Knowledgebase

Featured article

(Article Updated - August 2024) Overview A blocklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam. Internet Service Providers (ISPs) and business email networks use information from blocklists to filter out unwanted email. As a result there can be a drop to inbox delivery rates if the IPs or domains involved with sending email are listed on a blocklist. Marketo’s Email Delivery and Compliance team monitors blocklist activity on our IPs and domains daily. When an impactful listing occurs, we reach out to the blocklist, attempt to identify the sender that triggered it, and work with the blocklist organization to get the listing resolved. There are thousands of blocklists, most will not have a significant impact on your delivery rates. Below, we have compiled a list of the blocklists that commonly appear across our sender ecosystem. Each blocklist has been grouped into a top tier (Tier I) by most impactful, to the bottom least impactful tier (Tier III). These may have little to no impact across our sender network. Tier I Blocklist Spamhaus (SBL) Impact: Spamhaus is the only blocklist that we categorize as a Tier I for a reason: it has by far the greatest impact on delivery. It is the most well-respected and widely used blocklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%. Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blocklists, Spamhaus lists senders manually. This means they are proactively watching sender activity, collecting data, and base listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next Steps: Please note that every Spamhaus email can be quite different depending on the information provided and the nature of the listing . Because Spamhaus has multiple types of listings, the remediation steps are based on which type of blocklisting has occurred. We have listed the most common types to affect Marketo customers, from most to least impactful. Impact can range from a full block of top severity, to a partial block that is less severe (CSS Data, DBL). If remediation isn’t performed and the problem not addressed, these listings can increase in severity and turn into a full blocklisting. Spamhaus Blocklistings Types SBL (full blocklisting) Considered the most impactful. Remediation steps: Our team monitors closely for Spamhaus listings. Once alerted to the listing, we send an email notifying the customer, and reach out to the Spamhaus contact to start the remediation process. Only a Marketo delivery team member should be in direct correspondence with the Spamhaus contact, to speak on behalf of the customer, and to relay their questions and instructions, ensuring quick resolution and reduced impact. Senders that trigger this listing on a shared IP range will be moved to a more isolated, penalty range (IPB), so as not to impact the other shared senders. Those affected on a Dedicated IP, only impact their own sending and will not be moved. However, depending on the severity of the issue, our team may need to revoke a customer’s ability to send any emails until full resolution. The listing will last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem. SBL CSS Customers are alerted of the listing with an email containing all the information needed to immediately begin the remediation process. This is part of an automated trigger listing, that allows for a customer to delist directly on the Spamhaus website, after they’ve completed remediation. Remediation steps: Customers will go to the Spamhaus IP lookup website, at https://check.spamhaus.org, where they can check on the status of their IP and continue to monitor it in real time, until it is no longer listed there. Follow the remediation and delisting instructions provided, and check for specific details in the blocklist notification email. DBL (Domain blocklisting) Customers will receive an email notification alerting of the company domain being listed. The email will contain specific information to help narrow down and identify which email source likely triggered it within Marketo. It’s important to note that any email sent from outside of Marketo, that contained the company domain, is suspect. This means, if the sender uses multiple IPs and/multiple email platforms, then any of those could be the source. Remediation steps: Follow the detailed instructions in the email, which will also provide a link to the Spamhaus Domain reputation checker webpage, to check the real time listing status of the affected domain. Once the email source is identified and cause addressed, this customer will follow the online instructions to request to be delisted. Tier II Blocklist SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions, but it makes it to the Tier II list because it can have a significant impact on B2B email campaigns. SpamCop is considered a Tier I one blocklist for B2B marketers but a Tier II for B2C marketers. SpamCop is a dynamic IP blocklist, that can affect a single IP or a subset of IPs Typically, the block will automatically lift within one business day, but can take longer for relisted IPs. To have triggered a SpamCop listing likely means the sender has a list management problem that should be addressed. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Remediation steps: If you are seeing a significant number of bouncing emails caused by a SpamCop blocked IP but aren’t sure if your email activity triggered the listing, first identify whether you are sending on a shared sender network or not. If sending from a shared IP range when this occurs, you or any other customer sending from the same network may have contributed to the IP block. This IP block will automatically get dropped within a business day. For those on a Dedicated IP that trigger a listing, refer to the above remediation steps and resources, to address the list management issue. Tier III Blocklist (Low/ No impact ) These are considered the lowest tier and therefore cause the least impact across the Marketo sender ecosystem. Some of these blocklists were more impactful at one time, while others are only impactful based on the sender region (Manitu). Others still can suddenly flare up (Lashback). There are also many blocklists that are ignored (0spam), and are not taken seriously because they do not provide any means to delist once on the list (NoSolicitado) or that they charge money to have the listing removed ( UCEPROTECT ). The pay-to-delist model is not well respected in the email industry. When using blocklist tool checkers, such as MXToolBox, many blocklists will appear, but very few are relevant. Here is our selection of Blocklists you may come across that are least impactful: Project Honey Pot SpamAssassin URIBL/SURBL DrMX PSBL 0spam HostKarma Ascams ZapBL Barracuda Trendmicro Inc. Cloudmark Proofpoint Invaluement ISP Blocklists Some ISPs use internal blocklists to make blocking decisions. Examples include AOL, Yahoo, Gmail, Outlook and Hotmail. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for significant ISP blocks. Those experiencing deliverability issues with emails not making it to the Inbox and bulking in the spam folder may benefit from additional services with our Email Delivery Consultants. Remediation Steps: Email Delivery Compliance Team works to resolve any ISP blocks. ISP blocks are are usually resolved or lifted within less than 24 hours of a delisting request. Customers experiencing significant blocks for Microsoft domains (outlook.com, live.com, microsoft.com), can submit a request to the delivery team to seek mitigation on their behalf. Additional Resources: Blocklist Deep Dive Abuse Report Deep Dive What is a spamtrap, or spam trap, and why does it matter? Blocklist remediation Blocklist resolution flowchart Successful lead reconfirmation What is a blocklist?

