Pardot Email Deliverability and Compliance: 23 Things You Should Know

December 16, 2022
Email Delivery, Salesforce Ben | The Drip

Pardot-Email-Deliverability_Account-Address

Pardot (Account Engagement) offers capabilities that promote data privacy, and compliance – which in turn, improves email deliverability.

Email deliverability is a vast topic, with many factors working together that can ‘make or break’ whether an email makes it into the recipient’s inbox.

While the collection of features we’ll cover will give you the ‘leg up’, ultimately, sticking to good deliverability practices, data quality, and compliance, lies with you. Using the out-of-the-box settings is good, but you need to understand how these features should address your organization’s requirements.

When matching Pardot up with deliverability and compliance regulation, a structured approach can make some of the murkier aspects clearer. You’ll find plenty of information in this guide, including:

Pardot Settings and Domain Management.
Prospect Opt-in & Email Preferences.
Form and Landing Page Settings.

Pardot Deliverability + Compliance Overview

23 points?! Don’t worry, the following points are split into three parts:

Pardot Account Settings and Domain Management
Prospect Opt-in & Email Preferences
Pardot Form and Landing Page Settings

There’s much to explore when it comes to giving Pardot email deliverability and compliance its best shot.

Each entry in the table below has a brief description, how you locate the setting in Pardot, and how to configure it.

	What it is.	Why you need it.	Where you can find it in Pardot.
Account Settings	This is where you will find the field that the {{{Organization.Address}}} merge field pulls data from, which needs to be populated for compliance with CAN-SPAM and other regulations.	CAN-SPAM (etc.) compliance requires you have a physical mailing address included in all email footers.	Pardot Settings → Account Information → Edit. To add the merge field into an email, launch the merge field picker.
Pardot Cookies Duration	Pardot admins can adjust the duration of Pardot “visitor_id” and “pi_opt_in” tracking cookies from 180 to 3650 days.	Stay compliant with your organization’s privacy policy.	Pardot Settings → Account Information → Edit
First-party Tracking	“First-party” means that the cookies are placed on your browser by the same website that you are on – therefore, you are placing the cookie on the prospect’s browser (not Pardot).	“Third-party” cookies are becoming gradually blocked by the leading internet browsers.	Pardot Settings → Account Information → Edit
Browser Do-Not-Track Settings	When enabled, this feature prevents a third party from capturing activities from a website and recording them in another system.	Stay compliant with legal requirements.	Pardot Settings → Account Information → Edit
Tracker Domains	Enable any landing pages, forms, and files hosted in Pardot to have links that appear as your own brand.	Prospects will feel more confident clicking on branded links, as opposed to go.pardot.com links. Enabling SSL for tracker domains makes them more secure ( https://, and not http//:)	Pardot Settings → Domain Management
Force HTTPS	When you create marketing assets in Pardot, you have the option to choose between https:// or http://.	HTTPS is a more secure browsing experience for prospects vs HTTP (the ‘S’ stands for ‘secure’). Even if your tracker domain is SSL-enabled, marketers could accidentally overlook https:// vs http:// at the individual asset level.	Pardot Settings → Account Information → Edit
Tracking Opt-in Preferences	You can request a visitor to opt-in to tracking on their first visit to one of your tracked pages.	Requesting opt-in from all visitors is best practice.	Pardot Settings → Domain Management → Edit Tracking Opt-In Preferences
DKIM & SPF Authentication	SPF refers to a process to validate an email sent from an authorized server to prevent spam. DKIM allows a sender to claim responsibility for a message that is to be validated by the recipient via a “public key”.	See box to the left.	Pardot Settings → Domain Management
BCC Email Compliance	BCC Email Compliance allows you to retain a record of Pardot emails sent and to whom, stored in a third-party system designed for this archiving.	A requirement common in some industries, such as Financial Services.	Pardot Settings. It’s available for Pardot Plus and Advanced Edition customers, at an extra cost.
Operational Email Sending	Operational emails bypass opt-in/opt-out status, so you can send non-marketing messages.	Send critical notifications or operational messages.	Pardot Settings → Account Information → Edit
Prospect Deletion	You can decide to ‘soft delete’ a prospect record by moving them to the recycle bin (in case you want to undelete them), or permanently remove a prospect record from your database.	For database hygiene and to honor a prospect deletion request.	(Single records) Prospect record → click Delete. (Or, multiple records) prospect list → select All prospects in the list → click Delete.
Prospect Opt out	When a prospect requests to be unsubscribed from emails, you can unsubscribe them from the prospect’s record – manually or with automation.	Important for honoring an individual’s email preferences, and failing to do so can put you at risk of a breach.	Prospect → Prospect List* → select the Prospect record → Check the ‘Opt-Out’ field
Confirmed Opt-In Process	This process verifies that an opt-in request came from the owner of the email address, and also checks that the address is not deactivated, mistyped or fraudulently subscribed.	See box to the left.	For more information, read: Building Double Opt-In With Pardot (Account Engagement)
Email Preference Center	The location for prospects to manage the lists they are subscribed to.	Important for honoring an individual’s email preferences, and preventing complete opt-outs.	Pardot Email → Preferences Page
Unsubscribe Page	To ensure compliance with email regulations, an unsubscribe link (or email preference center link) is required in every email.	Allow prospects to opt-out from your communications.	Pardot Email → Unsubscribe Page
Policy for Unengaged Prospects	After sending X emails to a prospect with no engagement, you should remove them from that list.	For list hygiene purposes, and to avoid negatively impacting deliverability in the long term.	Prospects → Segmentation → Segmentation Lists
Permission Pass	A one-time email sent to an out-of-date/unengaged prospect list.	By clicking on an opt-in link, prospects prove that they are active and are interested in receiving further emails.	The set up involves a prospect custom field, a form, and an automation rule.
Sender Address	What Pardot uses for the ‘from’ email address.	Multiple sender email addresses are available, for free text (General User), selected on an email-by-email basis (Specified User), or dynamically pulled according to the prospect record (account owner, assigned user, account CRM user custom field, prospect CRM user custom field).	When sending an email (Lightning email builder), click ‘Send’ → scroll to the ‘Send and reply’ options.
Privacy Policy Link	A privacy policy explains how your company handles any customer or employee information captured and processed in its operations.	Individuals have the right to know how their data will be processed, stored and shared.	n/a – your legal department should supply this.
Explicit Consent for Marketing Communications	Add a link to your organization’s privacy policy in the below form content.	You need to gain explicit consent from the prospect as it legitimizes the processing of prospect data.	This can be added to the ‘below form’ content in the form builder: Content → Forms
Form Layout Templates	Layout Templates are used to format forms with styling and tags.	Some tags and links, e.g. where your privacy policy appears, are necessary for compliance.	Content → Layout Templates.
Terms of Use	Protect your company’s legal interests, manage the use of your website, and promote your organization as trustworthy.	This legal agreement describes the rules between a service provider, and a person who wants to use that service.	n/a – your legal department should supply this.
Registration Thank you Page	Web page where prospects are redirected to immediately after they submit a form.	Set expectations on what will happen next.	Content → Forms. In the form builder: Completion Action tab → the ‘Thank you Content’ or ‘Thank you Code’, depending on your content.

