Customer blocks all Marketo emails and will not whitelist Marketo IPs.

I know "spend money" isn't always the most palatable answer, but in this case it may be your best bet. Marketo offers end-to-end branding of your outgoing mail systems in its highest deliverability package; even if you have a dedicated IP, for instance, it still signs as [dedicatedserver].mktdns.com and can be detected as a Marketo mailer. As for a few of your other questions, CC'ing Kiersti Esparza and Carmi Lopez-Jones.

I had a similar question a few months back -- check out this post. Kiersti had some recommendations on Regex whitelisting which would be a good counter offer to your customers (a way of whitelisting ONLY one domain within Marketo, not the whole server). Unfortunately, my customers were not able to implement Regex whitelisting, so I'm curious to see if anything new has come up...

Really? I can't have my customers whitelist my account?

There's a part here that's missing, though... if the company's explicit policy is to not accept emails sent "from Marketo," then any attempt to get around by disguising the Marketo origin is unethical.  It's equivalent to circumventing anti-tracking protection by making Munchkin track via a non-Marketo domain: explicitly working around the end user's preferences.

Here, the true end user (the email recipient) might not mind getting your email; indeed, when we've dealt with this, an existing customer had 100% trust that the client wasn't spamming.  But if that customer's IT is explicitly anti-Marketo (or anti-marketing in general) it's not right to try go around that.  On the other hand, if the IT is either ignorant of how their own policy is affecting business, or doesn't have the technical tools to selectively whitelist (as in the case JD mentions) but they're theoretically in favor, then it's okay to move forward.  It's important to know which bucket this falls into.

On a technical level, the only sure method is to gateway email for those specific domains through a separate mailserver that you run yourself. You can strip all identifying marks this way, not only because you own the IP address but all Marketo headers can be stripped.  It's a pretty drastic measure but the ROI may well justify it!

Sanford Whiteman makes some good points above about navigating your IT department's explicit policies.

The options Marketo has that could help your particular situation, if IT would be willing to whitelist JUST your traffic, are

• The link shared above that talks about using RegEx for whitelisting, Really? I can't have my customers whitelist my account?
• A dedicated Marketo IP that can be whitelisted so it's only your traffic.
• Or  brand the domains used to send the email with your domain - that can be whitelisted.  A lot of times IT departments can whitelist the MAIL FROM email header which is often different than the Friendly From that email recipients see in the email envelope.  The MAIL FROM is where bounces and errors are sent from and points back to Marketo servers.  This can be branded with your domains if you send from a dedicated IP OR are sending from Marketo's Trusted IPs.  This is a free benefit when sending from Marketo's Trusted IPs. 

It appears you may qualify to send from Marketo's Trusted IPs.  The requirements are that you send <75K a month and have not triggered any blacklist or spamtrap complaints in a year.  Please apply here and if approved let the Email Deliverability Rep that responds to your application that you'd like to leverage the free branding for your sending domains.