Issue Issue Description If a page is not loading in your browser for Marketo, this can sometimes be due to network related issues. We can help troubleshoot by using a HAR file from the browser to see network traffic. Solution Issue Resolution Instructions to generate a HAR file broken down by browser version: Chrome In Chrome, go to the page within Marketo where you are experiencing trouble. At the top-right of your browser window, click the Chrome menu (⋮). Select Tools > Developer Tools. The Developer Tools window opens as a docked panel at the side or bottom of Chrome. Click the Network tab. Select Preserve log. You will see a red circle at the top left of the Network tab. This means the capture has started. If the circle is black, click the black circle to start recording activity in your browser. Refresh the page and reproduce the problem while the capture is running. After you successfully reproduce the issue, right click on any row of the activity pane in the Network and click Save as HAR with Content. Save the HAR file. Select the Console tab. Right-click anywhere in the console and select "Save as...". Name the log file Chrome-console.log. Send both files as shared links in a reply to your case. Firefox In Firefox, go to the page within Marketo where you are experiencing trouble. Click the Firefox menu (Three horizontal parallel lines) at the top-right of your browser window. Select Web Developer > Network. The Developer Tools window opens as a docked panel at the side or bottom of Firefox. Click the Network tab. Select Persist logs. After you successfully reproduce the issue, right-click any row and select Save all as HAR. Firefox typically takes a few seconds to prepare the download. A slight delay on this step is normal. Select the Console tab. Right-click any row and select Select all. Paste the content in a text file and name it console-log.txt. Send both files as shared links in a reply to your case. Safari In Safari, go to the page within Marketo where you are experiencing trouble. In the menu bar at the top, click Develop and select Show Web Inspector. Click Preserve Log. Click the Console tab and select Preserve Log. Go back to the Network tab. Refresh the page and reproduce the problem while the capture is running. Once you have reproduced the issue, select Export. Save the HAR file. Click the Console tab. Right-click any row and select Select all. Paste the content in a text file and name it console-log.txt. Send both files as shared links in a reply to your case. Internet Explorer 11 (IE 11) In Internet Explorer, go to the page within Marketo where you are experiencing trouble. Click the gear icon in the top right. Select F12 Developer Tools. Click the Network tab Clear the Clear entries on navigate option, which is selected by default. The icon looks like blue arrow with a red X. The green play button (Start Profiling Session), should be selected by default. This means the capture function is running. Refresh the the page and reproduce the problem while the capture function is running. Once you have reproduced the issue, click the Export as HAR icon. The icon looks like a floppy disk. Click the Console tab. Right-click any row and select Copy all. Paste the content in a text file and name it console-log.txt. Send both files as shared links in a reply to your case.

*Please Note* these group sessions are discontinued as of Thursday, July 1, 2021. Offered exclusively to new Marketo Engage launch pack customers, this series of interactive group discussions offer an open forum to learn best practices from a Marketo expert and your peers. Marketo Group Consulting Webinars are one-hour virtual meetings connecting you with a Marketo expert to expand and improve your knowledge and skills related to marketing strategy and Marketo tactical execution. Each session will include knowledge sharing from Marketo followed by an open Q&A.

