En junio de 2021, Apple anunció que Mail Privacy Protection (MPP) llegaría a su aplicación Mail en dispositivos con iOS 15, iPadOS 15 y macOS Monterey.
Business in a box.
Descubre nuestras soluciones.
Habla con nuestro equipo de ventas
Los fundamentos
¿Cómo se verán afectados los píxeles?
Los píxeles abiertos serán efectivamente bloqueados. Dado que Apple realizará una pre-carga de todas las imágenes, esto reportará TODOS los correos electrónicos abiertos en clientes de Apple Mail con MPP habilitado como abiertos.
¿Cuánto impacto está teniendo MPP en el seguimiento de aperturas hasta la fecha?
Estamos compartiendo regularmente actualizaciones en Twitter y LinkedIn, así que síguenos allí para mantenerte informado sobre las últimas novedades.
¿Qué pasa con los clics? ¿El seguimiento de estos se verá afectado? ¿Y qué hay de los rebotes u otras métricas?
Cuando “iCloud Private Relay” (que será parte de la nueva oferta de iCloud+ pero es distinta de MPP) está habilitado, todas las actividades de navegación web a través de Safari están encriptadas y pasan por múltiples servidores proxy. Un punto interesante a notar es que Private Relay funcionó igual de bien en HTTP o HTTPS. Este comportamiento es diferente al que algunos sitios están informando, pero en múltiples pruebas, nuestra dirección IP real estaba enmascarada tanto en sitios HTTP como HTTPS.
Además, Apple no ha estado modificando la cadena de consulta, ni ha estado cambiando la cadena del agente de usuario. Por lo tanto, el seguimiento de clics de primera parte no se ve afectado por esta función. De manera similar, dado que MPP no cambia realmente el proveedor de correo (para eso, los usuarios usarían Hide My Email), los rebotes y quejas no se ven afectados por MPP.
¿Cuándo comenzó MPP?
La industria no tuvo mucho tiempo para prepararse para esto. Poco después del anuncio en junio, comenzamos a ver actividad beta de iOS 15 en nuestras pruebas. iOS 15 se lanzó oficialmente el 20 de septiembre de 2021.
¿Cómo controlan los usuarios su Protección de Privacidad de Correo a través de su aplicación Mail de iOS 15?
Aquí está cómo se presentará la función de protección de privacidad a todos los usuarios de iOS 15 -->
¿Cuáles son las implicaciones resultantes cuando un usuario selecciona “Proteger Actividad de Correo”?
Apple está pre-cargando imágenes en un correo electrónico, incluso para correos electrónicos que no han sido abiertos. Esto significa que casi todos los correos enviados a destinatarios que usan la aplicación Mail pueden tener resultados ofuscados mostrando aperturas falsas.
¿Importa si el usuario está en Gmail o en algún otro servicio de correo?
El servicio de correo no importa aquí, ni tampoco dónde el usuario realmente abre el correo electrónico. Si el usuario tiene su correo yendo a la aplicación Mail en iOS 15, iPadOS 15 o macOS Monterey, Apple pre-cargará esos correos causando que se registre una apertura incluso si no fue una apertura por parte del usuario.
¿Qué pasa si el usuario tiene iOS 15 y está usando la aplicación de Gmail o alguna otra aplicación de correo que no sea la aplicación nativa de Apple Mail?
No es sólo el sistema operativo el que permite este seguimiento. Es solo cuando el usuario tiene iOS 15 o MontereyOS Y tiene esa misma dirección de correo electrónico recibiendo sus correos a través de la aplicación nativa Apple Mail. Si el usuario está en Gmail u otra aplicación de correo que no es Apple Mail, incluso si está en iOS 15, los controles de privacidad no estarán en efecto.
¿Cuántas personas usan la aplicación Mail de Apple?
Como el mayor remitente de correos electrónicos comerciales y transaccionales del mundo, entregando el 40% de los correos electrónicos comerciales, tenemos una visión bastante buena del panorama mundial del correo electrónico. En nuestro Informe de Referencia de 2021, vimos que el 38.1% de todas las aperturas y clics provinieron de uno de los clientes de la aplicación Apple Mail (pero ahora estamos viendo más cerca del 50% en nuestros datos), con el 25.7% en iPhone, 9.6% en escritorio y 2.8% en iPad. Esto solo es superado por Gmail (en móvil y escritorio) como la mayor cuota de mercado de cualquier familia de dispositivos/clientes.
