AnsweredAssumed Answered

Customer blocks all Marketo emails and will not whitelist Marketo IPs.

Question asked by Andrew Sielen on Nov 27, 2018
Latest reply on Nov 30, 2018 by Andrew Sielen

Like • Show 0 Likes0
Comment • 5

We have a few customers that are refusing to whitelist any emails (even just ones from our domain) from Marketo IPs (or in their words 'MKTOmail tool') in fear of spam as they claim they have 'vast' amounts of spam coming from marketo IPs. We are using Marketo to send Release Notes to customers who have requested them, but we are hitting a wall with a few of our customers. They refuse to even discuss whitelisting anything from Marketo. Fortunately they are willing to let us know the issue, but their solution is to have us email it to yourself and then forward it to them from gmail. Not the most ideal solution.

We have gotten essentially the same feedback from 4 customers so far. But from our research we think it is hitting about 20% of our customer accounts. (Based on them matching the same pattern as accounts we know have the same problem: all the emails are marked as delivered but they don't have a single open.)

We are fully DMARC compliant with SPF and DKIM setup.

Would a dedicated IP from Marketo solve this issue for us (knowing that it could also potentially cause other issues)?

What is Marketo doing to identify spam sent from marketo IPs? It seems marketo's email reputation isn't great in some IT spaces.

Anyone else hit this roadblock before?

Kiersti Esparza

Nov 27, 2018 3:06 PM

Correct Answer

Sanford Whiteman makes some good points above about navigating your IT department's explicit policies.

The options Marketo has that could help your particular situation, if IT would be willing to whitelist JUST your traffic, are

The link shared above that talks about using RegEx for whitelisting, Really? I can't have my customers whitelist my account?
A dedicated Marketo IP that can be whitelisted so it's only your traffic.
Or brand the domains used to send the email with your domain - that can be whitelisted. A lot of times IT departments can whitelist the MAIL FROM email header which is often different than the Friendly From that email recipients see in the email envelope. The MAIL FROM is where bounces and errors are sent from and points back to Marketo servers. This can be branded with your domains if you send from a dedicated IP OR are sending from Marketo's Trusted IPs. This is a free benefit when sending from Marketo's Trusted IPs.

It appears you may qualify to send from Marketo's Trusted IPs. The requirements are that you send <75K a month and have not triggered any blacklist or spamtrap complaints in a year. Please apply here and if approved let the Email Deliverability Rep that responds to your application that you'd like to leverage the free branding for your sending domains.

See the reply in context

2 people also had this question

Outcomes

Courtney Grimes

Nov 27, 2018 1:43 PM

I know "spend money" isn't always the most palatable answer, but in this case it may be your best bet. Marketo offers end-to-end branding of your outgoing mail systems in its highest deliverability package; even if you have a dedicated IP, for instance, it still signs as [dedicatedserver].mktdns.com and can be detected as a Marketo mailer. As for a few of your other questions, CC'ing Kiersti Esparza and Carmi Lopez-Jones.

Actions

JD Nelson

Nov 27, 2018 2:10 PM

I had a similar question a few months back -- check out this post. Kiersti had some recommendations on Regex whitelisting which would be a good counter offer to your customers (a way of whitelisting ONLY one domain within Marketo, not the whole server). Unfortunately, my customers were not able to implement Regex whitelisting, so I'm curious to see if anything new has come up...

Really? I can't have my customers whitelist my account?

Actions

Sanford Whiteman Nov 27, 2018 2:33 PM

There's a part here that's missing, though... if the company's explicit policy is to not accept emails sent "from Marketo," then any attempt to get around by disguising the Marketo origin is unethical. It's equivalent to circumventing anti-tracking protection by making Munchkin track via a non-Marketo domain: explicitly working around the end user's preferences.

Here, the true end user (the email recipient) might not mind getting your email; indeed, when we've dealt with this, an existing customer had 100% trust that the client wasn't spamming. But if that customer's IT is explicitly anti-Marketo (or anti-marketing in general) it's not right to try go around that. On the other hand, if the IT is either ignorant of how their own policy is affecting business, or doesn't have the technical tools to selectively whitelist (as in the case JD mentions) but they're theoretically in favor, then it's okay to move forward. It's important to know which bucket this falls into.

On a technical level, the only sure method is to gateway email for those specific domains through a separate mailserver that you run yourself. You can strip all identifying marks this way, not only because you own the IP address but all Marketo headers can be stripped. It's a pretty drastic measure but the ROI may well justify it!

Actions

Kiersti Esparza

Nov 27, 2018 3:06 PM

Sanford Whiteman makes some good points above about navigating your IT department's explicit policies.