Issue You or your customer have a global block on emails sent from servers with the domain "mktomail.com." You would like to keep the global block but allow email from your own Marketo instance to pass through. Solution The return-path (or envelope_from) in the header of most Marketo emails includes the domain "mktomail.com." Some email servers may have a global block on this domain which prevents delivery of your Marketo emails. There are two options for bypassing this global block. Contact your account manager to see about added the Branded Envelope_From feature to your instance. This will replace the "mktomail.com" domain with a domain of your choice. Have the email admin add a Regex version of your return-path/envelope_from to the Allow List. Which Regex you use will depend on which datacenter houses your instance. To determine the datacenter, look at the URL for your Marketo instance and see which letters come after the "https://app-". "SJ" is for San Jose, "AB" is Ashburn, "E" is London, "SN" is Sydney The Regex you will use is as follows: San Jose datacenter - "munchkin_id.(\d+.)*\d+@em-sj-77.mktomail.com" London datacenter - "munchkin_id.(\d+.)*\d+@eu-lon-188.mktomail.com" Ashburn datacenter - "munchkin_id.(\d+.)*\d+@potomac1050.mktomail.com" Sydney datacenter - "munchkin_id.(\d+.)*\d+@snsmtp.mktomail.com" Netherlands datacenter - "munchkin_id.(\d+.)*\d+@em-nld1-01.mktomail.com" Replace "munchkin_id" with the Munchkin ID for your Marketo instance. This operates as the unique identifier to allow only email from your Marketo through the block. Other email from the "mktomail.com" domain will still be blocked.

Issue Description When a lead fills out the form in Marketo, Marketo sync fails with an error "Duplicates_Detected." Issue Resolution This error, "Failed: DUPLICATES_DETECTED: Use one of these records?" is a message Salesforce is sending back to Marketo, rejecting the attempt to sync the record. This means there's a setting in SFDC preventing duplicates from being created, possibly due to a custom deduplication rule on the SFDC side. Recommended steps : Check the dedupe settings and check for these leads in SFDC based on the things other than the email address like first name, last name etc. You may need to work with your SFDC admin to determine why Salesforce rejecting the record as duplicate. Who This Solution Applies To Customers integrated with Salesforce Is this article helpful ? YesNo

We have enhanced the behavior of the unsubscribe functionality to make it “durable”. We have added a master email status, which is separate from the unsubscribe flag visible on the lead detail record. If the unsubscribe flag is set from false to true, the master email status is updated, and the change is propagated to other leads with the same email address. Update the Unsubscribe flag from True to False (e.g. Re-subscribe a lead) When a lead is imported, the unsubscribe flag WILL NOT be overwritten by the import. Here are the ways a lead can be re-subscribed: 1. In SFDC, uncheck the Email Opt Out field. This WILL sync to Marketo. 2. Manually update the lead detail record by un-checking the unsubscribe flag 3. Run a Change Data Value Flow Action on one or many leads a. Select the attribute “unsubscribe” and set the value to False 4. Update an existing lead via API 5. Form Field – set a field on a form to set the unsubscribe flag to “false” and this will unsubscribe the lead a. Best practice would be to have text on the form that says that by filling out this form, they are agreeing to receive email communication Creating a New Lead When a new lead is created, we check it against the master email status table. If the lead was previously unsubscribed, we will update the record to be unsubscribed. Changing an email address If you change the email address of a lead to an unsubscribed email address, the lead will be unsubscribed. This change can occur in either Marketo or SFDC. If you change an unsubscribed email address to one that is subscribed, the lead will be subscribed. Is this article helpful ? YesNo

Issue You see a record in the database has something similar to the following Email Suspended Cause: "554- Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means." Solution The 554 error is generated by a hard bounce due to a spam block. It is possible that one of the sending IP addresses used may have been on a temporary blacklist the day of the attempted send. This happens while using shared IPs when another Marketo instance using the same IP hits a spam trap, putting the IP on a blacklist for 24 hours. This error can also happen to users on a dedicated IP if they hit a spam trap with one of their email sends.

