22 Points on Pardot Deliverability, Data, and Compliance

Share this article...

Pardot offers settings that help you towards your own organizational standards in Data Privacy, and stay compliant with legislation, such as GDPR. Legal, IT & sales departments should be involved during Pardot implementations alongside the Marketing team, to address topics such as database hygiene, privacy policy guidelines, unsubscribe process, and more.

Are you looking for a structured approach when dealing with Pardot and legal compliance? Have you decided to implement Pardot using the out-of-the-box settings, without addressing your own legal requirements? Regardless of where you are in terms of Pardot data management and compliance, you should find multiple answers within this article.

“FormAssembly”

 

Outline

22 points?! Don’t worry, the following 22 points are split into 4 main parts:

  • Pardot Account Settings and Domain Management
  • Prospect Opt-in & Email Preferences
  • Pardot Form Settings
  • Pardot Landing Page Settings

Each point that contains a quick description, how to locate the setting in Pardot, and of course, how to configure it.

 What it is.Why you need it. Where you can find it in Pardot.
Account SettingsThis is where you will find the %%account_address%% variable tag, which needs to be populated for CAN-SPAM compliance.CAN-SPAM compliance requires you have a physical mailing address included in all email footers.Pardot Settings → Account Information → Edit
Browser Do-Not-Track SettingsWhen enabled, this feature prevents a third party to capture activities from a website and record them in another system.Stay compliant with legal requirements.Pardot Settings → Account Information → Edit
Pardot Cookies DurationPardot admins can adjust the duration of Pardot “visitor_id” and “pi_opt_in” tracking cookies from 180 to 3650 days.Stay compliant with your organisation’s Privacy Policy.Pardot Settings → Account Information → Edid
BCC Email ComplianceBCC Email Compliance allows you to retain a record of Pardot emails sent and to who, stored in a third-party system designed for this archiving. It’s a common requirement in some industries, such as Financial Services.Pardot Settings

It’s available for an extra cost for Pardot Plus and Advanced Edition customers, so ask your Pardot account executive for more information.
Operational Email SendingOperational Emails are used to bypass opt-in status for non-marketing messages.So you can send critical notifications or operational messages. Pardot Settings → Account Information → Edit
Tracker DomainsUse your branded corporate URL with Pardot marketing assets. Prospects will feel more confident clicking on branded links, as opposed to go.pardot.com links.

