You should probably be checking "isTrusted" in postMessage() listeners
The accepted way to secure postMessage() has a bypass you likely don’t know about, even if it’s not the hugest deal on its own. →
Check if the current pageview is associated with a Marketo lead (without using the ol’ hidden KV HTML trick)
Rendering a hidden form just to check if someone is associated is a waste of resources. Here’s how to check efficiently. →
Once you rewrite SMTP headers, you either need to re-DKIM-sign the message or stop checking DKIM
Once again forcing you to know what I know about DKIM. →
If someone recommends “Request Token Encoding: None” in a webhook, always push back
Using “None” for POST payloads usually means something else has gone terribly wrong. →
Help! My Velocity {{my.token}} previews correctly, but I can’t approve the email
At the moment of approval, fields on the $𝚕𝚎𝚊𝚍 object are empty strings (meaning "", not 𝑛𝑢𝑙𝑙). Your code needs to deal with that gracefully. →
Careful with native NodeJS fetch() in serverless setups (with any API, not just the Marketo API)
Reminder (if you needed one) that newer doesn’t mean more predictable. →
How an “unintrusive” 3rd-party tracking script caused duplicate Marketo form posts
Gotta love devs who don’t know Marketo but say “Just drop it in, trust us.” →
Have you no sense of DNS latency, sir, at long last?
Troubleshooting slow-loading email images reveals a classic culprit. →