The options Marketo has that could help your particular situation, if IT would be willing to whitelist JUST your traffic, are

The link shared above that talks about using RegEx for whitelisting, Really? I can't have my customers whitelist my account?
A dedicated Marketo IP that can be whitelisted so it's only your traffic.
Or brand the domains used to send the email with your domain - that can be whitelisted. A lot of times IT departments can whitelist the MAIL FROM email header which is often different than the Friendly From that email recipients see in the email envelope. The MAIL FROM is where bounces and errors are sent from and points back to Marketo servers. This can be branded with your domains if you send from a dedicated IP OR are sending from Marketo's Trusted IPs. This is a free benefit when sending from Marketo's Trusted IPs.

Actions

Andrew Sielen Nov 30, 2018 10:28 AM

Thank you all for you insights.

We are going to try to work with them to implement the regex whitelist pattern. From chatting with them more, it seems like their IT team's policy may not be as hard line as they initially said it was.

Actions

5 Replies

Courtney Grimes Nov 27, 2018 1:43 PM
Mark Correct
Correct Answer
I know "spend money" isn't always the most palatable answer, but in this case it may be your best bet. Marketo offers end-to-end branding of your outgoing mail systems in its highest deliverability package; even if you have a dedicated IP, for instance, it still signs as [dedicatedserver].mktdns.com and can be detected as a Marketo mailer. As for a few of your other questions, CC'ing Kiersti Esparza and Carmi Lopez-Jones.
Like • Show 1 Like1
Actions
JD Nelson Nov 27, 2018 2:10 PM
Mark Correct
Correct Answer
I had a similar question a few months back -- check out this post. Kiersti had some recommendations on Regex whitelisting which would be a good counter offer to your customers (a way of whitelisting ONLY one domain within Marketo, not the whole server). Unfortunately, my customers were not able to implement Regex whitelisting, so I'm curious to see if anything new has come up...

Really? I can't have my customers whitelist my account?
Like • Show 0 Likes0
Actions
Sanford Whiteman Nov 27, 2018 2:33 PM
Mark Correct
Correct Answer
There's a part here that's missing, though... if the company's explicit policy is to not accept emails sent "from Marketo," then any attempt to get around by disguising the Marketo origin is unethical. It's equivalent to circumventing anti-tracking protection by making Munchkin track via a non-Marketo domain: explicitly working around the end user's preferences.

Here, the true end user (the email recipient) might not mind getting your email; indeed, when we've dealt with this, an existing customer had 100% trust that the client wasn't spamming. But if that customer's IT is explicitly anti-Marketo (or anti-marketing in general) it's not right to try go around that. On the other hand, if the IT is either ignorant of how their own policy is affecting business, or doesn't have the technical tools to selectively whitelist (as in the case JD mentions) but they're theoretically in favor, then it's okay to move forward. It's important to know which bucket this falls into.

On a technical level, the only sure method is to gateway email for those specific domains through a separate mailserver that you run yourself. You can strip all identifying marks this way, not only because you own the IP address but all Marketo headers can be stripped. It's a pretty drastic measure but the ROI may well justify it!
Like • Show 2 Likes2
Actions
Kiersti Esparza Nov 27, 2018 3:06 PM
Unmark Correct
Correct Answer
Sanford Whiteman makes some good points above about navigating your IT department's explicit policies.

The options Marketo has that could help your particular situation, if IT would be willing to whitelist JUST your traffic, are
- The link shared above that talks about using RegEx for whitelisting, Really? I can't have my customers whitelist my account?
- A dedicated Marketo IP that can be whitelisted so it's only your traffic.
- Or brand the domains used to send the email with your domain - that can be whitelisted. A lot of times IT departments can whitelist the MAIL FROM email header which is often different than the Friendly From that email recipients see in the email envelope. The MAIL FROM is where bounces and errors are sent from and points back to Marketo servers. This can be branded with your domains if you send from a dedicated IP OR are sending from Marketo's Trusted IPs. This is a free benefit when sending from Marketo's Trusted IPs.
It appears you may qualify to send from Marketo's Trusted IPs. The requirements are that you send <75K a month and have not triggered any blacklist or spamtrap complaints in a year. Please apply here and if approved let the Email Deliverability Rep that responds to your application that you'd like to leverage the free branding for your sending domains.
Like • Show 0 Likes0
Actions
Andrew Sielen Nov 30, 2018 10:28 AM
Mark Correct
Correct Answer
Thank you all for you insights.

We are going to try to work with them to implement the regex whitelist pattern. From chatting with them more, it seems like their IT team's policy may not be as hard line as they initially said it was.
Like • Show 0 Likes0
Actions

Customer blocks all Marketo emails and will not whitelist Marketo IPs.

Outcomes

Related Content

Recommended Content