Pardot Account Settings and Domain Management

These settings are controlled by Pardot Admins, for the whole account.

1. Account Settings

This is where you will find the field that the {{{Organization.Address}}} merge field pulls data from, which needs to be populated for compliance with CAN-SPAM and other regulations.

CAN-SPAM (etc.) compliance requires you have a physical mailing address included in all email footers.

Where can you find it in Pardot? Pardot Settings → Account Information → Edit.

To add the merge field into an email, launch the merge field picker.

3. Pardot Cookies Duration

Pardot admins can adjust the duration of tracking cookies, up to 3650 days. Existing cookies are updated to the new duration when content with tracking code is visited. Stay compliant with your organization’s privacy policy!

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

3. First-party Tracking

“First-party” means that the cookies are placed on your browser by the same website that you are on – therefore, you are placing the cookie on the prospect’s browser (not Pardot).

“Third-party” cookies are becoming gradually blocked by the leading internet browsers, known as the ‘cookieless future’. Not only does enabling First-party Tracking mean you will be able to sustain prospect activity tracking, it also means that your organization is taking responsibility over tracked data.

Navigate to: Pardot Settings → Account Information → Edit

4. Respect Do Not Track Browser Settings

When enabled, this feature prevents a Pardot from capturing activities (page, form and landing page views, file downloads, custom redirect clicks) and recording them in another system, i.e. Pardot. When a user chooses to use Do Not Track (DNT), to opt-out of tracking by websites, it’s a preference that’s applied to all websites.

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

5. Tracker Domains

Tracker domains enable any landing pages, forms, and files hosted in Pardot to have links that appear as your own brand. Prospects will feel more confident clicking on branded links, as opposed to go.pardot.com links. Enabling SSL for tracker domains makes them more secure (https://, and not http//:)

Where can you find it in Pardot? Pardot Settings → Domain Management → Tracker Domain

6. Force HTTPS

As we touched on in the previous point, HTTPS is a more secure browsing experience for prospects vs HTTP (the ‘S’ stands for ‘secure’). For example, https://yourcompany.com is more secure than http://yourcompany.com.

A few years back, HTTPS became the new norm, superseding HTTP – in fact, Google rankings would penalize any websites that weren’t using HTTPS.

How does this relate to Pardot? When you create marketing assets in Pardot, you have the option to choose between https:// or http://. Even if your tracker domain is SSL-enabled, marketers could accidentally overlook https:// vs http:// at the individual asset level.

