This content has been marked as final. Show 3 replies
Is this Marketo form hosted on a Marketo landing page, or embedded somewhere else? Have the users you are targeting already been cookied on the form's domain by Munchkin?
The querystring method does have its pitfalls, and without SSL encryption, that information is sent in-the-clear. If the page you are sending the request to has SSL (and the request is sent via HTTPS), the request itself (including the URL and its querystring parameters) is encrypted. This does protect the contents of the querystring from basic packet-sniffing.
However, the URL + querystring would be stored unencrypted in multiple, potentially insecure locations:
- The email body
- The user's browsing history
- The webserver's logs
Depending on how sensitive the information is, this could be a dealbreaker, specifically because you are storing the unencrypted information on someone else's computer (your user's).
Hope this helps.
Let’s first answer your questions.
Passing information through the URL will work but a few caveats:
- URLs might end up being really long
- Other tracking tools that you might be using (Google Analytics) will also store the data passed in the URL. In the case of google analytics it will track the page views for that page for every different values passed in the URL which might create reporting problems later.
- Passing personal identifiable information should never be done. Same for any sensitive information you have.
- The URL can pass parameters through a GET method or a POST method. POST will be what you say hidden but the Marketo form won’t find it. Also you cannot make POST requests from an email.
This might look complicated but any web developer (well maybe not any) will be able to work with you. I do not believe that Marketo will solve your problem out of the box.
Hi, Thank you for your replies.
Kyle - The form is embedded in a Marketo Landing Page, but we are not using SSL encrypted forms at the moment.
As far as storing that information on the user's computer is concerned, that is not too much of an issue since it is that user's information itself.
However I understand that this is not the safest way to go about it, which is why I think that using a session cookie, as Fernando has suggested, will be a better approach.
Thanks again for the answers!