Enabling SSL for tracker domains makes them more secure ( https://, and not http//:)
Pardot Settings → Domain Management
DKIM & SPF AuthenticationSPF refers to a process to validate an email sent from an authorized server to prevent spam. DKIM allows a sender to claim responsibility for a message that is to be validated by the recipient via a “public key”.See box to the left.Pardot Settings → Domain Management
Tracking Opt-in PreferencesYou can request a visitor to opt-in to tracking on their first visit to one of your tracked pages. It’s best practice to Request opt-in from all visitors in the EU.Pardot Settings → Domain Management → Edit Tracking Opt-In Preferences
Prospect DeletionYou can decide to permanently remove a Prospect, or leave it in the recycle bin in case you want to undelete it. Useful for database hygiene and/or to honor a prospect deletion request Prospect Record -> Click Delete.
Prospect List -> Select All prospect in the list -> Click Delete
Prospect Opt-outWhen a prospect requests to be unsubscribed via email or phone call, you can unsubscribe them from the prospect’s record - manually or with automation.Important for honoring an individual’s email preferences, and failing to do so can put you at risk of a breach.Prospect → Prospect List* → select the Prospect record → Check the ‘Opt-Out’ field
Confirmed Opt-In ProcessThis process verifies that an opt-in request came from the owner of the email address, and also checks that the address is not deactivated, mistyped or fraudulently subscribed.See box to the left.For more information, read: The Secret to Building a Double Opt-In Mechanism in Pardot
Email Preference CenterThe central location for your prospects to manage the public lists they are subscribed to. Important for honoring an individual’s email preferences, and preventing unsubscribes/opt-outs.Pardot Email → Preferences Page
Unsubscribe PageTo ensure CAN-SPAM compliance, it is required that an unsubscribe link is included in every email. Allow a prospect to unsubscribe and opt-out from your communications. Pardot Email → Unsubscribe Page
Policy for Unengaged ProspectsAfter sending X emails to a prospect with no engagement, you should remove them from your mailing list.For list hygiene purposes and to not negatively impact deliverability in the long term. Prospects → Segmentation → Segmentation Lists
Permission PassA one-time email you send to prospects in an out-of-date list.By clicking on an opt-in link, Prospects prove that they are both active and consent to further marketing emails. The set up involves a prospect custom field, a form and an automation rule.
Sender AddressThis is what Pardot puts as your email ‘From’ address. Several types of sender email addresses are available : Account Owner, Assigned User, Specified User, General User. When sending an Email -> select the ‘Sending’ and choose your Sender address.
Privacy Policy LinkThe Privacy Policy explains how your company handles any customer or employee information gathered in its operations.Individuals have the right to know how their data will be processed, stored and shared. n/a - your legal department should supply this.
Explicit Consent for Marketing CommunicationsAdd a link to your organisation’s Privacy Policy form content. You need to have an explicit consent for Marketing Communication as it legitimizes the processing of prospect data.This can be added to the ‘below form’ content in the form builder: Content → Forms
Form Layout TemplatesLayout Templates are used to format forms with styling and tags. Some tags and links, such as where your privacy policy appears, are necessary for compliance (see point 17).Content → Layout Templates.
Cookie Opt-in BannerA popup that appears to inform prospects a Pardot cookie is tracking their activity on your landing pages or website.Stay compliant with legal requirements.Pardot Settings → Domain Management → Edit Tracking Opt-In Preferences
Terms of UseWay to protect your company’s legal interests, manage the use of your website and promote your business as a professional and trustworthy organization. This legal agreement describes multiple rules between a service provider and a person who wants to use that service.n/a - your legal department should supply this.
Registration Thank you PageWeb page where prospects are redirected to immediately after they submit their information from your form. A thank you page aims to provide instructions on what will happen next.Content → Forms. In the Form Builder: Completion Action tab → the ‘Thank you Content’ or ‘Thank you Code’, depending on your content.

Section A: Pardot Account Settings and Domain Management

These settings are controlled by Pardot Admins for the whole account.

1. Account Settings

This is where you will find the %%account_address%% variable tag, which needs to be populated for CAN-SPAM compliance. CAN-SPAM compliance requires you have a physical mailing address included in all email footers.

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

2. Enforce Browser Do-Not-Track Settings

When enabled, this feature prevents a third party to capture activities from a website and record them in another system. Activities excluded would include:

  • Page, form and landing page views
  • File downloads
  • Custom redirect clicks

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

3. Pardot Cookies Duration

Pardot admins can adjust the duration of Pardot “visitor_id” and “pi_opt_in” tracking cookies from 180 to 3650 days. Existing cookies are updated to the new duration when content with tracking code is visited.

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

4. BCC Email Compliance

BCC Email Compliance allows you to retain a record of Pardot emails sent and to who, stored in a third-party system designed for this archiving. It’s a common requirement in some industries, such as Financial Services. It’s available for an extra cost for Pardot Plus and Advanced Edition customers, so ask your Pardot account executive for more information.

Where can you find it in Pardot? Account settings

5. Operational Email Sending

Operational Emails are used to bypass opt-in status for non-marketing messages, so you are able to send critical notifications or operational messages.

Where can you find it in Pardot? Pardot Settings → Account Information → Edit

6. Tracker Domains

Tracker domains are added to an account (using CNAME records) to mask Pardot hosted content (images, pages, assets) with your branded corporate URL. Prospects will feel more confident clicking on branded links, as opposed to go.pardot.com links. It’s highly recommended to enable SSL for tracker domains, to make them more secure – beginning with https://, and not http//:

Where can you find it in Pardot? Pardot Settings → Domain Management → Tracker Domain

7. DKIM & SPF Authentication

For each domain you want to send email from, a domainkey has to be generated in Pardot to achieve the best deliverability.