What is HSTS? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. This prevents man-in-the-middle attacks by telling the browser it should never interact with their domain without first establishing a secure HTTPS connection. What does this mean for Marketo assets? A domain can assert the HSTS policy for all of it's subdomains. This means both the subdomains used for Marketo landing pages and the subdomains for Marketo tracking links must also be secured with SSL certificates. If HSTS is asserted and the Marketo subdomains are not secured, people that visit landing pages or click on tracked links in emails will receive security errors and browsers will not load the pages. This is resolved by purchasing both Secured Domains for Landing Pages and Secured Domains for Tracking Links. There are very few exceptions where a domain utilizing HSTS will not need to secure both landing page domains and tracking link domains. How do I know if my domain is using HSTS? Reach out to your IT and/or web development team to confirm whether or not your domain utilizes HSTS and if both Secured Domains and Tracking Links are necessary for your business. If your website utilizes HSTS and has the "include subdomains" flag set to true, you will need to secure both your landing page domains and tracking link domains in almost all circumstances. Google Chrome has a built in HSTS checker that you can use to verify your HSTS settings. 1. Visit the root domain of your website with the Chrome browser. For example, if your Marketo landing pages use visit.acme.com, navigate to acme.com. This will load the domain's HSTS policy into Chrome. 2. Navigate to chrome://net-internals/#hsts in Chrome. This will load Chrome's HSTS checker. 3. In the "Query HSTS/PKP domain" section, type in your domain you wish to check. Click "Query". 4. If the query returns "Found" with a list of configuration settings, you will need to check two settings: If either "status_upgrade_mode" or "dynamic_upgrade_mode" have the value "FORCE_HTTPS" or "STRICT", then the domain is enforcing HSTS and all connections are made over HTTPS. If either "static_pkb_include_subdomains" or "dynamic_pkp_include_subdomains" are equal to "true", then all subdomains are subject to the HSTS policy. If both of the above are true then both Secured Domains for Landing Pages and Tracking Links may be required. If the query returns "Not Found", or is not using a "FORCE_HTTPS" or "STRICT" policy then the landing page and tracking link subdomains may not have strict HTTPS requirements. Always verify with your IT and/or web development team as to what your domain's security policies and requirements are. Failure to properly secure your landing page or tracking domains according to your domain's security policy may result in landing pages or tracking links not resolving in browsers. A lack of a strict HSTS policy does not necessarily mean you do not need to secure your Marketo domains. Is this article helpful ? YesNo My domain asserts HSTS on my subdomains but I do not have HTTPS encryption with my Marketo subscription. What do I do? Reach out to your Customer Success Manager to discuss purchasing Secured Domains for Landing Pages and Secured Domains for Tracking Links. Configuration instructions can be found below: Overview & FAQ: Secured Domains for Landing Pages Overview & FAQ: Secured Domains for Tracking Links

Issue Description Email Link Performance report on the same email shows more clicks compared to clicks in the Email Performance Report. Issue Resolution Email Performance Report clicks shows the total number of leads who has clicked any link in that email. This count is independent of any links and how many times a lead has clicked any link on that email. Email Link Performance shows the number of unique people who clicked each link. It shows the number of leads who clicked that particular link. The same lead could’ve clicked another link. So in the total it would be counted as 2 leads in the report but in reality both are same leads. This is the reason why you see Email Link Performance report shows more clicks compared to clicks in the Email Performance Report

Marketo Champions are customers who have demonstrated outstanding leadership in the Marketo Community, are experts in Marketo products, are avid contributors in the social world, and are loyal advocates of the Marketo brand. Benefits and perks our Champions receive include: Access: Meetings with our product and marketing teams to give exclusive feedback Previews: Given early previews to products, features, and releases when available Publicity: Exclusive speaking opportunities at our annual Marketo Summit and other events Networking: Special networking events with Marketo executives and fellow Champions and semi-annual conference calls Ownership: Ownership of content and exclusive activities at our annual Marketo Summit that showcase your expertise and thought leadership Credibility: Special Champion badge on Marketo Community profiles, and profiled on Marketo's corporate website Sweet Swag: Champion-exclusive swag To find out more information and apply, click here. To view a complete list of current Champions, click here. Join the Marketo Elite Today!

