4 Insights on the Not-Immediately-Obvious Impacts of iOS 15 Mail Privacy Protection Changes

There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  

Published by

Chris Adams

Date

Aug 25, 2021

Category

Email

Email

Email

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  


There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  


Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.


1. The Impact Goes Beyond iCloud.com Email Accounts

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 


2. Users Don’t Need to Actively Use Mail.App for Email to be Impacted by Mail Privacy Protection

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  


3. Regularly Monitor for Changes to the User-Agent String

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.


4. Do Not Depend On Technical Hacks or Workarounds

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 



The following Mail Privacy Protection limitations have been observed in early beta testing:


  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)


But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.


Change is inevitable. And with change, comes uncertainty.  

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.


~Chris Adams
Distinguished Engineer 


With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  


There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  


Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.


1. The Impact Goes Beyond iCloud.com Email Accounts

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 


2. Users Don’t Need to Actively Use Mail.App for Email to be Impacted by Mail Privacy Protection

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  


3. Regularly Monitor for Changes to the User-Agent String

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.


4. Do Not Depend On Technical Hacks or Workarounds

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 



The following Mail Privacy Protection limitations have been observed in early beta testing:


  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)


But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.


Change is inevitable. And with change, comes uncertainty.  

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.


~Chris Adams
Distinguished Engineer 


With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  


There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  


Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.


1. The Impact Goes Beyond iCloud.com Email Accounts

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 


2. Users Don’t Need to Actively Use Mail.App for Email to be Impacted by Mail Privacy Protection

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  


3. Regularly Monitor for Changes to the User-Agent String

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.


4. Do Not Depend On Technical Hacks or Workarounds

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 



The following Mail Privacy Protection limitations have been observed in early beta testing:


  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)


But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.


Change is inevitable. And with change, comes uncertainty.  

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.


~Chris Adams
Distinguished Engineer 


With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

Ready to see Bird in action?

Schedule a demo now.

The AI-first CRM for Marketing, Service and Payments

By clicking "Get a Demo" you agree to Bird's

The AI-first CRM for Marketing, Service and Payments

By clicking "Get a Demo" you agree to Bird's

The AI-first CRM for Marketing, Service and Payments

By clicking "Get a Demo" you agree to Bird's