloud.com then you need a DKIM record at m1._domainkey.us.ovhcloud.com (you do not need SPF for that domain). Alternately, if you set your From: header to mailbox@ovhcloud.com and us.ovhcloud.com is your branded envelope sender domain, then you need a DKIM record at m1._domainkey.ovhcloud.com and an SPF record for us.ovhcloud.com.

 

In neither case does this have anything to do with your branding domain, which again processes inbound clicks and appears only in the email body. It does not appear in the header or envelope of Marketo emails.

 

Your branding (sub)domain must be unique and not used for any other purpose.

 

3. Do not change your branding domain. Have Marketo install the right cert. You should do this ASAP!