Revenue Cycle Analytics represents the highest pinnacle of using Marketo. You can analyze your programs in depth. However, it is designed for people with some familiarity with business intelligence analytics tools. EASY Create an Opportunity Influence Analyzer Tell the Marketing Story with an Opportunity Influence Analyzer Configure an Opportunity Influence Analyzer Make a Program Without a Period Cost Available in Revenue Explorer and Analyzers Export Opportunity Influence Analyzer Data POWERFUL Subscribe to a Revenue Explorer Report Create a Program Analyzer Compare Channel Effectiveness with the Program Analyzer Compare Program Effectiveness with the Program Analyzer Explore Program & Channel Details with the Program Analyzer Build a Program Membership Analysis Report that Lists Leads Build an Email Analysis Report that Lists Leads Build an Email Analysis Report that Shows Program Information COMPLETE Create a Success Path Analyzer Explore Model Metrics in the Success Path Analyzer Manage Report Subscriptions Sync Custom Fields to the Revenue Explorer Leads by Revenue Stage Report Override Analytics Behavior at the Program Level Find all Leads in a Revenue Cycle Model Share a Model Across Workspaces Report on Your Revenue Model OLD ARTICLES We are working to improve these articles. They will be updated in the coming months. Add Leads to Your Model Build a Revenue Cycle Model Creating a Revenue Cycle Model Revenue Cycle Modeler Overview Intro to Using Custom Field Groups in the Model Performance Analysis (Leads) Area Launching your Revenue Cycle Model Revenue Cycle Modeler Overview Create Custom Field Groups Via the Field Organizer Graphing Results From Revenue Explorer Email - Click Activity Heat Grid (in CST) Email - Click Rate Decay Email - Clicked Time Distribution (in CST) Email - Open Activity Heat Grid (in CST) Email - Open Rate Decay Email - Opened Time Distribution (in CST) Email - Sent Activity Heat Grid (in CST) Filtering Data in Revenue Explorer reports Built-in Revenue Explorer Reports Create a New Revenue Explorer Report How to View Transition Data in RCE Lead Balance Report Understand Revenue Cycle Explorer Analysis Areas Revenue Cycle Explorer Custom Field Overview Advanced Program Reporting Overview Enable Custom Fields for Reporting in Lead, Campaign, Opportunity, and Program Opportunity Analysis Areas RCE - Program Cost Analysis Understand the Campaign Analysis Area Understand the Program Cost Analysis Area Understand the Program Membership Analysis Area Understand the Opportunity Analysis Area Understand the Program Opportunity Analysis Area Understand What Marketing Programs are Influencing Opportunities with the Opportunity Influence Analyzer Using the "Manual Stage Change" trigger in your model Understand the Email Analysis Area

Issue You are experiencing slow processing of campaigns, smart lists, and reports. Solution There are three key components that can slow down an instance: Number of trigger campaigns: Trigger campaigns are always on, always listening. If there are 50 campaigns triggering at the same time, all the 50 triggers will be in queue, slowing down your processing and routing inside Marketo. Solution: Reduce the number of Triggers. Convert some of the triggers to batches: Batches also run all the flow steps for every lead at once, instead of serially, which reduces total processing time. Complexity of smart lists: The more complex a smart list, the harder it is for the system to figure it out, which increases backend processing and even creates campaign failures from timeouts. Solution: Reduce the number of nested smart lists called in a smart list. Whenever you ask Marketo to call another Smart List, it has to wait until all of the other smart lists finish, before putting together the final counts. Instead of Marketo looking for the list and running it, just put the filters in the trigger itself. Volume of Leads: With regular cleaning and good systems design, it is fairly easy to keep your system running fast. Reduce the number of leads that can flow through with filters. Clean up the inactive leads at regular intervals.

