Knowledgebase

Featured article

(Article Updated - August 2024) Overview A blocklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam. Internet Service Providers (ISPs) and business email networks use information from blocklists to filter out unwanted email. As a result there can be a drop to inbox delivery rates if the IPs or domains involved with sending email are listed on a blocklist. Marketo’s Email Delivery and Compliance team monitors blocklist activity on our IPs and domains daily. When an impactful listing occurs, we reach out to the blocklist, attempt to identify the sender that triggered it, and work with the blocklist organization to get the listing resolved. There are thousands of blocklists, most will not have a significant impact on your delivery rates. Below, we have compiled a list of the blocklists that commonly appear across our sender ecosystem. Each blocklist has been grouped into a top tier (Tier I) by most impactful, to the bottom least impactful tier (Tier III). These may have little to no impact across our sender network. Tier I Blocklist Spamhaus (SBL) Impact: Spamhaus is the only blocklist that we categorize as a Tier I for a reason: it has by far the greatest impact on delivery. It is the most well-respected and widely used blocklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%. Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blocklists, Spamhaus lists senders manually. This means they are proactively watching sender activity, collecting data, and base listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next Steps: Please note that every Spamhaus email can be quite different depending on the information provided and the nature of the listing . Because Spamhaus has multiple types of listings, the remediation steps are based on which type of blocklisting has occurred. We have listed the most common types to affect Marketo customers, from most to least impactful. Impact can range from a full block of top severity, to a partial block that is less severe (CSS Data, DBL). If remediation isn’t performed and the problem not addressed, these listings can increase in severity and turn into a full blocklisting. Spamhaus Blocklistings Types SBL (full blocklisting) Considered the most impactful. Remediation steps: Our team monitors closely for Spamhaus listings. Once alerted to the listing, we send an email notifying the customer, and reach out to the Spamhaus contact to start the remediation process. Only a Marketo delivery team member should be in direct correspondence with the Spamhaus contact, to speak on behalf of the customer, and to relay their questions and instructions, ensuring quick resolution and reduced impact. Senders that trigger this listing on a shared IP range will be moved to a more isolated, penalty range (IPB), so as not to impact the other shared senders. Those affected on a Dedicated IP, only impact their own sending and will not be moved. However, depending on the severity of the issue, our team may need to revoke a customer’s ability to send any emails until full resolution. The listing will last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem. SBL CSS Customers are alerted of the listing with an email containing all the information needed to immediately begin the remediation process. This is part of an automated trigger listing, that allows for a customer to delist directly on the Spamhaus website, after they’ve completed remediation. Remediation steps: Customers will go to the Spamhaus IP lookup website, at https://check.spamhaus.org, where they can check on the status of their IP and continue to monitor it in real time, until it is no longer listed there. Follow the remediation and delisting instructions provided, and check for specific details in the blocklist notification email. DBL (Domain blocklisting) Customers will receive an email notification alerting of the company domain being listed. The email will contain specific information to help narrow down and identify which email source likely triggered it within Marketo. It’s important to note that any email sent from outside of Marketo, that contained the company domain, is suspect. This means, if the sender uses multiple IPs and/multiple email platforms, then any of those could be the source. Remediation steps: Follow the detailed instructions in the email, which will also provide a link to the Spamhaus Domain reputation checker webpage, to check the real time listing status of the affected domain. Once the email source is identified and cause addressed, this customer will follow the online instructions to request to be delisted. Tier II Blocklist SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions, but it makes it to the Tier II list because it can have a significant impact on B2B email campaigns. SpamCop is considered a Tier I one blocklist for B2B marketers but a Tier II for B2C marketers. SpamCop is a dynamic IP blocklist, that can affect a single IP or a subset of IPs Typically, the block will automatically lift within one business day, but can take longer for relisted IPs. To have triggered a SpamCop listing likely means the sender has a list management problem that should be addressed. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Remediation steps: If you are seeing a significant number of bouncing emails caused by a SpamCop blocked IP but aren’t sure if your email activity triggered the listing, first identify whether you are sending on a shared sender network or not. If sending from a shared IP range when this occurs, you or any other customer sending from the same network may have contributed to the IP block. This IP block will automatically get dropped within a business day. For those on a Dedicated IP that trigger a listing, refer to the above remediation steps and resources, to address the list management issue. Tier III Blocklist (Low/ No impact ) These are considered the lowest tier and therefore cause the least impact across the Marketo sender ecosystem. Some of these blocklists were more impactful at one time, while others are only impactful based on the sender region (Manitu). Others still can suddenly flare up (Lashback). There are also many blocklists that are ignored (0spam), and are not taken seriously because they do not provide any means to delist once on the list (NoSolicitado) or that they charge money to have the listing removed ( UCEPROTECT ). The pay-to-delist model is not well respected in the email industry. When using blocklist tool checkers, such as MXToolBox, many blocklists will appear, but very few are relevant. Here is our selection of Blocklists you may come across that are least impactful: Project Honey Pot SpamAssassin URIBL/SURBL DrMX PSBL 0spam HostKarma Ascams ZapBL Barracuda Trendmicro Inc. Cloudmark Proofpoint Invaluement ISP Blocklists Some ISPs use internal blocklists to make blocking decisions. Examples include AOL, Yahoo, Gmail, Outlook and Hotmail. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for significant ISP blocks. Those experiencing deliverability issues with emails not making it to the Inbox and bulking in the spam folder may benefit from additional services with our Email Delivery Consultants. Remediation Steps: Email Delivery Compliance Team works to resolve any ISP blocks. ISP blocks are are usually resolved or lifted within less than 24 hours of a delisting request. Customers experiencing significant blocks for Microsoft domains (outlook.com, live.com, microsoft.com), can submit a request to the delivery team to seek mitigation on their behalf. Additional Resources: Blocklist Deep Dive Abuse Report Deep Dive What is a spamtrap, or spam trap, and why does it matter? Blocklist remediation Blocklist resolution flowchart Successful lead reconfirmation What is a blocklist?

