4 Insights on the Not-Immediately-Obvious Impacts of iOS 15 Mail Privacy Protection Changes

Chris Adams

25 Aug 2021

Email

1 min read

4 Insights on the Not-Immediately-Obvious Impacts of iOS 15 Mail Privacy Protection Changes

Key Takeaways

    • Mail Privacy Protection (MPP) affects any email account configured in Apple Mail—not only iCloud addresses.

    • MPP triggers image preloading even if the user never opens Apple Mail, inflating open rates unpredictably.

    • Apple’s image proxy currently uses a Mozilla/5.0 user-agent, which can help identify proxy opens—but this may change.

    • Technical workarounds to bypass MPP are unreliable, short-lived, and risk damaging brand reputation.

    • Early testing shows MPP preloading is non-deterministic, often occurring only on Wi-Fi and while charging.

    • CSS-based image loads still trigger user-initiated opens, but exploiting this behavior is discouraged.

    • The core takeaway: open tracking on Apple devices is no longer trustworthy, and senders must shift toward more privacy-centric engagement measures.

Q&A Highlights

  • What does Mail Privacy Protection (MPP) actually change?

    MPP preloads email images through Apple’s proxy servers, masking true user-initiated opens and making open rates unreliable for users on iOS 15, iPadOS 15, and macOS Monterey.

  • Does it only affect iCloud or Apple email addresses?

    No. Any mailbox added to Apple Mail—Gmail, Yahoo, Outlook, custom domains, etc.—is affected once MPP is enabled.

  • How much of a sender’s list will typically be affected?

    Roughly 30–40% of recipients, depending on the audience’s Apple device adoption.

  • Does the user need to read email in Apple Mail for MPP to apply?

    No. Merely having the account added to Apple Mail is enough. Even if they mainly use Gmail’s app or webmail, Apple Mail still preloads images in the background.

  • Can senders detect Apple’s proxy traffic?

    Currently, Apple’s proxy uses a Mozilla/5.0 user-agent string. While this can be used for segmentation, Apple may change this at any time, so ongoing monitoring is required.

  • Why are technical workarounds discouraged?

    They are quickly closed, harm sender reputation, violate user expectations of privacy, and often mimic identifiable “tracking-evasion” patterns that providers view negatively.

  • What early limitations were observed during testing?

    Image preloading tends to occur only when devices are:

    • on Wi-Fi, and

    • plugged into power
      This makes proxy opens even more random and unrelated to user behavior.

  • Do CSS-based tracking methods still work?

    External CSS can still trigger user-initiated opens, but exploiting this is considered bad practice and will almost certainly be blocked in future updates.

  • What does MPP mean for measuring engagement?

    Open tracking is no longer a reliable signal. Senders must shift toward click-based metrics, preference tracking, on-site behavior, or zero/first-party data collection.

  • What mindset should senders adopt moving forward?

    The focus should return to the fundamentals: sending relevant, high-value content people want to engage with—not relying on opens as a primary success metric.

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  

There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  

Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  

There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  

Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.

Back in June, we initially reported about the upcoming changes in iOS 15. Since that time, there has been a lot of discussion, articles and webinars about the topic.  

There’s no doubt the iOS 15 Mail Privacy Protection changes are significant and will have a direct impact on how marketers track the success of their email programs. When faced with such a drastic and sudden change, it’s only natural to try and seek out ways that will keep or rationalize the status quo.  

Below are four insights on the more nuanced and not immediately obvious impacts of the iOS 15 changes.

1. The Impact Goes Beyond iCloud.com Email Accounts

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 

Mail Privacy Protection will impact any email account that is set up within the Apple Mail.app in iOS 15, iPadOS 15, or MacOS Monterey. Generally, we expect this to impact 30-40% of a recipient’s user list. 

2. Users Don’t Need to Actively Use Mail.App for Email to be Impacted by Mail Privacy Protection

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s App, and also routinely makes use of the Gmail Web App. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.  

3. Regularly Monitor for Changes to the User-Agent String

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.

4. Do Not Depend On Technical Hacks or Workarounds

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 

The following Mail Privacy Protection limitations have been observed in early beta testing:

  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)

But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 

The following Mail Privacy Protection limitations have been observed in early beta testing:

  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)

But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harms your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds. 

The following Mail Privacy Protection limitations have been observed in early beta testing:

  • Preloading primarily happens when the user is on wifi and when plugged in.
    Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.

  • User-initiated open events are triggered when the image is loaded via external CSS.
    Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news, we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. (Read the Twitter thread.)

But there is a more fundamental reason not to use this approach: users who have opted into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad-practice, and ultimately harms your brand’s reputation.

Change is inevitable. And with change, comes uncertainty.

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.

~Chris Adams
Distinguished Engineer 

With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.

~Chris Adams
Distinguished Engineer 

With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

It’s important to remember that the ultimate goal was never about tracking opens – but instead to reach our target audience by sending emails that recipients want to engage with. As long as senders keep that as their north star, we’ll all adapt together to find new user and privacy-centric ways to measure the results.

~Chris Adams
Distinguished Engineer 

With the help of the dream team: George Schlossnagle, April Mullen, Elliot Ross, and Koertni Adams

Other news

Read more from this category

A person is standing at a desk while typing on a laptop.

The complete AI-native platform that scales with your business.

Contact sales

Start for free

© 2025 Bird

Contact Support

A person is standing at a desk while typing on a laptop.

The complete AI-native platform that scales with your business.

Contact sales

Start for free

© 2025 Bird

Contact Support

A person is standing at a desk while typing on a laptop.

The complete AI-native platform that scales with your business.

Contact sales

Start for free

© 2025 Bird

Contact Support