Apple Mail Privacy Protection: How It Killed Open Tracking (and What to Do Now)
Since iOS 15, Apple Mail pre-fetches every tracking pixel, so open rates from Apple users became fiction. Here is how to rebuild meaningful engagement metrics.
For two decades the open rate was the headline metric of every email report. Then in September 2021 Apple shipped Mail Privacy Protection (MPP) with iOS 15, and the metric stopped meaning anything for roughly 60% of consumer email. Three years later most marketing teams are still optimising for a number that no longer correlates with anything real.
This article explains exactly how MPP works, why every workaround you have heard about does not actually work, and what to track instead. The good news: engagement signals have never been more accurate. The bad news: you have to rebuild your dashboards.
What MPP Actually Does
When a user opens Apple Mail on iOS 15+, macOS 12+ or iPadOS 15+, the app pre-fetches every remote resource referenced in every newly received message. This happens in the background, from Apple-controlled proxies, regardless of whether the user opens the email or even sees the notification.
The pre-fetch produces:
- A "fake open" for every tracking pixel.
- An IP address geolocated to one of Apple Privacy Relay regions (not the user).
- A user-agent that looks like Apple Mail.
- No correlation with actual reading behaviour.
The pre-fetch happens once, usually within minutes of delivery, sometimes hours later if the device is offline.
Who Is Affected
Anyone on iOS 15+, iPadOS 15+ or macOS Monterey+ using the built-in Mail app with MPP enabled (the default during onboarding). That is roughly:
- ~60% of consumer email opens in the US, UK and Italy.
- ~40% of B2B email opens.
- ~10% of corporate email opens (where Apple Mail is less common).
The percentage drifts upward every quarter as more iPhones enter the Apple Mail ecosystem and as macOS adoption grows.
Why The "Workarounds" Do Not Work
"Just look at the user agent"
MPP requests come from Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) — the same UA real Apple Mail clients send. You cannot distinguish a prefetch from a human open.
"Filter by IP geolocation"
Apple uses iCloud Private Relay infrastructure with rotating IPs that geolocate to roughly the user country. The IP is not the proxy farm, and the proxy farm IPs are documented but huge and change weekly.
"Track only the second pixel"
This sometimes worked in 2022. Apple now caches the pre-fetch and may re-fetch on display, but inconsistently. You cannot rely on the count.
⚠️ Warning: Any vendor still selling you "real opens vs MPP opens" segmentation is selling you noise. Be polite, switch metric.
What Replaces Open Rates
The metrics that still work are the ones a server can only see when a real human acts:
Click-Through Rate (CTR)
Clicks are still real. Make sure your tracking domain is HTTPS, signed and aligned with DKIM so it does not break authentication. Use CTR as your primary engagement signal.
Reply Rate
Replies are the strongest engagement signal of all. They also boost domain reputation directly. Where appropriate, add a one-line "reply if anything is wrong" footer to transactional mail.
Conversion Rate
Did the user perform the next action — sign in, purchase, click the verify link? Tie your email send IDs to your application events. This is the metric MPP cannot touch.
Unsubscribe Rate as Inverse Signal
An unsubscribe is a strong negative engagement signal. Track it per-template and per-segment. Anything above 0.3% is a warning, above 0.5% is a list-quality problem.
Rebuilding the Funnel
Here is the post-MPP funnel that makes sense:
| Stage | Metric | Trustworthy? |
|---|---|---|
| Sent | Accepted by receiver | Yes |
| Delivered | No bounce within 72h | Yes |
| Inboxed | Seedlist + Postmaster reputation | Indirect but reliable |
| Engaged | Click, reply, conversion | Yes |
| Open | Pixel fetched | No (post-MPP) |
What About Gmail and Outlook?
Both also pre-fetch images via their proxies, but only after the user opens the message, not before. So Gmail and Outlook open rates remain a noisy but useful signal. Apple is the outlier because the prefetch happens before display.
A reasonable practical model: report engagement as CTR; report opens only for Gmail and Outlook segments; never use opens as a list-cleaning criterion alone.
List Hygiene Without Opens
Pre-MPP, the standard hygiene rule was "no opens in 90 days = remove from list". That rule is now broken — MPP users will register pre-fetched opens forever even if they never read your email.
The new rule:
- If the recipient has clicked anything in 180 days, keep.
- If never clicked but received in last 90 days, suppress with caution (test).
- If never clicked and any hard bounce, remove.
- If complaint rate above 0.3%, segment is bad regardless of opens.
The Silver Lining
MPP forces every team to focus on metrics that actually matter. Open rate was always weak — it just looked good in slides. CTR and reply rate force you to write emails worth clicking and replying to. The teams that have already pivoted now ship higher-converting campaigns and have cleaner lists than they did pre-MPP.
One Practical Setup
For a SaaS sending invoices, password resets, weekly digests and onboarding nudges, here is a sane configuration:
- Invoices: do not track opens, track only click on "view PDF". Conversion = downloaded.
- Password reset: do not track at all. This is plumbing.
- Weekly digest: track CTR per section. Aim 8-12%. Below 5% means content is stale.
- Onboarding: track conversion to feature use, not open.
If you would rather not stitch all this together yourself, Target SMTP separates pre-fetched opens from probable human opens using request timing heuristics, and reports CTR and conversion natively. The Send-Time Firewall can also block sends when a recipient has zero engagement over a configurable window, preventing the slow list-rot that MPP made invisible.