Apple kills email tracking pixels with Mail Privacy Protection

Apple’s forthcoming Mail Privacy Protection feature in macOS 12 Monterey, iOS 15, and iPadOS 15 stops senders from learning whether an email has been opened via email tracking pixels, and hides IP addresses so senders can’t learn a user’s location or use it to build a profile on them. App Privacy Report offers an overview of how apps use the access that has been granted to location, photos, camera, microphone, and contacts in the last seven days, and which other domains are contacted.

Apple kills email tracking pixels with Mail Privacy Protection

Mail Privacy Protection helps protect your privacy by preventing email senders from learning information about your Mail activity. If you choose to turn it on, it hides your IP address so senders can’t link it to your other online activity or determine your location. And it prevents senders from seeing if you’ve opened their email.

Juli Clover for MacRumors:

Much of this tracking is facilitated by remote images that load when viewing an email, and some of it is even sneakier, with advertisers using invisible tracking pixels. Tracking pixels are hidden graphics that you might not see in an email, but your email client loads them, allowing senders to gather data from you. Senders can see that you’ve opened an email get other information, such as your IP address.

When enabled, Mail Privacy Protection hides your IP address and loads all remote content privately in the background, routing it through multiple proxy services and randomly assigning an IP address.

MacDailyNews Take: Apple explains how Mail Privacy Protection can help stop email tracking pixels:

Emails that you receive may include hidden pixels that allow the email’s sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.

If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default – regardless of how you do or don’t engage with the email. Apple does not learn any information about the content.

In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple’s proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behavior. Apple does not access your IP address.


  1. J is half-right and half wrong. Yes, Outlook can be set to block the downloading of images, including images that trigger tracking code. So can Apple Mail. So can every other mail program I have ever heard of. In an ideal universe, nobody would ever download email images from an untrusted source.

    However, that isn’t very useful if the whole purpose of the email is to send you an image you want to receive, or if the content of the email is largely contained in embedded images. You can choose not to read emails like that, but it will wall you off from a lot of the universe.

    The new Apple Privacy Protection is entirely different. As I understand it, Apple downloads the images at a remote site, so the tracking code will–at most–report back the Internet address and other data for that site… not your email account. Then it forwards the email (tightly encrypted) to your actual mailbox with the images already opened. After sending the forwarded message, the remote site irrecoverably deletes its record of the message. When you open the email, the images need not be downloaded again, so there is no interaction between your actual address and the public internet, and therefore no tracking.

    You can even send outbound emails through the remote site, which will substitute a random address in the “sent by/respond to” headers. Reply emails sent to that address will be forwarded to your actual address after being scrubbed for tracking code. Email spammers will never see your actual address. They cannot use your email history to mine data, because each email recipient gets a different randomized alias.

    On top of all that, there is end-to-end encryption on the double-forwarded communications, so nobody… not Apple, not your boss, not the Government, but NOBODY has the means to decrypt them except by applying unreasonably huge computing resources over an impractically long time.

    It is a wonderful idea and it is no surprise that countries like China and Belarus have already banned it. I give it about six months until nearly every country has banned it in the name of crime detection and national security. I wish that weren’t so, but we live in a world where agents for one political party secretly subpoena the metadata of journalists and Congressmen from the other party. The Apple Privacy Protection plan would make that impossible, so I suspect it will be disallowed.

    The idea at least shows that Apple has its heart in the right place where it comes to privacy.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.