Have you reviewed the Marketo Product Docs for deliverability? Deliverability - Marketo Docs - Product Documentation
Some other useful resources:
Do you have a gmail account you can send tests to (either work or personal)? If you open the message and select "view original" you'll get a view like this that will show that your SPF, DKIM, and DMARC passed:
You can also check this in the header code if you don't use gmail, but gmail makes it really easy. I like MXToolbox for checking DNS records.
1 of 1 people found this helpful
Whitelisted the Marketo ISPs for each
This part doesn't make sense for 3 reasons.
First: a minor point, you probably meant "IP" not "ISP".
Second: in context, it sounds like you whitelisted the IPs of the Marketo landing page (*.mktoweb.com) and click tracking (mkto-*.com) servers. This has no effect on email: neither of those servers send outbound mail to your corporate mailserver.
Third: if you meant to whitelist the IP ranges of Marketo's outbound mailservers, you shouldn't do that. That's not, despite what some believe, a standard part of setting up a functioning Marketo instance. Having your corporate anti-spam/anti-abuse policies applied to Marketo email is your first line of detection. You want to know that an active mail protection layer, which is presumably typical for your industry -- there aren't too many bespoke anti-spam systems out there anymore, sadly, just a "Big 5" or "Big 3" -- is inspecting and passing your email.
Furthermore, if you're on a shared Marketo server you'll be asking IT to whitelist... I'm gonna say it... spam from other users. Let's be good citizens and not do that.
Now, you may want to ask your IT to loosen inbound rate limits for the Marketo mailservers. But that's not the same as general whitelisting. When you send a lot of emails + tests to internal employees that can create spikes in traffic that may not represent the number of recipients you typically send to at a single domain, so in that case making an exemption is OK. Though even there you're distorting things a bit and it's best left alone.
Also, you should tell us your real domains. It's all public information by definition, and this allows us to do a quick checkup (for example, it's easy to break an SPF record completely by incorrectly including Marketo's SPF: see these three posts).