Pardot can force the prospect’s browser to redirect to HTTPS, if the admin checks the setting: ‘Force HTTPS: Redirect HTTP requests for Pardot-hosted assets to HTTPS’.

Warning – mixed content: If HTTP assets are loaded on an HTTPS page, assets won’t render correctly and your visitors will receive security warnings. Be diligent about switching to HTTPS when creating marketing assets, including layout templates.

7. Tracking Opt-in Preferences

You can request a visitor to opt-in to tracking on their first visit to one of your tracked pages. Requesting opt-in from all visitors is best practice.

The banner won’t appear again unless a visitor clears their browser cookies and the message can be amended, and the banner styled. The standard message displays as: “May we use cookies to track your activities? We take your privacy very seriously. Please see our privacy policy for details and any questions”.

You can set this to “Request opt-in from all visitors before tracking visitors” or “Request opt-in if visitor comes from specific countries”.

Where can you find it in Pardot? Pardot Settings → Domain Management → Edit Tracking Opt-In Preferences.

8. DKIM & SPF Authentication

To achieve the best deliverability, for each sending domain (you want to send email from), a domainkey has to be generated in Pardot.

SPF is an email authentication technique used to prevent spammers from sending messages on behalf of your domain. DKIM allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify (via a “public key”).

Where can you find it in Pardot? Pardot Settings → Domain Management

Prospect Opt-in and Email Preferences

Most of the following settings can be managed by the marketing teams (with guidance from the legal team).

9. BCC Email Compliance

BCC Email Compliance allows you to understand what’s being sent out from Pardot – an easy win. As the name suggests, yours or a nominated email address is added as a BCC recipient, therefore, copies of all the emails that Salesforce sends out will land in your/the nominated inbox.

Retain a record of Pardot emails sent and to whom, stored in a third-party system designed for archiving purposes. It’s a requirement common in some industries, such as Financial Services.

Find this in Pardot Settings. It’s available for Pardot Plus and Advanced Edition customers, at an extra cost.
This functionality is also available in Salesforce.

10. Operational Emails

Operational emails bypass opt-in/opt-out status, so you can send non-marketing messages, such as critical notifications or operational messages.

Where can you find it in Pardot? Pardot Settings → Account Information.

11. Prospect Deletion

Ensure you’ve defined a process around prospect deletion, for both database hygiene and to honor a prospect deletion request.

You can decide to ‘soft delete’ a prospect record by moving them to the recycle bin (in case you want to undelete them). When a Lead or Contact is deleted in Salesforce, Pardot sends the associated prospect to the Pardot recycle bin. From there, you can choose to permanently remove a prospect record from your database.

Where can you find it in Pardot?

(Single records) Prospect record → click Delete.
(Or, multiple records) prospect list → select All prospects in the list → click Delete.

12. Prospect Opt-out

Important for honoring an individual’s email preferences, and failing to do so can put you at risk of a breach. When a prospect requests to be unsubscribed from emails, you can unsubscribe them from the prospect’s record – manually or with automation.

Where can you find it in Pardot?

(Single records) Prospect record → check the ‘Do not email’ field.
(Or, multiple records) Create an automation rule to change the ‘Do not email’ field to true.

13. Confirmed Opt-In Process

This process, also known as double opt-in, verifies that an opt-in request came from the owner of the email address, and also checks that the address is not deactivated, mistyped or fraudulently subscribed.

14. Email Preference Center

The email preference center is the location for prospects to manage the lists they are subscribed to. Not only does this honor an individual’s email preferences, it also prevents complete opt-outs.

Where can you find it in Pardot? Pardot Email → Preferences Page

The link to your email preference center can be linked from a marketing asset using the merge tag:

15. Unsubscribe Page

Allow prospects to opt-out from your communications with one click. To ensure compliance with email regulations, an unsubscribe link (or email preference center link) is required in every email. An unsubscribe link can be inserted on a marketing asset using the merge tag {{Unsubscribe}} – refer to the previous image.

Where can you find it in Pardot? Pardot Email → Unsubscribe Page

16. Policy for Unengaged Prospects

For list hygiene purposes, and to avoid negatively impacting deliverability in the long term, you should have guidelines in place for removing prospects from mailing lists. This could be, for example, after sending X emails to a prospect with no engagement, you should remove them from that list. This will depend on your organization – how many emails you send, and how the prospects generally engage with your content (which could be down to the industry you’re in).

Identify what ‘unengaged’ means to your organization, and then set the appropriate duration using a ‘Frequency and Recency’ dynamic list.

Where can you find it in Pardot? Prospects → Segmentation → Segmentation Lists

17. Permission Pass

A permission pass is a one-time email sent to an out-of-date/unengaged prospect list. By clicking on an opt-in link, prospects prove that they are active and are interested in receiving further emails. You can get creative with the email copy to catch the recipient’s attention.

