Mailbutler News

Why Apple’s Mail Privacy Protection does not break Mailbutler’s Email Tracking feature

First published

15.10.2021

Last edited

18.10.2021

Read time

5 minutes


    By Fabian

    Former Tanzanian, now happily repatriated European, back in my birth-place of Berlin. I enjoy the little things in life, as well as traveling, hiking and spending time with good friends.

    Before I dive deeper into how Apple’s new Mail Privacy Protection impacts (or not) Mailbutler’s Tracking feature, just rest assured: Mailbutler’s tracking will continue to work – even with Mail Privacy Protection. Moreover, it is very important to understand that whether Mail Privacy Protection is affecting you depends on your recipients’ setup and not on yours.

    In the remainder of this article, I am going to explain how Apple plans to protect its users from tracking their email reading behavior and what kind of effects their technical implementation of this method has on Mailbutler’s Tracking feature.

    What is Mail Privacy Protection?

    In 2021, Apple introduces Mail Privacy Protection as part of their new operating system versions of iOS 15, iPadOS 15 and macOS 12 Monterey. The feature is part of their own email client Mail and needs to be manually enabled by each user on first launch of the Mail app.

    Quoting from Apple’s press release from June 7, 2021:

    In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address so it can’t be linked to other online activity or used to determine their location.

    Users who do not upgrade to the latest operating system versions do not benefit from Mail Privacy Protection. The same holds for users who use an alternative email client, such as Gmail, Spark, AirMail, or others.

    Just for the record, Apple did not invent this mechanism: Google already implemented a very similar privacy protection strategy in Gmail a couple of years ago. Mailbutler is still able to provide email tracking functionalities if the recipient is using Gmail as their preferred email application.

    Impact of Mail Privacy Protection on our Tracking feature

    Recap: Inner workings of Mailbutler’s Tracking feature

    As you might already know, Mailbutler brings Tracking as one of its email-enhancing features to your favorite email application. When sending a tracked email, an invisible image (a so-called tracking pixel) is inserted and sent together with your email. The image is unique to that exact email. As soon as the recipient of your email opens the message in their email application, the application automatically loads all contained images – including our tracking pixel – to allow displaying them to the recipient.

    Mailbutler's Tracking system explained

    This loading of images means requesting the content of each image from the web server that stores the corresponding image. Consequently, the web server knows about each request to load and display an image. As the invisible tracking pixel is uniquely associated with your email, our web server can expect the email to have been opened, because only then the invisible tracking pixel image would have been requested.

    Each time the tracking pixel is requested from our web server, Mailbutler stores the information about the image loading request, which logically can only originate from the recipient of your email. Such an image loading request contains the originating IP address and some identifier about the requesting application, the so-called user agent.
    From the IP address Mailbutler can further derive the recipient’s geographical location and time zone. This information is not very precise and therefore we only derive the country-level and avoid showing incorrect city-level information.
    The user agent is used to know about the recipient’s email application (or web browser), the used device type, and also about the used operating system, such as Windows or macOS.

    Mailbutler’s Tracking feature displays all of this collected information in a clear and comprehensible way in its tracking details. Mailbutler users can see a timeline of all open events from the recipient, including the country from which the email was opened and also the application and device information for each event.

    Technical implications of Mail Privacy Protection

    As mentioned above, email tracking works by including an invisible tracking pixel image as part of the contents of tracked emails. When the recipient’s email application loads this image to display it to the user, our servers collect information about the geographical location and the used email application, device type and operating system.

    If a recipient uses the latest version of Apple Mail and enabled Mail Privacy Protection, the aforementioned image loading process is modified:

    • When the recipient opens a tracked email, the contained images (including Mailbutler’s tracking pixel) are not loaded directly by Mail from the remote server. Instead, Mail requests the image from Apple’s own dedicated proxy server, which itself checks whether it has loaded the exact same image before and otherwise loads it from the remote server.
      By this indirection our servers do not receive an image loading request from the user’s computer, but only from Apple’s proxy server. Consequently, Mailbutler does not know about the originating IP address and also the email application’s user agent is not part of that request.
    • If the recipient does not open an email within a certain (unknown) time interval, Mail still loads all contained images via the proxy server. Therefore, an image loading request for the invisible tracking pixel will get triggered at some unknown point in time after a tracked email was sent. This leads to Mailbutler’s servers assuming that the tracked email was opened by the recipient, even though this event was triggered by Mail Privacy Protection’s internal image loading process.

    What does this mean for Mailbutler’s Tracking accuracy?

    First of all, we need to differentiate between different recipient groups of tracked emails:

    1. Recipients who do not use an Apple device
    2. Recipients who do not use Apple Mail to read their emails
    3. Recipients who do not use the latest Apple operating system
    4. Recipients who use the latest Apple operating system, but did not enable Mail Privacy Protection
    5. Recipients who use the latest Apple operating system and have Mail Privacy Protection enabled

    When a tracked email is sent to a recipient of the first four user groups, then tracking works as accurately as it has always done. There are no limitations to the general mechanism as described above. This includes the country from where the email was opened and the email application, the device type and the operating system the recipient used to read the tracked email.

    Based on recent email application statistics, more than 60% of all users will be in one of the first four user groups and will therefore not be affected by Apple’s introduction of Mail Privacy Protection.


    Mailbutler’s Tracking Details still provides information about the recipient using Mail Privacy Protection

    When a tracked email is sent to a recipient of the fifth user group (less than 40% of all users), tracking is still functioning:

    • It provides the date and time when the recipient opens the email.
    • It provides coarse information about the geographical location, e.g. Europe or North America.
    • It provides information about the recipient using a recent version of Mail that has Mail Privacy Protection activated.

    Apple’s Mail Privacy Protection hides the following information from Mailbutler’s Tracking system, if activated by the recipient:

    • Exact email application, device type and operating system version
    • Exact country from where the tracked email was opened

    If the recipient uses Mail Privacy Protection, Mailbutler’s tracking system might also show so-called false positive open events in cases when the recipient never opens a tracked email and Mail loads the invisible tracking pixel image automatically at some unknown point in time.

    Recommended articles

    Leave a comment

    Your email address will not be published. Required fields are marked *