¿Se está perdiendo la ubicación?
En cierto modo. Al configurar Private Relay, se presentan al usuario dos opciones para proteger su información de ubicación. El usuario puede elegir tener una dirección IP anónima que preserve la ubicación aproximada del usuario, o puede optar por tener una dirección IP que esté ubicada en una región más amplia.
En nuestras pruebas, la dirección IP al elegir la primera opción estaba ubicada en el área metropolitana donde se realizó la prueba, pero no se podía identificar con su vecindario. Al elegir la opción de región más amplia, la dirección IP estaba en un estado completamente diferente, pero aún estaba en el mismo país.
Asumiendo que este comportamiento permanece igual en el futuro, los sitios aún podrán utilizar la información IP para cumplir con la privacidad, realizar segmentaciones y tomar decisiones geográficas/regionales similares.
¿Por qué está haciendo esto Apple?
Apple ha mantenido durante mucho tiempo la creencia de que la privacidad es un derecho humano fundamental. Coincide con lo que muchos gobiernos de naciones industriales de todo el mundo han estado promoviendo. Esto es algo que pueden hacer como propietarios del canal de distribución, y es una tendencia que hemos visto seguir a Apple al limitar el seguimiento IDFA en otras aplicaciones de la App Store, lo cual generó una confrontación con Facebook. Apple comenzó estos tipos de cambios en el correo electrónico el año pasado cuando lanzaron el servicio Private Email Relay, que permite a los usuarios registrarse en aplicaciones con una dirección de correo electrónico única y anónima. Con el lanzamiento de iOS 14.5, cuando los usuarios con sede en EE. UU. fueron solicitados a autorizar el seguimiento por una aplicación, el 96% de las veces optaron por no ser rastreados, por lo que creemos que la adopción de esta nueva función de privacidad será extremadamente amplia. También hemos visto el fin de las cookies de terceros en la industria publicitaria, incluso en el navegador Safari de Apple. Era inevitable que Apple también fuera hacia la privacidad en el seguimiento de aperturas.
¿Crees que otros proveedores de correo seguirán la estrategia de Apple en esto?
Hemos oído rumores de que esto podría suceder en otro proveedor de correo importante, por lo que debemos estar preparados para que las aperturas se deprecien aún más en el futuro.
¿Cómo está manejando Bird esto en sus productos?
Nuestros productos Inbox Tracker y Competitive Tracker no utilizan píxeles de apertura para rastrear aperturas, por lo que continuarán funcionando como siempre lo han hecho. En el lado del envío, hemos agregado recientemente un campo tanto a Signals Webhooks como a la Events API para indicar cuándo se ha pre-cargado una apertura. Estas aperturas seguirán incluyéndose ya que pueden ser una señal valiosa de que una dirección de correo electrónico es válida. (Específicamente, indican que la dirección de correo electrónico está vinculada a un dispositivo de Apple encendido, por lo que casi con certeza está asociada con un ser humano “real”). Sin embargo, la nueva marca facilitará ver que estas aperturas son diferentes a los eventos de compromiso reales y deben ser tratadas de manera diferente.
A continuación, agregaremos la capacidad de distinguir aperturas pre-cargadas y mediante proxy en nuestro Analytics Report UI y Metrics API. Bird se dedica a la continua innovación de nuestras soluciones para servir mejor a los profesionales del correo electrónico que necesitan una mejor comprensión del rendimiento real de su programa de correo electrónico.
Los Detalles Técnicos
What are the technical details of what is happening here?
When a user receives an email at their mailbox provider, one of the Apple Mail apps pre-fetches the message without the user interacting with the message. This pre-fetching often does not happen immediately and occurs primarily when the user’s phone is plugged in and on wifi. Once the message is pre-fetched, the mail client then preloads and caches all of the images using Apple’s proxy service. This preloading of the images causes image pixels to fire, resulting in a false open.
What’s the difference between something opened behind a proxy and pre-fetched?
Descriptions for the different types of opens in this new world:
“Regular” Opens: These are emails that are opened by your intended recipient, and the open accurately conveys both that they opened the mail, as well as the device they used to view the mail and the IP that they accessed it from.
