The 4/6 Security Patch | Community
Skip to main content
Robb_Barrett
Robb_Barrett
New Participant
April 7, 2016
Solved

The 4/6 Security Patch

  • April 7, 2016
  • 1 reply
  • 2940 views

I'm not sure I understand today's message:

Please be advised that we implemented a security patch on April 6, 2016 to strengthen token encryption in email campaign links. No action is required on your part to implement the patch.

Email campaign links sent after this date will work in the usual manner. Emails sent prior to the patch deployment that have links that are automatically shortened will also work in the usual manner.

Emails sent prior to the patch deployment that have links that are not shortened (e.g. unsubscribe links, URLs containing tokens and webinar registration URLs) and contain links with an old token will continue to function as links and track link click events. However, if these links are clicked on, form pre-fill will be automatically disabled when serving the destination landing page.

By "Email Campaign Links" you mean regular links in emails?

Which links are automatically shortened?

What are "Links with an old token"?

So, if I have an old email and I click on the link it will take me to a page with a form that's not prefilled. If I fill out the form will it associate me with the current record I have and just update it?

Best answer by Justin_Cooperm2

All links in emails:

<a href="cnn.com">click</a>

are tracked by default. This converts the link into a shortened, marketo tracking link. When a user clicks it, they are directed to a page that includes a mkt_tok "token value"

The mkt_tok is generated dynamically when a user clicks the link. However, once you reach the destination, it will have mkt_tok in it. If the user bookmared that page with an "old" mkt_tok token value, then moving forward this page will not prefill any forms (if it's a Marketo-hosted Landing Page). If they go back and click the original link in the email, it WILL work because it will re-generate a "new" mkt_tok value.

So, for a vast majority of cases, all will work as you expect. However, things like {{system.viewAsWebpageLink}} generate a link with the mkt_tok value at send time, not dynamically on click (in other words, these links are not shortened tracking links). In that case, old links will not function any longer due to this security patch. If you use Marketo's "Include View as Webpage" option in Edit Settings that is not impacted as that becomes a shortened, tracked link. Any tracked link is NOT impacted.

Does that make sense?

1 reply

Justin_Cooperm2
Justin_Cooperm2Accepted solution
New Participant
April 7, 2016

All links in emails:

<a href="cnn.com">click</a>

are tracked by default. This converts the link into a shortened, marketo tracking link. When a user clicks it, they are directed to a page that includes a mkt_tok "token value"

The mkt_tok is generated dynamically when a user clicks the link. However, once you reach the destination, it will have mkt_tok in it. If the user bookmared that page with an "old" mkt_tok token value, then moving forward this page will not prefill any forms (if it's a Marketo-hosted Landing Page). If they go back and click the original link in the email, it WILL work because it will re-generate a "new" mkt_tok value.

So, for a vast majority of cases, all will work as you expect. However, things like {{system.viewAsWebpageLink}} generate a link with the mkt_tok value at send time, not dynamically on click (in other words, these links are not shortened tracking links). In that case, old links will not function any longer due to this security patch. If you use Marketo's "Include View as Webpage" option in Edit Settings that is not impacted as that becomes a shortened, tracked link. Any tracked link is NOT impacted.

Does that make sense?

SanfordWhiteman
SanfordWhiteman
New Participant
April 7, 2016

this page will not prefill any forms

Is that an elegant way of saying the lead will not be associated?  Or will that association be given a special "flavor" that doesn't allow prefill but is otherwise consistent?

Justin_Cooperm2
Justin_Cooperm2
New Participant
April 7, 2016

The page will not prefill AND the lead will not be associated. If you visit a page with an "old" mkt_tok, it is as if it isn't present. This also applies to external web pages with Munchkin embedded.

Terms & ConditionsAccessibility statement

Loading footer...