NOTE: To secure your Marketo landing pages requires either Marketo SSL for Landing Pages (obsolete service) or Secured Domains for Landing Pages. Please contact your Marketo Customer Success Manager for more information or to purchase. With Marketo’s Secured Page Services: SSL for Landing Pages, Marketo customers were responsible for providing the original SSL certificate and updated certificates upon expiration. If you have reached this page because you are providing an updated certificate, an upgrade is required. What’s changing: Marketo has discontinued the Secured Page Services: SSL for Landing Pages service and its manual certificate renewal process. This is being replaced with the Marketo Secured Domains for Landing Pages product which provides all needed certificates and manages renewals automatically. Action Required: Please contact your Marketo Customer Success Manager to add the the Secured Domains for Landing Pages product to your subscription. Once you’ve purchased Secured Domains for Landing Pages for your instance: OPEN A NEW SUPPORT CASE Marketo login required. Select Case Type - "Help me setup/create" Select Case Issue - "System Configuration" If you have multiple instances, please provide us with the Munchkin Code (Found in Admin > Munchkin) of the instance that is ready. Format ###-XXX-###. Marketo will then have certificates generated to cover all the domains and subdomains that you’ve set up in your instance. Within 3-business days, we will create a secure server endpoint. Please plan accordingly for this 72-hour turn-around-time. How is the new Secured Domains for Landing Pages Better? With Marketo’s new Secured Domains for Landing Pages product, you no longer have to provide renewal/updated certificates to Marketo. We’ll procure any necessary certificates and manage their renewals automatically – giving you a more secure and convenient solution for securing your pages! For more information, please see our Overview & FAQ: Secured Domains for Landing Pages. Do I have to upgrade? An upgrade is required. Marketo no longer supports the legacy Secured Page Services: SSL for Landing Pages certificate renewal process.

