Apple Mail Privacy Protection’s Impact on Email

Apple Mail Privacy Protection’s Impact on Email

Apple Mail Privacy Protection’s Impact on Email

Back in June 2021, Apple announced Mail Privacy Protection (MPP) would be coming to their Mail app on iOS 15, iPadOS 15, and macOS Monterey devices.

The Basics

How will pixels be affected?

Open pixels will effectively be blocked. Since Apple will pre-fetch all images, this will report ALL emails opened in Apple Mail clients with MPP enabled as opened.


How much impact is MPP having on open tracking to date?

We are regularly sharing updates on Twitter and LinkedIn, so follow us there to stay apprised of the latest.



What about clicks? Will tracking on those be affected? What about bounces or other metrics?

When “iCloud Private Relay” (which will be a part of the new iCloud+ offering but is distinct from MPP) is enabled, all web browsing activities through Safari are encrypted and routed through multiple proxy servers. One interesting point to note is that Private Relay worked just as well over HTTP or HTTPS. This behavior is different than some sites are reporting, but in multiple tests, our actual IP address was masked over both HTTP and HTTPS sites.


Additionally, Apple has not been modifying the query string, nor have they been changing the user agent string. So, first-party click tracking is not impacted by this feature. Similarly, since MPP doesn’t actually change the mailbox provider (for that, users would use Hide My Email), bounces and complaints are not impacted by MPP.


When did MPP start?

The industry didn’t get a lot of time to prepare for this. Shortly after the June announcement, we started seeing iOS 15 beta activity in our testing. iOS 15 went live officially on September 20, 2021.


How do users control their Mail Privacy Protection via their iOS 15 Mail app?

Here is how the privacy protection feature will be presented to all iOS 15 users -->



What are the resulting implications when “Protect Mail Activity” is selected by a user?

Apple is pre-fetching images in an email, even for emails that have not been opened. This means almost all emails sent to recipients using the Mail app may have obfuscated results showing false opens.


Does it matter if the user is on Gmail or some other mail service?

The mail service doesn’t matter here, nor does where the user actually opens the email. If the user has their mail going to the Mail app on iOS 15, iPadOS 15, or macOS Monterey operating systems, Apple will pre-fetch those emails causing an open to be tracked even though it wasn’t a user open.


What if the user has iOS 15 and is using the Gmail app or some other email app that isn’t the native Apple Mail app?

It’s not the operating system alone allowing for this tracking. It’s only when the user has iOS 15 or MontereyOS AND has that same email address receiving their emails via the native Apple Mail app. If the user is on Gmail or another mail app that is not Apple Mail, even if on iOS 15, the privacy controls will not be in effect.


How many people use Apple’s Mail app?

As the world’s largest email sender delivering 40% of the world’s commercial and transactional email, we have a fairly good view of the world’s email footprint. In our 2021 Benchmark Report, we saw 38.1% of all opens and clicks coming from one of the Apple Mail app clients (but we are seeing closer to 50% in our data now), with 25.7% on iPhone, 9.6% on desktop and 2.8% on iPad. This is second only to Gmail (on mobile and desktop) as the largest market share of any device/client family.


Is location being lost?

Somewhat. When configuring Private Relay, the user is presented with two options for protecting their location information. The user can choose to have an anonymous IP address that preserves the user’s approximate location, or they can choose to have an IP address that will be located in a broader region.


In our testing, the IP address when choosing the first option was located in the metropolitan area that the test lived within, but it was not identifiable to their home neighborhood. When choosing the broader region option, the IP address was in an entirely different state, but it was still in the same country.


Assuming this behavior remains the same in the future, sites will still be able to use the IP information to make privacy compliance, segmentations, and similar geographic/regional decisions.


Why is Apple doing this?

Apple has long held the belief that privacy is a fundamental human right. It matches what a lot of governments in industrial nations across the world have been leaning into. This is something they are able to do as the owner of the distribution channel, and it’s a trend we’ve seen Apple follow with capping the IDFA tracking on other apps on the App Store, which has come with a fight from Facebook. Apple initiated these types of changes in email last year when they launched the Private Email Relay service which allows users to sign into apps with an anonymous, unique email address. With the release of iOS 14.5, when US-based users were prompted to authorize tracking by an app, 96% of the time they opted out of tracking, so we believe adoption of this new privacy feature will be extremely broad. We’ve also seen the demise of third-party cookies in the advertising industry, including on Apple’s Safari browser. It was inevitable that Apple would lean into privacy on open tracking too.


