Custom Object tip: create a duplicate field if you’ll need to constrain a Date/DateTime to specific ranges

Reporting and filtering requirements can force a weird CO schema, but it works.

You should probably be checking "isTrusted" in postMessage() listeners

The accepted way to secure postMessage() has a bypass you likely don’t know about, even if it’s not the hugest deal on its own.

Check if the current pageview is associated with a Marketo lead (without using the ol’ hidden KV HTML trick)

Rendering a hidden form just to check if someone is associated is a waste of resources. Here’s how to check efficiently.

Once you rewrite SMTP headers, you either need to re-DKIM-sign the message or stop checking DKIM

Once again forcing you to know what I know about DKIM.

If someone recommends “Request Token Encoding: None” in a webhook, always push back

Using “None” for POST payloads usually means something else has gone terribly wrong.

Help! My Velocity {{my.token}} previews correctly, but I can’t approve the email

At the moment of approval, fields on the $𝚕𝚎𝚊𝚍 object are empty strings (meaning "", not 𝑛𝑢𝑙𝑙). Your code needs to deal with that gracefully.

Careful with native NodeJS fetch() in serverless setups (with any API, not just the Marketo API)

Reminder (if you needed one) that newer doesn’t mean more predictable.

How an “unintrusive” 3rd-party tracking script caused duplicate Marketo form posts

Gotta love devs who don’t know Marketo but say “Just drop it in, trust us.”