What’s changing? On February 21, 2019, Webkit announced the new release of Safari’s Intelligent Tracking Prevention (ITP), known as ITP 2.1 and ITP 2.2 shortly thereafter. With ITP 2.x, all persistent client-side cookies, i.e., non-session cookies created via JavaScript through document.cookie, are capped to a seven-day or one-day expiry. Mozilla Firefox and Google Chrome have also announced their intent to conform to these new policies, though no details or dates have been released. How does this impact Web Personalization? As a result of these changes to the cookie policy, 7 days after their initial tracked visit to your domain, the RTP cookies of visitors using Safari (or future affected browser versions) created with the existing versions of RTP JavaScript will expire, and on subsequent visits, they will be tracked as a new visitor. How does RTP operate? On a person’s first visit to a page where rtp.js is loaded, a new anonymous person record is created in Marketo Web Personalization. The primary key for this record is the trwv.uid which is created in the user’s browser. All subsequent activities on Campaigns, Rich media and Recommendation bars are recorded against this anonymous record. In order to be associated with a known record in Web Personalization Marketo, one of the following methods should be used: The person may visit a Munchkin-tracked page with a mkt_tok parameter in the query string from a tracked Marketo email link. The person may fill out a Marketo Form. REST Associate Lead call must be sent. Once one of these actions is completed, the cookie and all its associated web activity will be associated with the known record. How is Marketo planning to address ITP concerns? Marketo will implement a new web service to allow RTP cookies to be set with a Set-Cookie header via HTTP response, so that they may bypass the 7-day expiry cap imposed when setting cookies via JavaScript. Do I need to do anything to take advantage of these updates? If you have incorporated the changes as part of the Munchkin update for ITP (which was rolled out in the last release) then you do not have to take any action. Please refer to this link for details : https://nation.marketo.com/t5/Knowledgebase/Browser-Cookie-Updates-How-Marketo-Munchkin-Is-Affected/ta-p/251524 If not please follow the below steps: In order to leverage the new behavior and take advantage of the greater expiry period and tracking capabilities, ensure that you have configured the following: A Landing Page CNAME Secured Landing Pages (i.e. HTTPS) For external pages, you must have configured a Landing Page Domain or Domain Alias with a Top-Level Domain (TLD) matching the external domains which you wish to track For example, if you have pages on the domain www.example.com which are tracked, you must have configured an LP Domain or Alias which is a subdomain of example.com, like munchkin.example.com What happens if I do nothing? RTP’s ability to track users across sessions on the same domain will remain limited by ITP to either 1 or 7 days based on the browser and browser version used by the visitor. As of this posting, this only affects visitors using the Safari browser, although Chrome & Firefox may follow suit with their own versions. When will the solution be launched? All customers should expect to have the solution with the Jun 2020 Marketo release. Note: Please feel free to refer the link for the munchkin update for ITP which was part of the earlier release: https://nation.marketo.com/t5/Knowledgebase/Browser-Cookie-Updates-How-Marketo-Munchkin-Is-Affected/ta-p/251524 Google Chrome Update (Feb. 2020): Google recently announced that the Chrome browser will block all third-party cookies within two years; however, since Marketo uses 1st party cookies, this update regarding 3rd party cookies will NOT affect your Marketo tracking efforts. For further context about 3rd party cookies in general, and the industry shift away from using them, please see the following article for Adobe's stance across the Experience Cloud Solutions: medium.com/adobetech/an-adobe-perspective-google-chromes-announcement-on-the-future-limits-o...

Issue The email was sent from an engagement program or email program where Recipient Time Zone was enabled, however, emails sent to several leads were not sent based on their time zone. Solution If the time zone calculation for the affected leads falls under the conditions mentioned in https://docs.marketo.com/display/public/DOCS/Understanding+Recipient+Time+Zone, then check in [Admin > Field Management] if the Person Time Zone field is hidden. If this field is hidden, then this would be the reason as this field is where the Person's Time Zone is stored for when it is calculated and is used to determine the Recipient Time Zone for sending emails.