SPF refers to a process to validate an email sent from an authorized server to prevent spam. DKIM allows a sender to claim responsibility for a message that is to be validated by the recipient via a “public key”.

Where can you find it in Pardot? Pardot Settings → Domain Management

8. Tracking Opt-in Preferences

You can request a visitor to opt-in to tracking on their first visit to one of your tracked pages. It’s best practice to Request opt-in from all visitors in the EU.

The displayed message doesn’t appear again unless a visitor clears their browser cookies and can be adjusted with a specific link and link style. It is to be configured as you cannot track people who have not given their consent (ie. opted-in).

You can set this to “Request opt-in from all visitors before tracking visitors” or “Request opt-in if visitor comes from specific countries”.

Where can you find it in Pardot? Pardot Settings → Domain Management → Edit Tracking Opt-In Preferences

Section B: Prospect Opt-in & Email Preferences

Most of the following settings can be managed by the Sales & Marketing teams (under legal department approval).

9. Prospect Deletion

Ensure a process has been defined on Prospect deletion. These processes are important to set-up for database hygiene, GDPR compliance and also maintain your credibility toward people who may no longer wish to communicate with you.

When a Lead or Contact is deleted in Salesforce, Pardot sends the associated Prospect to the Pardot recycle bin. Then you can decide to permanently remove it, or leave it in the recycle bin in case you want to undelete it.

Where can you find it in Pardot? Prospect Record or Prospect List → Select Delete from the dropdown menu.

10. Prospect Opt-out

When a prospect requests to be unsubscribed via email or phone call, you can unsubscribe them from the prospect’s record. This is important for honoring an individual’s email preferences, and failing to do so can put you at risk of a breach. Make sure an internal process has been defined to identify whether this process has to be done automatically or manually.

Where can you find it in Pardot? Prospect → Prospect List* → select the Prospect record → Check the ‘Opt-Out’ field

(or search for individual Prospect in the search bar)

11. Confirmed Opt-In Process

This process, also known as Double Opt-in, verifies that an opt-in request came from the owner of the email address, and also checks that the address is not deactivated, mistyped or fraudulently subscribed.

For more information, read: The Secret to Building a Double Opt-In Mechanism in Pardot

12. Email Preference Center

The Email Preference Center is the central location for your prospects to choose what they want to receive regarding your marketing emails. Having a preference centre can prevent prospects from unsubscribing.

Where can you find it in Pardot? Pardot Email → Preferences Page

13. Unsubscribe Page

Allows your prospects to unsubscribe from your Marketing Communication. When filled and confirmed, Pardot will automatically unsubscribe the given prospect. An unsubscribe link can be inserted on a Marketing asset using the merge tag {{Unsubscribe}}​​​​​​​.

Where can you find it in Pardot? Pardot Email → Unsubscribe Page

14. Policy for Unengaged Prospects

How will you treat unengaged Prospects? After sending X emails to a prospect with no engagement, you should remove them from your mailing list for list hygiene purposes and to not negatively impact deliverability in the long term. An internal process has to be created to identify what you mean by ‘unengaged’, and then set the appropriate duration using a ‘Frequency and Recency’ dynamic list.

Where can you find it in Pardot? Prospects → Segmentation → Segmentation Lists

15. Permission Pass

A Permission Pass is a one-time email you send to prospects in an out-of-date list. By clicking on an opt-in link, Prospects are added back to your mailable-safe list, proving that they are both active and consent to further marketing emails.

Where can you find it in Pardot? The set up involves a prospect custom field, a form and an automation rule.

16. Sender Address

This is what Pardot allows you to put as your email ‘From’ address. It is useful to help your recipients identify quickly who is contacting them. It is a factor that will directly impact your open rate success.