The set up involves a prospect custom field, a form, and an automation rule.

18. Sender Address

What Pardot uses for the ‘from’ email address when emails land in a recipient’s inbox. Not only does this help your recipients quickly identify who is contacting them, it also directly impacts your open rate success.
Multiple sender email addresses are available, for:

Free text: General User is a name and email address you type into the boxes provided.
Selected on an email-by-email basis: Specified User that you choose from a list of your Pardot users.
Dynamically pulled according to the prospect record: Account owner, assigned user, account CRM user custom field, prospect CRM user custom field.

Pardot Form and Landing Page Settings

Whether your forms are hosted in Pardot or not (i.e. form handlers), you should be aware of the following best practices to implement. Make sure the content and structure of your forms reflect the look and feel of your company, and be as transparent as possible regarding data processing.

19. Privacy Policy Link

A privacy policy explains how your company handles any customer or employee information captured and processed in its operations. Individuals have the right to know how their data will be processed, stored and shared. Your legal department should supply this.

20. Explicit Consent for Marketing Communications

Add a link to your organization’s privacy policy in the below form content. You need to gain explicit consent from the prospect (i.e. they are actively checking a checkbox) as it legitimizes the processing of prospect data.

This can be added to the ‘below form’ content in the form builder: Content → Forms

21. Form Layout Templates

Layout Templates are used to format forms with styling and tags. Some tags and links, e.g. where your privacy policy appears, are necessary for compliance.

Where can you find it in Pardot? Content → Layout Templates.

22. Terms of Use

Also referred to as ‘Terms of Conditions, this legal agreement describes the rules between a service provider, and a person who wants to use that service. Protect your company’s legal interests, manage the use of your website, and promote your organization as trustworthy.

This differs from the privacy policy because the Terms of Use explain to users how your company will collect, store, and use user data from the site.

Where can you find it in Pardot? Insert the link when creating a landing page/form in the builders.

23. Registration Thank you Page

A web page where prospects are redirected to immediately after they submit a form. This is where you set expectations on what will happen next – and you can use this space to get creative.

Where can you find it in Pardot? Content → Forms. In the form builder: Completion Action tab → the ‘Thank you Content’ or ‘Thank you Code’, depending on your content.

Summary

While the collection of features we’ve covered will give you the ‘leg up’, ultimately, sticking to good deliverability practices, data quality, and compliance, lies with you. Using the out-of-the-box settings is good, but you need to understand how these features should address your organization’s requirements.

Alongside the marketing team, you should involve the IT, legal, and sales departments during the process, to address topics such as database hygiene, privacy guidelines, the opt-out process, and others.

When matching Pardot up with deliverability and compliance regulation, a structured approach can make some of the murkier aspects clearer. If you have any doubts, check Pardot’s documentation, and seek a consulting partner.

This Pardot article written by:

Salesforce Ben | The Drip

Lucy Mazalon is the Head Editor & Operations Director at Salesforceben.com, Founder of THE DRIP and Salesforce Marketing Champion 2020.

Original Pardot Article: https://www.salesforceben.com/the-drip/pardot-deliverability-data-and-compliance/

Find more great Pardot articles at www.salesforceben.com/the-drip/

Pardot Experts Blog

We have categorized all the different Pardot articles by topics.

Salesforce Ben | The Drip

Lucy Mazalon is the Head Editor & Operations Director at Salesforceben.com, Founder of THE DRIP and Salesforce Marketing Champion 2020.

Original Pardot Article: https://www.salesforceben.com/the-drip/pardot-deliverability-data-and-compliance/

Find more great Pardot articles at www.salesforceben.com/the-drip/

Pardot Email Deliverability and Compliance: 23 Things You Should Know

Pardot Deliverability + Compliance Overview

Pardot Account Settings and Domain Management

1. Account Settings

3. Pardot Cookies Duration

3. First-party Tracking

4. Respect Do Not Track Browser Settings

5. Tracker Domains

6. Force HTTPS

7. Tracking Opt-in Preferences

8. DKIM & SPF Authentication

Prospect Opt-in and Email Preferences

9. BCC Email Compliance

10. Operational Emails

11. Prospect Deletion

12. Prospect Opt-out

13. Confirmed Opt-In Process

14. Email Preference Center

15. Unsubscribe Page

16. Policy for Unengaged Prospects

17. Permission Pass

18. Sender Address

Pardot Form and Landing Page Settings

19. Privacy Policy Link

20. Explicit Consent for Marketing Communications

21. Form Layout Templates

22. Terms of Use

23. Registration Thank you Page

Summary

Salesforce Ben | The Drip

Pardot Experts Blog

Pardot Topic Categories

More Pardot Articles

Salesforce Ben | The Drip

Pardot School