Access to Marketo services was temporarily disrupted recently. Below are answers to some of the most common questions you may have. This document has been updated as of 10:30pm PDT on 7/26/2017 to provide the most up to date information available. Is this article helpful ? YesNo Q: Why couldn’t I access my Marketo subscription? A: Login access goes through the affected Marketo.com domain, so users were not able to access the login page (app.marketo.com). Q: If the domain issue has been fixed, why am I still not able to access my Marketo subscription? A: Domain information is passed through the internet over DNS (Domain Name System) servers. There are many different DNS servers around the globe, and as domain information changes, those changes need to be passed to all of those DNS servers – what is referred to as propagation. Different servers get updated at different rates, therefore in some regions the propagation completed, while in others it is still in process. Q: I had access to my Marketo instance, however I wasn’t able to access it again later. What is causing this? A: DNS servers pass data across multiple channels. While the domain information is being propagated, these different channels within the DNS can each be propagated at different rates. When connecting to your Marketo instance, it uses one channel, but that isn’t always the same channel the next time. If one of these channels has fully propagated, but the other is not, then you would be able to access your Marketo instance the first time, but not the second time. Q: If the marketo.com DNS access issue was resolved, why are we still having issues with accessing Marketo? A: On average, most DNS servers will be updated within 24 hours but can take up to 48 hours to update. However, this is a guideline, not a rule. There are a very large number of DNS servers out there. Every ISP in the world has their own DNS server and most large companies have their own. There is unfortunately no way to know when precisely each one will be updated, or which ones failed to update. Even after an ISP’s DNS server has propagated, you could still experience issues if your own local network has not updated. The last known version of a domain can be cached within a local system and may need to be flushed out to pull down the updated information from the DNS server. We recommend that you contact your network team or whomever manages your DNS server and request that they reset the zone record For more information on what factors affect DNS propagation time, check out this article from GoDaddy. Marketo does not happen to use GoDaddy, however this article contains some helpful information. Q: Was Marketo Sales Insight affected? A: Yes. You may experience a lag in how long it takes for the Sales Insight portion of a Lead/Contact page in SFDC to load. This in turn can also cause the entire Lead/Contact page to load slowly. Q: Was there any security risk while the domain was unregistered? A: No. There was no possibility of any security risk or data accessibility while the domain was unregistered. The domain was restricted and locked so it could not be taken. This is part of an extra layer of security already applied to the domain. Q: Was my branded domain affected? (The answer to this question has been updated) A: Upon closer investigation, this could have been affected: Branded domain refers to the ability to show your hyperlinks as coming from your own company as opposed to coming from Marketo. The settings of your branding domain itself have not been touched and the branding domain itself is still configured the same way. Hyperlinks using a branded domain were affected. It was originally reported that they would not be, however upon closer investigation, we’ve found that those hyperlinks do still pass through part of Marketo’s domain. Therefore, some customers with branded domains did have links that could not connect properly. Q: How were my campaigns affected? A: All batch campaigns continued to run as expected. Any Trigger campaign listening for embedded form fill outs were not triggered given these domains were inaccessible and forms could not be filled out. All other Trigger campaigns continued to run as expected. Q: Were my emails delivered? A: Marketo uses dedicated domains for each customer which are not linked to the affected domain. Email delivery and tracking was not affected. Q: Were images and hyperlinks affected? (The answer to this question has been updated) A: Yes. Images and hyperlinks for non-branded domains would not resolve (time-out). Hyperlinks and images for branded domains intermittently did not render depending on many different variables. Q: Were landing pages affected? A: Landing pages should not have been affected. We are currently investigating this to completely verify. Q: Were forms affected? A: Some forms were affected. Forms that are embedded on your own site were affected. Q: If affected, can that form data be recovered? A: Since the form was not accessible, no data was input, and therefore no data is lost. We recognize that we were not able to capture form fill out data and we truly apologize for this inconvenience. Q: Were any API calls affected? A: There have been some reports of API calls giving errors, however it is not yet confirmed whether this is directly related or not. If you have received errors, please Contact Marketo Support and supply the full API call and Response in the case created. Q: Was any data lost during this time? (The answer to this question has been updated) A: No data loss occurred. All backend processing was working as expected. However, if leads took an action that could not be registered by Marketo, then the activity data from that wouldn’t be logged. This will affect reporting. For example: Marketo uses a single clear tracking pixel to register email opens. When that image file is served by the Marketo server, it registers it as an open activity. If that image for the single tracking pixel does not resolve because it could not connect to the domain, then the open activity could not be registered. The same would be true of clicks on tracked hyperlinks. If the link does not connect to the domain, then the link click activity cannot be logged. Q: Was there any impact on reporting? A: Yes. As described above, if leads had activity that could not be completed such as clicking on a hyperlink that did not connect, then those activities could not be logged, and therefore would not be shown in your reports. Q: Was this issue resolved? The issue preventing Marketo.com domain access was largely resolved as of Noon PDT on July 25. However, DNS propagation can take longer in some locations, based on network setup. We assure you that the application continued to operate in background and your data was never at risk.

Issue Marketo is creating duplicate Lead records when a Contact record is already synced. Solution This happens when a Smart Campaign using the Sync Person to SFDC flow step qualifies a SFDC Contact record and attempts to assign the record to a Queue in Salesforce. When a SFDC Contact runs through the Sync Person to SFDC flow step, since Salesforce does not allow "Contacts" to be assigned to Lead Queues, Marketo will create an intentional duplicate "Lead" record in Salesforce and add the new Lead record to the queue. If you want to prevent this behavior in your Smart Campaigns, add the filter "SFDC Type is not Contact" to the Smart List. This will disqualify SFDC Contact records from the campaign. Another option: Add Choice options for the Sync Person to SFDC flow step and have the first choice be SFDC Type is Contact Do Nothing. This will cause SFDC Contact records to Do Nothing for the flow step but Lead or Marketo only records will process normally. Who This Solution Applies To Customers integrated with Salesforce

Issue How to setup the favicon, aka Favorites Icon for Marketo Landing Pages. Solution Steps to Setting up Favicon 1. Ensure you have the favicon hosted either externally or internally in Marketo. (Don't know how to find the link of a image hosted in Marketo? Check this DOC out) 2. On the Landing Page Settings ensure that option 'Remove default favicon links' is selected. Note that this affects all landing pages globally (scroll down in the settings, it might be hiding) [Related DOC] 3. You can specify the favicon in two ways: a. Directly on the landing page in the custom HTML Header [Related DOC] b. In the Landing Page Template's Header 4. This code would need to be specified in the header <link rel="shortcut icon" href="<favicon url>" type="image/x-icon" > <link rel="icon" href="<favicon url>" type="image/x-icon" > 5. Test the landing page out by either opening it in a different browser or clearing the browser cache and restarting the browser.