Issue Field labels on a form have been updated, however, they are not displaying on the Marketo Landing Page, even though the Marketo Form and Marketo Landing Page has been approved since the update. Solution The reason why it appears the updated field labels are not displaying on the Marketo Landing Page is that the field labels that are being displayed are not the field labels that were edited. The field labels that are being displayed is what is defined in the Visibility Rules of the fields. To ensure that the updated field label is displayed on the Marketo Landing Page, the field label in the Visibility Rules must also be updated https://docs.marketo.com/display/public/DOCS/Dynamically+Toggle+Visibility+of+a+Form+Field

Issue In an instance where there are multiple workspaces, when creating a new email and right-clicking on a Marketo Starter Template to send a sample email, an error is displayed: Access Denied This error occurs even though the user has all permissions to Access Design Studio and all permissions to Access Marketing Activities. This includes the 'Run Single Flow Action' permission which is required for sending sample emails: "You must have the Access Database - Run Single Flow Actions permission to send sample emails." https://docs.marketo.com/display/public/DOCS/Send+a+Sample+Email Solution This error can occur if the user does not have access to the Default workspace. To solve this, the user must be provided with access to the Default workspace in [Admin > Users & Roles]

Summary Leads/Forms are not appearing in Marketo but are appearing in Linkedin Issue Troubleshooting LinkedIn Lead Gen Forms issues - Leads/ Forms are not appearing in Marketo but are appearing in LinkedIn Solution Most of the time this issue is caused by insufficient permissions for the user specified in the LaunchPoint Service under "Admin > LaunchPoint." This article mentions what is required for LinkedIn lead gen forms to work on LinkedIn for the user, this is not for Marketo but it makes a great reference. linkedin.com/help/lms/answer/79635 For Marketo, we require full permissions for the integration to work. - Campaign Manager OR Account Manager (The integration user will only be able to have one of these permissions) - Company Page Admin - Lead Gen Forms Manager Ensure that the user has all 3 permissions. If you made some changes to the permission, re-authorize LaunchPoint service and, try again. I would also recommend deleting and re-creating the LaunchPoint service. It is recommended every time you make changes to the permission so that the connection works without any issue. You could see the form in Marketo after this step. If any one of the permissions is added later, I recommend creating a test lead on the form referring the document - https://www.linkedin.com/help/lms/answer/94217. The leads that fill out the form after this step would be found on Marketo. You could List Import the other leads that filled out the form. If you are still facing the issue after verifying the above steps, please raise a support ticket with Marketo. We could verify whether the issue is with Marketo or the Integration itself.

Issue When a Marketo field is synced to a SFDC field with a picklist, that picklist will be synced to Marketo when the field is added to a Marketo form. The values section of the field in the form will show the values from SFDC. However this does not occur with the standard state field in Marketo. Solution The state field's form picklist is not updated because it is automatically populated with the 50 US states. To get around this, you can either manually update the values in the picklist in the form, or you can use a custom Marketo field. This field can be remapped to the state field in salesforce with assistance from support.

Issue Issue Description Marketo allows you to upload any file type to your instance (100MB or less) but these files don't always download automatically or open in a new browser tab or window consistently between users. Solution Issue Resolution Marketo's servers are not configured to force a download, so any desired effect is up to the user and/or utilizing custom code to achieve that effect. How a file is handled or displayed is largely up to the browser and you will need to test whether your specific desired outcome is possible. Keep in mind, this may vary by file type and file size and may not be feasible.