Proxied Opens: These are emails where the image open happens through a privacy proxy. The open was still initiated by your recipient, but the device and the IP/location information associated with the open are hidden from you.
Pre-fetched Opens: These are a new and special kind of open where the user's device opens the email and fetches (and caches) the image without them taking any action. For pre-fetched opens, it is impossible to tell if the actual recipient truly looked at your mail or if their device just pulled it and they never looked at it.
With all of these classifications, it is important to know that some small portion of emails (independent of the above types) are opened by and inspected by security services and may trigger “false opens.” These aren’t common, but when we say an open can be “trusted,” we really mean it can be relied on with high confidence.
Does a user have to actively use Mail.app for email to be impacted by MPP?
Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s mobile app, and also routinely makes use of the Gmail web app. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.
Is Apple pre-fetching all images now?
This is only seen when the user is on wifi and their device is plugged in.
How quickly is the pre-fetching happening?
According to our friends at Movable Ink, 85% of Apple Mail users who have clicked on a link saw the content rendered less than a minute prior to open.
Overall, given the manner in which MPP pre-fetches images, we are seeing open events happening anywhere between minutes to hours later. However, given the limitation that MPP only pre-fetches when on wifi and plugged in, the real-life impact to open-time optimization has been more limited than initially feared. It will be important to continue monitoring this as it could change at any time in the future.
Will MPP affect web tracking pixels that track web behavior?
Unless the user has blocked tracking via their browser, web tracking will work as it normally does. MPP will not affect web tracking.
How do we parse out the recipients that have MPP enabled? What should I be looking for?
Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. As for how Bird will handle this specifically, on the sending side, we will be adding a field to both Webhooks and the Events API to indicate when an open has been pre-fetched.
These opens will still be included since they can be a valuable signal that an email address is valid. (Specifically, they indicate that the email address is linked to a powered-on Apple device, so it’s almost certainly associated with a “real” human being.) Nevertheless, the new flag will make it easy to see that these opens are different from actual engagement events and should be treated differently. This capability will be coming in a few weeks. We will also incorporate this distinction into our Analytics Report UI and Metrics API in Q4.
What user-agent string tells me that MPP is enabled?
Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.
Is Apple cloaking IP addresses?
Click tracking IPs will only be obscured if people opt in to Apple Private Relay (a separate product and part of iCloud+, also only being released in beta – that was a walkback by Apple).
Unique clicks will still be accurate either way as Bird tracks clicks uniquely per email sent (each link in each mail to each recipient is uniquely identified).
Does MPP still work if the message lands in the spam folder?
So far, we have not seen MPP pre-fetching images for emails delivered to the spam folder.
Will Apple Mail proxy respect the image caching headers?
No, MPP does not respect image cache headers. Images are cached for a period of 2-3 days. If no image cache header is applied, images seem to be cached indefinitely.
Will Apple report multiple opens if they pre-fetch the email and then the user actually opens?
No. The image will be cached for a certain amount of time and additional opens inside that window will not be reported.
Is Apple applying the Mail Privacy Protection to just the classic 1x1 pixel, or are they blocking all image loading (à la Outlook circa 2005)? And given that a lot of other content will be images, is there a way around this by adding tracking data to the other content in the email?
Apple is not blocking pixels but instead has their devices aggressively pre-fetch and cache all images in emails. So you will get an open regardless of whether the user actually opened the mail.
Is it safe to assume that bounced email addresses will continue to report bounces and will not report back opens?
Yes.
We are concerned about the impact on our spam trap controls (e.g. spam traps reporting engagement). Is there a perspective you can share about the potential for pristine spam traps to report opens given the answer to the question above (i.e. would the spamtrap operator need to sync their monitored mailbox in the iOS app for an open to come through)?
Yes, a trap operator would need to have an Apple Mail client attached to the inbox in question, which seems highly unlikely. A major trap operator told us that Apple is not involved in their monitoring process. The bigger risk in the industry is people abandoning non-engaging as a way of filtering their lists.
I’ve heard rumblings about Apple only pre-fetching when the phone is on wifi and plugged in. Are you seeing this too?
We've seen confirmation for our early theories that preloading only happens when the user is on wifi and their phone is plugged into power. As of now, there is no indication that Apple is planning on changing this behavior.
