Why Marketo branding (click tracking) domains can't = sending domains

A good question from a reader today who asks, “A client claims you can't have a From: or Reply-To: domain that's exactly the same as your click tracking domain (what Marketo calls the branding domain). Is this true?”

Yep, within the confines of Marketo this is true. (You might've been expecting an anti-IT shade parade, but not today.)

That is, you can't have:

From: All Eyez on Me <alleyez@example.edu>

And have your rewritten tracking links use the exact same domain:

<a href="https://example.edu/saz95jf81235jhg8712sj">Learn more</a>

You can of course have a subdomain…

<a href="https://click.example.edu/saz95jf81235jhg8712sj">Learn more</a>

… which is what we're used to (branding domains are click-dot-whatever, landing page domains are pages-dot-whatever).

But why? It's not merely a tradition but based on a longstanding technical rule.

The prob prob'ly wasn't on your radar

Marketers don't usually want to do this because they want their From: and Reply-To: @ the zone apex: <user@example.com>. There are exceptions, like wanting to send from <user@mktg.example.com> for reasons like reply tracking, but in my experience it's rare to want to go there.

If you send from <user@example.com> and your click tracking domain were allowed to be the same — https://example.com — that would mean that https://example.com can't point to your corporate website (one hostname serves content from one server, unless you add huge complexity to your setup). Surely that's inconvenient in the modern age, where expecting people to type the “www” is an encumbrance.

While user annoyance/confusion is a fine rationale, you could still do it — if there weren't a firm technical block.

What's in a CNAME

When you set up a CNAME record that points click.global-company.net to mkto-sj010203.com, click.global-company.net is not “a CNAME.”

The DNS record as a whole is of type CNAME. But the CNAME is the target value mkto-sj010203.com, not the name at your domain. The name at your domain is called an alias.

The correct way to read a CNAME record like

click.globalcompany.net.       300     IN      CNAME   mkto-sj010203.com.

is

click.globalcompany.net is an alias for the canonical name mkto-sj010203.com

or more specifically

click.globalcompany.net is an alias, not a real name, and as far as we know the real name is mkto-sj010203.com*

This misunderstanding is so widespread that RFC 2181 throws a little shade on people who've perpetuated it:

It has been traditional to refer to the label of a CNAME record as "a CNAME". This is unfortunate, as "CNAME" is an abbreviation of "canonical name", and the label of a CNAME record is most certainly not a canonical name. … Care must therefore be taken to be very clear whether the label, or the value (the canonical name) of a CNAME resource record is intended.

CNAMEs are mutually exclusive with all other records

OK, so why does this alias vs. real name question matter? Well, the DNS term “alias“ means something stronger than just “another name for something”. It's more, perhaps, like an alias in the criminal sense, like a name that doesn't legally exist on its own and can't/shouldn't be used to do anything except point to the real name.

Or a DNS alias can be thought of as like an MC's a.k.a., perhaps. Until he changed his primary stage name to Boosie Badazz, you would send fanmail to Lil Boosie, as opposed to a nickname he might've only used sporadically on some tracks. OK, this seems forced, but I insist there's something in a.k.a.s (CNAMEs) vs. rap names (As) vs. govt names (IPs)!

At any rate, the hard DNS rule is that once a name has been declared to be merely an alias it can't also be anything else. The two concepts are mutually exclusive in the real world, too: if something isn't a legally recognized name, it can't receive mail or operate on its own. All business needs to be conducted through the legal name.

The final verdict

Per DNS rules, if a name is an alias, meaning it appears as the label (left-hand-side) of a CNAME record, it can't also appear as the label of an MX (mailserver) record.

Marketo branding domains are always set up as aliases, so they can't have MX records.

But sending domains need to be able to receive mail (a great way to ensure bounces is to use a From: domain that doesn't exist and/or doesn't have an MX or A record). That means they need to appear in an MX record.

Q.E.D. :)

This seems to work outside of Marketo, though

It's definitely not true outside of Marketo. You know this because you're probably sending emails from user@example.com and linking to http://example.com quite often. But that works because the zone apex is an A record(s) pointing to your corporate website, not a CNAME.


Notes

* Because the CNAME could also turn out to be an alias once it's looked up, but the first record can't know this if it's in another zone.