Issue Issue Description You encounter the error "You do not have permissions to do this" in one of the following situations: When you are creating an email template, you click on the Validate HTML button When you are trying to edit an existing email Solution Issue Resolution This error is caused by Javascript in the HTML of the template. Email clients do not often allow <script> and Javascript in their Emails, so even though the email asset may be able to be approved, the email will present this error if attempted to be edited again or if you attempt to validate the HTML. The solution in this situation would be to remove the <script> tag, including all Javascript, from the email HTML. After this, you should be able to edit the email or validate the HTML. If you are unable to actually edit the asset, the workaround is to clone the asset. If you clone the email, it can open in the editor and then you have the ability to remove the script. After this, the email will be good to go.

Issue When I go to the Support area of Nation, I do not have full access to all the areas and tools. Solution Our system is specific about how you need to access the Support Portal before we can authorize you to use it. The proper steps to take for us to authorize, and for you to submit cases, are as follows: Log into your instance Click the Community tile (step 1 image) Click Support in the top banner (step 2 image) Click Submit a Case option (step 3 image) Choose from top options depending on what you need to do (step 4 image) Create a case, Manage authorized contacts, edit your Info Simply going straight to the nation.marketo.com will not have the desired result. You must access the Support Portal from your instance by using these steps so that our system recognizes you properly. If this is your first time following these steps, your view of Step 3 will be different- not to worry, as that will be updated for you manually. Step 1 Step 2 Step 3 Step 4 If you experience issues, please email marketocares@marketo.com

Issue Issue Description When a lead is created through an API call, the Reason and Source attributes say "Web Service API" with no further detail. Solution Issue Resolution As described in the doc here, https://docs.marketo.com/display/DOCS/Understanding+System+Managed+Fields, "Source" and "Reason" fields are managed by Marketo: Web Service API for Original Source Type means Person was discovered by a web service API. For Registration Source Type, it states that Person was created via SOAP/REST API When a lead is created via API, no additional "Source" or "Reason" is provided to Marketo. A possible workaround is to create a custom field and populate it as needed through the API.

Issue Issue Description When adding a new field to MSD Custom Object sync, the field just reports Fieldname(syncing...) and never actually syncs. Solution Issue Resolution The current workaround would involve the following: Disable the native sync. Disable the object sync in the custom entity because that will drop the table entirely in the database. Then, re-enable the sync for the custom object, including all field to sync and use for filter and triggers to recreate the table in the database. This should sync all of the fields including the new one. Who This Solution Applies To Customers with MS Dynamics

Issue Issue Description API Only user is not appearing when creating a service in [Admin > LaunchPoint] Solution Issue Resolution It is highly likely that the reason why the API user was not appearing because it did not have "API Only" ticked. This can be checked in [Admin > Users & Roles > User > Edit User]. However, this cannot be modified once the API user is created, so in order for the API user to appear in LaunchPoint, "API Only" must be ticked when the API user is created. Reference: Create an API Only User Role Who This Solution Applies To Admin users

Issue Issue Description An email was sent to leads but immediately returned an 'Email Bounced Soft' Activity Type with the Activity Details stating: 'Details: Empty address: []' Solution Issue Resolution This is due to a token used in the 'From Address' Field in the Email editor that does not have a valid value or valid default value. For example: {{lead.Partner Email:default=edit me}} The Record's field value for 'Partner Email' is Empty. As there is no value for the record the token would use the default value 'edit me' which is not a valid value. A valid value must be an email string format such as mark@eto.com

Issue Issue Description When any link within an Email is clicked, the user is redirected to the wrong page. Solution Issue Resolution This can occur when Branded Tracking Links have been incorrectly configured and the user is being redirected to the fallback page. The following checks should be conducted: 1. Ensure the correct Branding Domain is listed in Admin > Email > Branding Domains. 2. Ensure your IT team have set a CNAME record to redirect from your Branding Domain to your Marketo Tracking Link. (e.g.mkto-****.com) Who This Solution Applies To Customers using Branding Domains

