Apple Mail Privacy Protection, four years in

Apple Mail Privacy Protection, shipped in iOS 15 in September 2021, pre-fetches all remote images in an email the moment the message arrives in a user's Apple Mail inbox — whether or not the user ever opens it. The pre-fetch happens through proxy servers that strip IP addresses. Tracking pixels embedded in the email fire anyway.Source · AppleUse Mail Privacy Protection on iPhoneApple's official documentation of Mail Privacy Protection behaviour, including image pre-fetching and IP masking.support.apple.com/guide/iphone/use-mail-privacy-protection-iph2a7a6fdac/ios

The consequence: for any user on Apple Mail with MPP enabled — and that's now the default for all new Apple Mail users — your email appears to have been opened the moment it arrives, regardless of whether the human actually looked at it. The open rate, as a signal of human behaviour, died the week iOS 15 shipped.

The second-order consequence: send-time optimisation, send-based triggers, and re-engagement rules that depended on opens all broke quietly. Most programs didn't notice for months because the numbers went up, not down.

Before 2021, the open rate was doing four distinct jobs at the same time, which is why losing it caused so much breakage. Job one: a proxy for content resonance, used to compare subject-line performance in A/B tests. Job two: a trigger signal, used to fire follow-up emails ("they opened it but didn't click"). Job three: a user-engagement signal, used to separate active subscribers from dormant ones for list hygiene. Job four: a diagnostic, used to tell whether deliverability was failing.

MPP killed all four at different rates. The A/B testing job died first because Apple users are a meaningful share of tested audiences. The trigger-signal job died next because trigger-fired emails started going to users who had never actually seen the original. The engagement-signal job died more slowly because it was already a weak signal. And the diagnostic job lingered — open rates still mean something in aggregate if you segment out Apple users — but the noise-to-signal ratio collapsed.

The programs that handled MPP best were the ones that knew which of these four jobs they were actually doing in each place. Programs that treated open rate as a single metric got blindsided.

For content resonance, use click rate instead of open rate. Click is still a real human action, and MPP doesn't inflate it. Click rate is lower-volume and therefore statistically noisier per send — but the noise is honest noise, not inflated noise. The A/B testing guide covers how to size tests against the lower-volume click metric.

For triggers that previously fired on opens, rebuild them on clicks or on downstream actions. A user who clicked a link in the email is genuinely engaged; a user who opened it in Apple Mail might not have seen it at all. If the trigger really needs pre-click engagement — some onboarding flows legitimately do — accept that you're now triggering on an inflated proxy and adjust the downstream messaging to assume less intent.

For engagement-based list hygiene, expand the engagement definition beyond opens. A user is engaged if they: clicked any link in the last N days, visited the product, completed any key action, or received mail that successfully delivered without bouncing. This is a multi-signal engagement score rather than a single metric. Requires more data-engineering work than the old open-based approach but survives the next privacy change because it doesn't depend on any single signal.

The Orbit Lifecycle Reporting skill handles the composite engagement score and how to surface it in dashboards without turning the whole thing into a data-science project.

Not nothing. The open rate still works as a deliverability diagnostic at the aggregate level — a sudden drop in opens (even an inflated opens number) is a real signal that delivery has degraded. It still works for non-Apple Mail segments, so if your audience skews Android or web-based, open rate retains more signal than the averages suggest. And it still works as a rough engagement floor — a user whose open rate is zero for a year is definitely disengaged, regardless of MPP.

The trap is using open rate for anything that compares across Apple and non-Apple users. A subject-line test that looks like a winner because Apple users inflate one variant's open rate is a false positive. Always segment open-rate analysis by client to see the underlying signal.

Four years on, the programs that weathered MPP best share a pattern. They rebuilt their measurement layer once, early, instead of patching it incrementally. They moved triggers off opens to clicks or product events. They kept open rate in dashboards as a diagnostic but stopped treating it as a KPI. And they invested in the composite engagement score that doesn't depend on any single signal.

Programs that didn't adapt show up as confused data now. Their open rates are up year-over-year because of MPP inflation, which looks like success to anyone not in the weeds. Their click rates are flat or declining because the underlying audience quality is drifting but nobody's caught it. Their re-engagement programs are firing on inflated opens and producing lower-quality reactivated cohorts than they used to. These are the programs still measuring like 2020, even though 2020 ended four years ago.