Issue Description An Email with only emoji in the subject line is displaying "Subject is empty" error and is not approving, or emoji fail to render elsewhere in the email. Issue Resolution If the subject line only consists of emoji, consider adding text. The Email Editor was not designed to insert emoji. However some have been able to insert emoji from outside sources. Those with the most success are inserting UTF-8 encoded emoticons. This specific encoded emoticon can be inserted (copy/paste) through a 3rd party website, located with a general web search: "UTF-8 emoticons/emoji". If the inserted emoji has a different encoding, it may fail to render in the Email Editor, and it may fail to render upon delivery as well. Rendering upon delivery will be reliant on the recipient server. If the emoji is considered invalid, then the 'diamond with question mark' character may remain. Alternatively, basic symbols could be used instead of emoji, as they are ASCII characters and not reliant on extra encoding. 3rd party sites, identified with a websearch: "ASCII symbols", can be a resource. Another option can be q-encoding the emoji in UTF-8 format to render a string of code that can be used. This code tells the email client to render the desired emoji. To q-encode, copy and paste the desired emoji through a Unicode to UTF-8 translation tool, such as tools.bluestatedigital.com/kb/subject-line-assistant and then insert the translated code.

Note: Please ensure that you have access to an experienced JavaScript developer, because Marketo Technical Support is not set up to assist with troubleshooting custom JavaScript Follow the steps described in this article if you want to force a checkbox to always be checked regardless of the database value - for instance, an email opt-in checkbox. Get the field's ID First, get the HTML ID for the form field you want to edit. In Design Studio, select a landing page that contains the form and preview the page. View the HTML source code of that page and find the field you want. The fastest way is to search for the label that you used when you created the form, such as "Opt-In". Search for the "id" attribute in the "input" tag for that field. Below, the id is "Opt-In". <label>First Name:</label><span class='mktInput'><input class='mktFormCheckbox' name='Opt-In' id='Opt-In' type='checkbox' value='1' tabIndex='1' /><span class='mktFormMsg'></span> Setting the checkbox Write Javascript to change the value of that field. This example uses the jQuery "attr" function to set the value to true (checked). Change the highlighted yellow bits below with the name of the field. <script language="Javascript" src="/js/public/jquery-latest.min.js" type="text/javascript"></script> <script type="text/javascript"> // use no conflict mode for jQuery var $jQ = jQuery.noConflict(); // when the page is ready, change Opt-In $jQ(document).ready(function() { $jQ('#Opt-In').attr('checked',true); }); </script> When you're done, add the Javascript to your landing page by dragging in a Custom HTML element on the page, then paste in this code.

What is the Email API? What is the Email API used for? What is Email 2.0? Does the Email API Work on Email 2.0 Assets? Will the Email API Break when Enabling Email Experience 2.0? How Are 1.0 Assets Upgraded to 2.0 Assets? What to Do When an Email Was Accidentally Converted to Email 2.0 format? What is the Email API? API stands for Application Programming Interface and the Email API allows an automated process to create and edit emails in Marketo. There are also other API calls that involve emails, such as Approve Snippet (assuming the Snippet is used in an Email) and Clone Program (assuming the Program contains Emails). There are also API calls to create and update Email Templates. Essentially, the API can do many things that you can also do through the Marketo user interface, but then in an automated fashion. What is the Email API used for? There are many scenarios: an external system could create Emails in Marketo using data that lives outside of Marketo. A translation service provider could clone a master Email, translate it to many languages, then save them back into Marketo as localized Emails. A reporting system could extract Emails from Marketo to use in reports that are generated outside of Marketo. An external system could Clone a Program that contains Emails, then populate the Program Tokens and schedule the Email to be sent out at a specific time. There could be an external email template creation system that creates new Email templates in Marketo through the API. What is Email 2.0? “Email Experience 2.0” is the new Marketo product feature with the enhanced email editor, documented here: docs.marketo.com/display/public/DOCS/Email+Editor+v2.0+Overview. It can be switched on in Admin > Email > Edit Email Editor Settings. All Emails and Email Templates also have a version number, either 1.0 (the old version) or 2.0 (the new version). If we refer to “Email 2.0 asset” we mean an email or email template in the new upgraded 2.0 format. Does the Email API Work on Email 2.0 Assets? Yes. Will the Email API Break when Enabling Email Experience 2.0? No. Enabling Email 2.0 will not automatically upgrade Emails or Email Templates to the new 2.0 format. The Email API can still create new Emails and Email Templates in the 1.0 format. However – after enabling Email 2.0 – any Email or Email Template that is created or edited and approved through the Marketo User Interface will automatically be upgraded to the 2.0 format. How Are 1.0 Assets Upgraded to 2.0 Assets? If you edit an “Approved" or “Approved with Draft” 1.0 Email with Email 2.0 enabled, the draft is converted to the 2.0 format. You can still discard the draft to go back to the approved 1.0 format. Once you approve the email and it becomes 2.0, the Email cannot be converted back to 1.0. If you edit a “Draft” 1.0 Email (never been approved), this will automatically be converted to 2.0 with no option to revert back to the 1.0 format. The same applies to Email Templates. What to Do When an Email Was Accidentally Converted to Email 2.0 format? If an Email or Email Template was accidentally converted to the 2.0 format, you’d have to copy the asset contents to a text editor, disable Email 2.0, then create a new 1.0 asset using the content that you copied.