You can choose one of the following Senders for your emails:

  • Account owner: Refers to the owner of a Salesforce Contact the prospect is associated with. If there is no account owner the system checks for an assigned user.
  • Assigned user: Refers to the prospect’s assigned lead or contact owner in Salesforce. If there is no assigned user, the system checks for a specified user or a general user.
  • Specific user: A specific user you choose from a list of Pardot users.
  • General user: A name and email address you specify.

Where can you find it in Pardot? Choose from the ‘Sending’ tab in the Pardot email builder.

Section C: Pardot Form Settings

Whether your forms are hosted in Pardot or not (Form Handlers), you should be aware of the following settings to implement regardless of which you use. Make sure the content and structure of your forms reflect the look and feel of your company and be as transparent as possible regarding data processing.

17. Privacy Policy Link

The Privacy Policy explains how your company handles any customer or employee information gathered in its operations. Individuals have the right to know how their data will be processed, stored and shared.

Where can you find it in Pardot? Your legal department should supply this, for it to be uploaded somewhere on your website.

18. Explicit Consent for Marketing Communications

Add a link to your organisation’s Privacy Policy to your ‘below form’ content, which is supplied by your legal team. Due to GDPR compliance, you need to have explicit consent for Marketing Communication as it legitimizes the processing of prospect data.

Where can you find it in Pardot? This can be added to the ‘below form’ content in the form builder: Content → Forms

19. Form Layout Templates

Layout Templates are used to format forms with styling (fonts, colours, border sizes etc.), and links/tags for compliance (see point 17).

Where can you find it in Pardot? Implement when creating form layout templates: Content → Layout Templates.

Section D: Pardot Landing Page Settings

Whether your landing page are Pardot hosted or not, the following topics have to be managed by your Marketing and Legal teams.

20. Cookie Opt-in Banner

A popup that appears to inform prospects a Pardot cookie is tracking their activity on your landing pages or website. The standard message displays as: “May we use cookies to track your activities? We take your privacy very seriously. Please see our privacy policy for details and any questions” – but the text and style is also customisable.

Where can you find it in Pardot?

21. Terms of Use/Terms of Condition

This explains how your company handles any customer, client or employee information gathered in its operations. It is a way to protect your company’s legal interests, manage the use of your website and promote your business as a professional and trustworthy organization.

It differs from Privacy Policies, as Term of Use are meant to explain to users how your company will collect, store, and use user data from the site.

Where can you find it in Pardot? Link to insert when creating a form in the form builder.

22. Registration Thank you Page

Webpage where prospects are redirected to immediately after they submit their information from your form. A thank you page aims to provide instructions on what will happen next.

Where can you find it in Pardot? Content → Forms. In the Form Builder: Completion Action tab → the ‘Thank you Content’ or ‘Thank you Code’, depending on your content.

Summary

Pardot has multiple features that help data compliance and many of them are accessible from any Pardot editions. In case you have any doubts, check Pardot’s documentation or seek a consulting partner.

Consider those 22 points not as an exhaustive list but as a way to open discussion to create specific processes to improve your customers’ confidence in the processing of their data. In an era where multiple data protection scandals occur, it’s certainly not a waste of time putting these measures in place.

4 thoughts on “22 Points on Pardot Deliverability, Data, and Compliance

  1. Does anyone have any experience with Pardot emails to a customer using Mimecast? Getting bounced and not sure why.

    1. Hey Bri,
      I have had similar issue with one of my clients before.
      It appears that the recipient’s mail server has strict spam policies in place such as they do not allow marketing emails which is what you are sending from Pardot. Many large and public companies (for example, London Stock Exchange) have spam policies in place for external email, resulting in Mimecast blocking external emails.
      I suggest that you reach out to these prospects/companies and ask them if they would like to receive emails from your company. So they can further ask their IT department to whitelist emails from @yourdomain.com & bounce.mc.pd25.com (check your Pardot server domain).

Add Comment