3 observations from iOS 15’s Mail Privacy Protection public beta

Responding to a beta release is always a bit of a moving target. That said, Cordial has identified three observations that might give some indication as to what is going on behind the scenes at Apple amid the iOS 15 release. 

Key technical background

First, if you’re not familiar with the technical changes, Apple has a post from WWDC that helps explain the network underpinnings of iCloud Private Relay. We expect these underpinnings to be the same for Mail Privacy Protection so we make use of that description to fill in some assumptions.

Second, here’s some important context on Cordial’s traffic. Cordial routes all internet traffic through Cloudflare’s network. Cloudflare is both a CDN and a provider of network security and computing tools. The majority of Cordial’s consumer-facing bandwidth consumption are images delivered through Cloudflare’s CDN, including open pixels—the invisible images used to track whether a recipient viewed images in an email and therefore likely opened the message. Cloudflare enables us—and any other customer—to access specific underlying network data in order to better serve our traffic.

Three observations: retrieving, caching, and proxies

While testing the iOS 15 beta’s Mail Privacy protection, we’ve observed the following:

1. Every image in the message is retrieved.  

There is no discrimination for size, placement, or URL components (domain, port, etc.). Something to consider if a significant portion of your mail volume and site traffic is from iOS devices is whether your network can handle the additional traffic generated by this change. For example, if you have an average open rate for iOS of 15% and 50% of your contacts use Apple Mail, the contents of messages sent to Apple Mail recipients may need to be delivered 3.3x more than prior to the rollout.

2. Images are cached somewhere outside of our purview.

After the images are downloaded, they’re not downloaded again. This suggests that caching is happening elsewhere in the network chain and is an open question for our team. Based on the public explanation from Apple, there are 3 locations for the image caching to take place: The Apple Mail client, the Ingress Proxy, or the Egress Proxy. There are both privacy and performance implications to caching at each of the three locations and we’re eager to understand how this will impact our network and the internet at large.

3. The origin of the requests are proxies—not surprising given the public explanation from Apple. 

The proxies as of August 25, 2021, included Cloudflare (ASN: 13335), Akamai (ASN: 36183), and Fastly (ASN: 54113).  Given the product design and privacy goals, it isn’t surprising that these three CDNs are involved. Additionally, we observed that requests tended to be grouped together on a single CDN, then rotated to another CDN after approximately 90 minutes. Even though clustered requests used the same IP address, subsequent requests from the same CDN (more than 90 minutes later) had a new address in use.

We’re continuing to track early adoption, stay tuned for our next article in our iOS 15 series, which will look at the emerging impact on open rates by source network. For further reading on this topic, check out these resources:

• Are you iOS 15 ready?
• What the upcoming changes to Apple iOS mean to you
• Keep your eye on the prize as Apple makes changes to tracking email opens
• iOS 15 brings enhanced email privacy features: 6 things marketers should do today