The Form Library lets you style your forms with an up-to-date look and feel just by dragging and dropping the CSS into your Marketo landing pages or template. As a side note, the Form Library ONLY styles input, textarea, and select (drop-downs) fields and NOT your radio buttons or check-box selections. Here's how it works: 1. Choose a form from the table below by clicking on the image. 2. Download the zipped file to your desktop. 3. Open the file and upload the provided images into your Marketo image library. 4. Open the provided code and replace "mktoWeb" with your directory name. Example: <style> .mktInput input, .mktInput select, .mktInput textarea { background: url(rs/mktoWeb/images/input_bg.png) repeat-x scroll 0 0; border: 1px solid #D4D2D2 !important; font-size:20px; padding: 8px 10px; cursor:pointer; } .mktInput input:focus, .mktInput select:focus, .mktInput textarea:focus { background: url(rs/mktoWeb/images/input_bgHover.png) repeat-x scroll 0 0; } </style> 5. Copy the code and paste in on your landing page by choosing the Custom HTML option within the design studio. Note: Some forms use CSS3 for styling. The style is supported in all major browsers except Internet Explorer. You will need to be using IE9 or higher for any form using CSS3. Is this article helpful ? YesNo Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form Download code for this form

Syntax Recommendations Common Look Up mechanisms Common Modifiers Too Many Mechanisms Character String Too Long Null Records in the SPF Record Repetitive Records in the SPF Record - Void Lookups Validation Tools Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp= An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers) should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b.example.com include:_spf-c.example.com include:_spf-ssg-a.example.com include:spf-a.anotherexample.com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh.example.m0.net ~all" [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.anotherexample.com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all" [+3 = 10 mechanisms] spfa.anotherexample.com text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c.example.com ~all" [+2 = 12 mechanisms] _spf-ssg-b.example.com text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all" [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".) Strings in SPF and TXT records should be no longer than 255 characters. However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application. In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below. Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26 ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record. Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22“ <- accurate text = "v=spf1 ip4: 199.15.212.0/22“ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record. More than that and the record will break. This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup network-tools.com/nslook/ SPF creation wizard microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors openspf.org/FAQ/Common_mistakes SPF syntax definitions openspf.org/SPF_Record_Syntax

Knowledgebase

Maintaining a Directory of Leads Bouncing Emails

Top Blocklists - What You Need to Know

How to Generate a HAR File for Network Troubleshooting

Marketo Group Consulting Webinars

Adding mail from only YOUR instance to your Allow List

Error : "Failed: DUPLICATES_DETECTED: Use one of these records?"

Durable Unsubscribe

Email suspended cause 554 error

SSL: The HSTS policy and your Marketo subdomains

Can I Add an Attachment to a Marketo Email?

Email Performance Report and Email Link Performance report showing different click counts

Marketo Champion Program

Marketo Revenue Cycle Explorer Fundamentals

Marketo Running Slow

Marketo.com Domain (DNS) Access Issue (P1 July 25, 2017)

Duplicate Lead Created in Salesforce When Contact Already Exists

Setting up Favicon for Marketo Landing Pages

Emoji in Marketo Emails

How to Set a Form Checkbox to Always Default to be Checked

Email 2.0 and Email API FAQ's

Update the Look and Feel of Your Forms by Checking Out the Marketo Form Library

Common SPF Errors and Fixes