Do you think other mailbox providers will follow Apple’s strategy on this?

We’ve heard rumblings that this could happen in another major mailbox provider, so we do need to be prepared that opens could deprecate even more in the future.


How is Bird handling this in their products?

Our Inbox Tracker and Competitive Tracker products don’t use open pixels to track opens, so those will continue to work as they always have. On the sending side, we have recently added a field to both Signals Webhooks and the Events API to indicate when an open has been pre-fetched. These opens will still be included since they can be a valuable signal that an email address is valid. (Specifically, they indicate that the email address is linked to a powered-on Apple device, so it’s almost certainly associated with a “real” human being.) Nevertheless, the new flag will make it easy to see that these opens are different from actual engagement events and should be treated differently.


Next up, we’ll be adding the ability to distinguish prefetched and proxy opens in our Analytics Report UI and Metrics API. Bird is dedicated to continued innovation of our solutions to better serve email professionals who need better insight into the true performance of your email program.

The Technical Details

What are the technical details of what is happening here?

When a user receives an email at their mailbox provider, one of the Apple Mail apps pre-fetches the message without the user interacting with the message. This pre-fetching often does not happen immediately and occurs primarily when the user’s phone is plugged in and on wifi. Once the message is pre-fetched, the mail client then preloads and caches all of the images using Apple’s proxy service. This preloading of the images causes image pixels to fire, resulting in a false open.


What’s the difference between something opened behind a proxy and pre-fetched?

Descriptions for the different types of opens in this new world:


“Regular” Opens: These are emails that are opened by your intended recipient, and the open accurately conveys both that they opened the mail, as well as the device they used to view the mail and the IP that they accessed it from.


Proxied Opens: These are emails where the image open happens through a privacy proxy. The open was still initiated by your recipient, but the device and the IP/location information associated with the open are hidden from you.


Pre-fetched Opens: These are a new and special kind of open where the user's device opens the email and fetches (and caches) the image without them taking any action. For pre-fetched opens, it is impossible to tell if the actual recipient truly looked at your mail or if their device just pulled it and they never looked at it.


With all of these classifications, it is important to know that some small portion of emails (independent of the above types) are opened by and inspected by security services and may trigger “false opens.” These aren’t common, but when we say an open can be “trusted,” we really mean it can be relied on with high confidence.


Does a user have to actively use Mail.app for email to be impacted by MPP?

Let’s consider a common scenario: a user sets up their email account in Apple Mail.app, Gmail’s mobile app, and also routinely makes use of the Gmail web app. Even if the user rarely (or never) opens their email in Apple Mail.app, Mail Privacy Protection will still pre-load images because the email account was set up in Apple’s Mail.app. In this case, a sender will see opens from Apple’s image proxy and Gmail’s image proxy.


Is Apple pre-fetching all images now?

This is only seen when the user is on wifi and their device is plugged in.


How quickly is the pre-fetching happening?

According to our friends at Movable Ink, 85% of Apple Mail users who have clicked on a link saw the content rendered less than a minute prior to open.


Overall, given the manner in which MPP pre-fetches images, we are seeing open events happening anywhere between minutes to hours later. However, given the limitation that MPP only pre-fetches when on wifi and plugged in, the real-life impact to open-time optimization has been more limited than initially feared. It will be important to continue monitoring this as it could change at any time in the future.


Will MPP affect web tracking pixels that track web behavior?

Unless the user has blocked tracking via their browser, web tracking will work as it normally does. MPP will not affect web tracking.


How do we parse out the recipients that have MPP enabled? What should I be looking for?

Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. As for how Bird will handle this specifically, on the sending side, we will be adding a field to both Webhooks and the Events API to indicate when an open has been pre-fetched.