Is there a technical hack or workaround to overcome the impacts of MPP?
History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harm your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds.
The following Mail Privacy Protection limitations have been observed in early beta testing: into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad practice, and ultimately harms your brand’s reputation.
• Pre-fetching primarily happens when the user is on wifi and when plugged in. Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.
• User-initiated open events are triggered when the image is loaded via external CSS.
• Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news,we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. But there is a more fundamental reason not to use this approach: users who have opted
Recomendaciones Estratégicas
What is considered the best practice way to handle MPP going forward? Are most companies removing the Apple Mail opens, or just reporting it with the expectation that it will be inflated?
Expand “engagement” to encompass both clicks and opens (if you haven’t already), and then ignore opens that come from the Apple MPP servers (as identified currently by the Mozilla/5.0 user-agent). We think this retains the utility of opens where they work and implicitly prepares senders for a possible future world where more providers do what Apple has done.
You should also consider looking at a customer’s engagement in other channels with your brand. One strategy we’re interested in is if no activity is seen in email, then look to other channels before determining if re-engagement is needed. If no activity is registered in other channels or in purchase activities, then it is safe to assume that the user needs to be re-engaged and potentially removed from the email list. It’s not perfect, but it will tell you about a customer’s brand engagement.
What will the effects on deliverability be when we’re no longer able to suppress folks who are unengaged?
Firstly, you will still be able to suppress the unengaged. You just need to look at metrics other than opens to determine if they are engaged or not. Most senders will have other metrics to measure engagement (clicks, website visits, purchases). If none of these apply, we suggest adding additional metrics. You can also implement a seed list to track inbox placement.
If you are concerned about gaining clicks and beyond in the conversion funnel, you can send emails containing gamification in different stages and offering some type of reward to subscribers: tell us more about you, update your profile – anything to get them to click/drive web traffic. Additionally, you can run multi-touch re-engagement emails to users who have no click or website/conversion activity after 90 days. If they don’t respond to your sequence, then you should probably sunset these users and try to get them to opt-in again via targeting in other channels.
How do I execute a deliverability warm-up in my new ESP now that I can’t see open engagement to warm up by using engaged subscribers?
For your unaffected audience, nothing changes. Before you move off of your old ESP to the new one, make sure you are flagging the non-Apple vs. Apple audiences at the record level.
For those on Apple, the list will be much smaller, but look for people that are closest to the brand in other ways, such as loyalty club members, recent purchasers, those that have recently clicked and have shown intent signals on other channels.
Should I consider double opt-in for all new subscribers?
This is not really specific to the Apple MPP, but most deliverability experts agree that you can never go wrong with double opt-in (Also known as COI – Confirmed Opt-In). Your list will be much cleaner, and your inboxing rate will be high. Blocklist vendors like Spamhaus will not be happy until the entire industry goes to COI, and they frequently require it in order to delist an IP that has been flagged as a spammer.
We send editorial, content driven emails. For us, success is an open, not a click. What should we do?
While you may not be primarily focusing on driving clicks to your main content, you can create gamified or interactive experiences to get clicks. Have a regular cadence of offering something different or special on the other side of a click. Asking people to update their profile, respond to a poll, visit a podcast page, or asking them to refer-a-friend for subscriptions are all viable options in understanding if a user is truly engaging.
Pay close attention to the negative feedback too – complaints, unsubscribes, and abuse reports, as well as Microsoft’s SNDS, and Google Postmaster Tools. If you see negative signals and a decrease in audience size month over month, you will want to make changes.
What other engagement metrics should I be looking at to understand audience engagement?
Clicks, site traffic from email, loyalty club status, and purchase data are all positive metrics to use to gather audience engagement.
Conversely, negative engagement metrics are useful as well. High complaint rates on a particular campaign or messaging stream could be an indicator of less engaged or low quality subscribers.
Will panel data become more valuable to evaluate performance for my audience?
It is going to be even more important for email senders to have more views of how their emails are performing. Bird’s Inbox Tracker and Competitive Tracker products don’t use open pixels to track opens, so those will continue to work as they always have. This will help email senders overcome some of the gaps in engagement reporting to help get an understanding of what’s going on with their emails. Additionally, monitoring inbox placement will become an even more crucial metric to track because assuming your emails have landed in the inbox based on opens will no longer be reliable.
