SOLVED

Re: Redirect branded email subdomain

Go to solution
BobbyMasjedi
Level 1

Redirect branded email subdomain

Our security team would like our email branding domain to be forwarded like the situation with landing page domain.

 

Is it possible to redirect the email branding sub-domain to our homepage or elsewhere?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Redirect branded email subdomain

It's not possible: see the recent thread https://nation.marketo.com/t5/Product-Discussions/Redirect-Root-Branding-Domain/m-p/311085#M175676.  (Can't imagine what this has to do with security!)

View solution in original post

5 REPLIES 5
SanfordWhiteman
Level 10 - Community Moderator

Re: Redirect branded email subdomain

It's not possible: see the recent thread https://nation.marketo.com/t5/Product-Discussions/Redirect-Root-Branding-Domain/m-p/311085#M175676.  (Can't imagine what this has to do with security!)

BobbyMasjedi
Level 1

Re: Redirect branded email subdomain

Thanks Sanford.

 

As far as security goes, the below screenshot is one of the things the team is referencing on our email tracking domain.

 

"Security headers are not configured/defined and Weak Ciphers are supported"

 

Trying to figure out an answer as it doesn't sound like this is something that we can have changed on Marketo's end correct?

 

image021.png

SanfordWhiteman
Level 10 - Community Moderator

Re: Redirect branded email subdomain

Those security grades — though arbitrary & debatable — have nothing to do with whether the root of the branding domain redirects or not.

 

The security config of the root URL is exactly the same as the root URL + a valid redirect path

 

That is, https://branding.example.edu/MjUwLUxWRy0wNzYAAAF7neoCUlpCUwvWrMX6ro2Rn-rJBnlfzmz  and https://branding.example.edu/  are the same server with the same exact security characteristics/features/shortcomings. So I still don't know why they're talking about the root URL.

BobbyMasjedi
Level 1

Re: Redirect branded email subdomain

Got it, thank you.

 

Do you know if it's possible for Marketo to implement a content security policy, etc on email subdomains?

 

(As I'm sure you can tell, this isn't my area of expertise)

SanfordWhiteman
Level 10 - Community Moderator

Re: Redirect branded email subdomain


Do you know if it's possible for Marketo to implement a content security policy, etc on email subdomains?

Don't believe so. Some of the security headers are, in practice, irrelevant for such a single-purpose webserver. Remember, the click tracking domain only ever serves the same piece of JS with a different URL value. That's all it ever does.

 

HSTS (Strict-Transport-Security) would be nice to have, although the chance of someone navigating to the tracking domain over plain http: should be tiny. Your emails should be the only advertised way to get there, and they'll always use https:. Of course, one can manually stay on http: by typing "click.example.com" in the location bar (that's the case that HSTS is meant to protect). But deliberately typing your tracking domain, rather than your corporate domain, is not a typical end-user activity. Also, if you have HSTS on your parent domain (https://example.com ) with includeSubdomains you're protected after their first visit.

 

Note the value of Referrer-Policy would have to at least allow the origin to be sent, in order to support current behavior (i.e. you can read the referrer on the target page to know someone got to your site by clicking an email, otherwise it would appear direct).

 

X-Iframe-Options could block the tracking domain from being embedded in an IFRAME without causing any problems that I can think of, but it also wouldn't secure you against anything I can thing of, again because the tracking domain is so purpose-built to do only one thing: (log and) redirect.