Re: SHA-256 an email address Link in Velocity

Thanks Sanford!

Is there any webhook-compatible service you know of? Would help me look into it a little more.

Is there any webhook-compatible service you know of?

You can DIY with a server and a custom field. e.g.

<?php
echo json_encode(['response'=>hash( "sha256" , $_POST['email'] )]);
?>‍‍‍‍‍‍

map response to your custom field

Hi Jay,

Thanks for that, not sure how to go about with PHP with Marketo, new to this.

Will it be possible to give some more guidance?

Thanks!

1. Create a php file with the above code on your server

1.1 if you don't have a custom field already, create a custom string field to save your hash of the email address

2. Create the Marketo webhook

3. Map the response

4. Create your smart campaign

flow:

Sorry, will the link still be: https://mydomain.com/dtm_email_hash={{lead.Email Address}},

Plus why do we need the Data Value Changes in smart flow? Not sure how I would test it as this makes it triggered and cannot Run Once

will the link still be: https://mydomain.com/dtm_email_hash={{lead.Email Address}},

It would be {{lead.Hashed Email Address}} as of course you're writing the hash to a different field.

Plus why do we need the Data Value Changes in smart flow?

It's in the trigger (Smart List), not the flow (you probably meant that).

You need to update the hash value when (a) the lead is created and (b) the email address changes. You also need a third trigger, (c) Campaign is requested, for backfill and for testing.

It's still causing me pain to imagine you maintaining a separate server for this job. I might just have to write the SHA-256 code for you so I stop groaning... when are you trying to deliver this by?

I don't believe any of Marketo's Launchpoint partners offer a hashing webhook or service that's applicable. I'm hoping that will change as that would make this a lot easier.

In the meantime: It would make sense to use a Function-as-a-Service (FaaS) provider like Microsoft Azure Functions to implement a custom webhook without the need to maintain a server infrastructure. Azure Functions—Develop Faster With Serverless Compute | Microsoft Azure 

You could use a PowerShell script to create the hash: Get-FileHash

Thanks Tony! but not sure I have the knowledge to this.

I don't believe any of Marketo's Launchpoint partners offer a hashing webhook or service that's applicable.

Oh, there's one. And has been for years.

This is getting quite silly, but those are the rules.

The leads are existing Leads we send these emails to, so email address will never change and no new is being created.

Sanford that would be great help if you could create the SHA-256 code  I am sure it will come in handy for a lot of of others using Marketo. Trying to have this up and running within 5 to 7 days, is that duable?

Thanks for all your help. 

I honestly doubt it'll be used by anybody else. But that's not why I do what I do.

If next week is as slow (US holiday) as projected, I should be able to get it done by next Saturday.

One last check, though, before I get into coding: if this is a one-time load from a single source, can we do the hashes offline? It's easy to gen using a Google Sheet, for example.

Hi Sanford, it will not be one time load - all customers in our database will be affected at some point.

Basically we are working with Conversant(part of Commission Junction), they have provided those parameters which will allow them to track our customer behaviour but we need the email address encrypted.

We add the following to our email head:

Email Tag Code:

<img src="http://login.dotomi.com/ucm/UCMController?dtm_com=2&dtm_cid=61538&dtm_cmagic=a0ad3c&dtm_fid=<Form ID..." width="1" height="1" border="0"> <!-- End Conversant Tag -->

and links will have the following parameter:

dtm_email_hash parameter (dtm_email_hash={{lead.Email Address}}) should be encrypted using SHA256 hashing as that is personal information...which will look something as follows: https://www.domain.com?dtm_email_hash={{hashed_lead.Email}}

If you can help with the coding, would be gratefully appreciated  - as you said using base64 now.

Thanks for all your help! 

Why specifically are they asking for SHA256, as opposed to any nonreversable code that you can link back to the Marketo lead? Are you preloading their database with all the emails as well, so their reports will show plaintext email addresses? Or are they just going to show hashes back to you?

Hi Sanford,

Not sure answer to on any of those, I was told that the email address needs to encrypted as it is personal data, below is what they mentioned - 

Yes, encryption is required as that is personal data and we would want to make sure CNVR does not ingest those due to legal reasons.

Hope you still can help.

Thanks again.

It sounds to me like you can use the Marketo Unique Code in this case. It cannot be reversed into an email address; only within your Marketo db is it significant. Debatably, it's even more secure than the hash, since you can't test known email addresses against known Unique Codes, there's no correspondence.

Note SHA-256 isn't encryption, it's a nonreversable hash, so their terminology is off.

I'm lost in all this process, not sure which way to go.

Do you have example how to use Unique codes or will best option be coding some velocity using Base64.

Thanks

Hi Sanford,

This is what conversant has come back to me with - 

The main purpose of email tagging is to help conversant identify Farnell customers and be able to reach (Display ads) them online within different devices. The reason for SHA256 is because the customer file we receive from your company is hashed out with SHA256. Having SHA256 on the email tagging, we can then map the hashed email address to a User in conversant since those are in the customer file as well. Also, just to clarify, we don’t reverse the hashes to its normal email address as those become PII information.

Not sure what to make of this.

Since you're already creating a the hash to provide to Conversant for matching, it seems to me that the easiest solution would be to create a custom field in Marketo, populate values using a list import ( Import a List of People - Marketo Docs - Product Documentation ), and then include the custom field value in your links.

That technique uses data you already have and avoids the complication of webhooks. The downside, of course, is that the fields need to be kept up-to-date. You'd need to update field values each time you provide a new file to Conversant. The same can be accomplished using the API which you might allow you to incorporate Marketo updates into the process that creates the file in the first place ( https://developers.marketo.com/rest-api/bulk-import/bulk-custom-object-import/  )

The best import performance will be accomplished by only including newly acquired leads in each import, of course.

The leads are existing Leads we send these emails to, so email address will never change and no new is being created.

I find that very hard to believe. What kind of database has email addresses that are immutable?