Issue Issue Description Importing a program from one subscription to another is failing and is returning the following error sent via email: Marketo encountered an error while importing [Program Name] The token "lead.First Name" is not available in the destination subscription. It is either a custom field that you have to create or need to be synced from your CRM system, if you use one. This is a article attached image Solution Issue Resolution Check if there is any malformed lead.First Name token in email Check if there is any malformed lead.First Name token in email template used by the email(s) in the program Check if there is any malformed lead.First Name token within a program token Check if there is any malformed lead.First Name token within smart campaign flow step(s) This error has been known to occur when the email template had a lead token coded as follows, with a line break between 'First' and 'Name': {{lead. First Name}} Note: In this scenario, the error message received via email is actually referring to the token in the email template that contains a line break between 'First' and 'Name' but is stripped out on the message when HTML is rendered.

Issue Issue Description You are unable to check any emails to select in the Email Filter section in the Setup tab of your report (http://docs.marketo.com/display/public/DOCS/Filter+Assets+in+an+Email+Report) when Global Reporting is enabled (http://docs.marketo.com/display/public/DOCS/Report+Email%2C+Campaign+Performance+Across+Workspaces). Solution Issue Resolution When using the Global Reporting feature in a report, you can only view a report for all emails across workspaces. You cannot filter the report to include only certain emails.

Issue Issue Description Landing Page is not selectable as a Web Page constraint value for a Fills Out Form trigger. Solution Issue Resolution Check if Landing Page is Approved Check if Landing Page is within the same workspace as the Smart Campaign with the Fills Out Form trigger [Note: this condition is only applicable if there are workspaces within the instance] Check if Landing Page is NOT within an archived folder Check if Landing Page has a form associated with it. If not, then it will not appear as a selectable option as Web Page constraint. While it is possible that a form can be inserted directly into the HTML of the landing page template, the landing page will not be associated with the form in this way. This is a article attached image For a Landing Page to be a selectable option as a Web Page constraint it must be associated with a form by inserting the form to the landing page via the UI as illustrated in our docs below: http://docs.marketo.com/display/public/DOCS/Add+a+New+Form+to+a+Free-Form+Landing+Page http://docs.marketo.com/display/public/DOCS/Add+a+Form+to+a+Guided+Landing+Page This is a article attached image

Issue Issue Description The user role has all the permissions to Design Studio, but whenever trying to preview an email, a limited access message is displayed: "You do not have sufficient privileges to perform this action" Solution Issue Resolution The user role must have permission to 'Access Database'. The full access to Database is not needed, just the main access by selecting 'Access Database' and unchecking everything else underneath. The reason for this permission is that, when previewing emails, you are able to select to preview an email as a specific lead. In order for this to happen, users will need access to leads.

Knowledgebase

Maintaining a Directory of Leads Bouncing Emails

Top Blocklists - What You Need to Know

Setting Up Secured Domains for Marketo Landing Pages - RENEWING SSL CERTIFICATES

Browser Cookie Updates: How Marketo/RTP Is Affected

Email was not sent based on Recipient Time Zone

Field Label not updating on Form in Landing Page

Unable to send sample email from Marketo Starter Template

Troubleshooting LinkedIn Lead Gen Forms issues

State field not pulling picklist from SFDC

CSV Files Hosted in Marketo’s Images and Files Don’t Always Download Automatically

Email Permission Error When Validating or Editing Email

Support Portal Access Issues

"Reason" and "Source" Attributes for a Lead's Activity Simply Say "Web Service API"

Adding New Field to MSD Custom Object Sync Stuck on "Fieldname(syncing...)"

API Only User Is Not Appearing When Creating a Service In Admin > LaunchPoint

Email Bounced Soft With Details 'Empty address: []'

Email Dashboard not Displaying Accurate Data

Email Links Aren't Going to Right Location

Error Importing Program -Token Is Not Available in the Destination Subscription

Global Reporting Is Enabled and Unable to Filter on Certain Emails

Landing Page Not Selectable as a Web Page Constraint Value for Fills Out Form Trigger

Limited Access Message Displayed When Previewing Email