These opens will still be included since they can be a valuable signal that an email address is valid. (Specifically, they indicate that the email address is linked to a powered-on Apple device, so it’s almost certainly associated with a “real” human being.) Nevertheless, the new flag will make it easy to see that these opens are different from actual engagement events and should be treated differently. This capability will be coming in a few weeks. We will also incorporate this distinction into our Analytics Report UI and Metrics API in Q4.


What user-agent string tells me that MPP is enabled?

Per Google, a browser’s user-agent string helps identify which browser is being used, what version, and on which operating system. Currently, the user-agent string that Apple’s proxy servers are sending when requesting images is Mozilla/5.0. While there is no direct indication that this belongs to Apple’s image proxies, our testing indicates that the string does accurately identify requests coming from Apple’s image proxies. This, in turn, may allow senders to filter out Apple proxy opens from their metrics or segment them differently. It is unknown whether Apple will change this in the future. As such, it will be important for senders to monitor for changes to this string and to adjust accordingly.


Is Apple cloaking IP addresses?

Click tracking IPs will only be obscured if people opt in to Apple Private Relay (a separate product and part of iCloud+, also only being released in beta – that was a walkback by Apple).


Unique clicks will still be accurate either way as Bird tracks clicks uniquely per email sent (each link in each mail to each recipient is uniquely identified).


Does MPP still work if the message lands in the spam folder?

So far, we have not seen MPP pre-fetching images for emails delivered to the spam folder.


Will Apple Mail proxy respect the image caching headers?

No, MPP does not respect image cache headers. Images are cached for a period of 2-3 days. If no image cache header is applied, images seem to be cached indefinitely.


Will Apple report multiple opens if they pre-fetch the email and then the user actually opens?

No. The image will be cached for a certain amount of time and additional opens inside that window will not be reported.


Is Apple applying the Mail Privacy Protection to just the classic 1x1 pixel, or are they blocking all image loading (à la Outlook circa 2005)? And given that a lot of other content will be images, is there a way around this by adding tracking data to the other content in the email?

Apple is not blocking pixels but instead has their devices aggressively pre-fetch and cache all images in emails. So you will get an open regardless of whether the user actually opened the mail.


Is it safe to assume that bounced email addresses will continue to report bounces and will not report back opens?

Yes.


We are concerned about the impact on our spam trap controls (e.g. spam traps reporting engagement). Is there a perspective you can share about the potential for pristine spam traps to report opens given the answer to the question above (i.e. would the spamtrap operator need to sync their monitored mailbox in the iOS app for an open to come through)?

Yes, a trap operator would need to have an Apple Mail client attached to the inbox in question, which seems highly unlikely. A major trap operator told us that Apple is not involved in their monitoring process. The bigger risk in the industry is people abandoning non-engaging as a way of filtering their lists.


I’ve heard rumblings about Apple only pre-fetching when the phone is on wifi and plugged in. Are you seeing this too?

We've seen confirmation for our early theories that preloading only happens when the user is on wifi and their phone is plugged into power. As of now, there is no indication that Apple is planning on changing this behavior.


Is there a technical hack or workaround to overcome the impacts of MPP?

History has shown us that any technical workarounds to bypassing privacy-related functionality are often short-lived, harm your reputation, and are quickly closed. Even though early testing indicates there are some workarounds to Apple’s preloading of images, we believe senders should not rely upon or use these workarounds.


The following Mail Privacy Protection limitations have been observed in early beta testing: into Mail Privacy Protection have explicitly said they do not want providers tracking them via email opens. Using these sort of workarounds betrays that user trust, is bad practice, and ultimately harms your brand’s reputation.


• Pre-fetching primarily happens when the user is on wifi and when plugged in. Early testing indicates that preloading only happens when the user is on wifi and their phone is plugged into power. This behavior is a little unexpected and will be interesting to observe as Apple moves to General Availability for iOS15. In practice, what this means is that the open events are even more random than initially thought. It seems open events can occur when the user actually opens the message, or when the user hasn’t opened the message but is on wifi and the phone is charging – or some other combination of events that Apple decides. All of this points to the same conclusion: open tracking on Apple devices can’t be trusted.


• User-initiated open events are triggered when the image is loaded via external CSS.


• Testing also indicates that user-initiated open events are triggered when the image is loaded via an external CSS file. While on the surface this might seem like good news,we strongly recommend against using this approach. It’s extremely likely that Apple, like HEY already did, will close this loophole. But there is a more fundamental reason not to use this approach: users who have opted

Strategic Recommendations

What is considered the best practice way to handle MPP going forward? Are most companies removing the Apple Mail opens, or just reporting it with the expectation that it will be inflated?

Expand “engagement” to encompass both clicks and opens (if you haven’t already), and then ignore opens that come from the Apple MPP servers (as identified currently by the Mozilla/5.0 user-agent). We think this retains the utility of opens where they work and implicitly prepares senders for a possible future world where more providers do what Apple has done.


You should also consider looking at a customer’s engagement in other channels with your brand. One strategy we’re interested in is if no activity is seen in email, then look to other channels before determining if re-engagement is needed. If no activity is registered in other channels or in purchase activities, then it is safe to assume that the user needs to be re-engaged and potentially removed from the email list. It’s not perfect, but it will tell you about a customer’s brand engagement.


What will the effects on deliverability be when we’re no longer able to suppress folks who are unengaged?

Firstly, you will still be able to suppress the unengaged. You just need to look at metrics other than opens to determine if they are engaged or not. Most senders will have other metrics to measure engagement (clicks, website visits, purchases). If none of these apply, we suggest adding additional metrics. You can also implement a seed list to track inbox placement.


If you are concerned about gaining clicks and beyond in the conversion funnel, you can send emails containing gamification in different stages and offering some type of reward to subscribers: tell us more about you, update your profile – anything to get them to click/drive web traffic. Additionally, you can run multi-touch re-engagement emails to users who have no click or website/conversion activity after 90 days. If they don’t respond to your sequence, then you should probably sunset these users and try to get them to opt-in again via targeting in other channels.


How do I execute a deliverability warm-up in my new ESP now that I can’t see open engagement to warm up by using engaged subscribers?

For your unaffected audience, nothing changes. Before you move off of your old ESP to the new one, make sure you are flagging the non-Apple vs. Apple audiences at the record level.


For those on Apple, the list will be much smaller, but look for people that are closest to the brand in other ways, such as loyalty club members, recent purchasers, those that have recently clicked and have shown intent signals on other channels.


Should I consider double opt-in for all new subscribers?

This is not really specific to the Apple MPP, but most deliverability experts agree that you can never go wrong with double opt-in (Also known as COI – Confirmed Opt-In). Your list will be much cleaner, and your inboxing rate will be high. Blocklist vendors like Spamhaus will not be happy until the entire industry goes to COI, and they frequently require it in order to delist an IP that has been flagged as a spammer.


We send editorial, content driven emails. For us, success is an open, not a click. What should we do?

While you may not be primarily focusing on driving clicks to your main content, you can create gamified or interactive experiences to get clicks. Have a regular cadence of offering something different or special on the other side of a click. Asking people to update their profile, respond to a poll, visit a podcast page, or asking them to refer-a-friend for subscriptions are all viable options in understanding if a user is truly engaging.


Pay close attention to the negative feedback too – complaints, unsubscribes, and abuse reports, as well as Microsoft’s SNDS, and Google Postmaster Tools. If you see negative signals and a decrease in audience size month over month, you will want to make changes.


What other engagement metrics should I be looking at to understand audience engagement?

Clicks, site traffic from email, loyalty club status, and purchase data are all positive metrics to use to gather audience engagement.


Conversely, negative engagement metrics are useful as well. High complaint rates on a particular campaign or messaging stream could be an indicator of less engaged or low quality subscribers.


Will panel data become more valuable to evaluate performance for my audience?

It is going to be even more important for email senders to have more views of how their emails are performing. Bird’s Inbox Tracker and Competitive Tracker products don’t use open pixels to track opens, so those will continue to work as they always have. This will help email senders overcome some of the gaps in engagement reporting to help get an understanding of what’s going on with their emails. Additionally, monitoring inbox placement will become an even more crucial metric to track because assuming your emails have landed in the inbox based on opens will no longer be reliable.


Your new standard in Marketing, Payments & Sales. It's Bird

The right message -> to the right person -> at the right time.

Your new standard in Marketing, Payments & Sales. It's Bird

The right message -> to the right person -> at the right time.