ProtonMail's Enhanced Tracking Protection: A new privacy protection hybrid

Today’s guest post comes from my colleague Jennifer Nespola Lantz, VP of Industry Relations and Deliverability at Kickbox, keeping us updated on yet another change that affects email privacy and tracking. Take it away, Jennifer!

🔔 Ding, ding, ding 🔔 More fun updates about privacy in email. But first, those sneaky ‘spy pixels’ in email are still out there plundering the email world. So to combat them, we have another competitor out there vehemently shaking their fist in their air at them.

Full disclosure, I’ve been an active user and proponent of open tracking as a tool for deliverability, but because it’s early in the week, I thought it would be fun to play the antagonist.

On January 20th, Bleeping Computer reported on ProtonMail’s introduction of their email tracker blocking system. ProtonMail’s support page confirms that their new “enhanced tracking protection” is now enabled by default for all users. From what I’ve seen so far, this is somewhat of a hybrid version of the approach to ‘spy trackers’ that blocks images versus proxying them automatically. Tied into that is some flavor of Apple’s Mail Privacy Protection IP proxy protection sprinkled in (WTTW has a great summary on how MPP works).

Some initial thoughts on this news:

  • ProtonMail is not the first and will certainly not be the last. Since ProtonMail has always been very privacy forward, it doesn’t surprise me much. Expect to see more. How quickly and how each provider will roll this out is still up in the air.
  • This is turned on by default so the only choice is really to enable tracking. I don’t know about others, but I can’t imagine a service that touts privacy will have many users converting back to allowing tracking.
    • I signed in with an account already in existence and I did not see the settings available. But, when I created a new account, ta-da!!! Privacy! What I didn’t notice right away was my old account was using an old bookmarked URL. If you want to access or see the new settings, make sure you use If you see, you won’t see the new goodies available.
  • Although ProtonMail will alert the user of what is being blocked, the way they describe tracking, ‘spy trackers,’ doesn't give the impression these are "good" things to have. So even for those that may want to enable it, I’m sure this positioning makes for a good deterrent.
  • Currently this enhancement is only available in their web app, so the impact will not be felt across the board, yet.
  • Which leads them to recommend that the "ask before loading remote content" setting stay on since “enhanced tracking protection” is not available everywhere.
  • Because the trackers are blocked, ProtonMail needs to go through a learning phase before they can truly identify all trackers. So there may be some that slip through the cracks, but don’t expect it to last forever. Plus if the users do adhere to the “Ask before loading remote content” recommendation, some of those image downloads will be prevented.
  • ProtonMail’s MPP inspiration comes from using proxy IPs to download any other image not identified as a tracker. So if yours does slip through the cracks, for now, the IP data will still be protected on the recipient side.
  • Unless the click activity is proxied or constantly engaged, click trackers (URL redirects) will still be working as they do today. In other words, not everything is blocked.

Let’s not forget though that provider-led blocking isn't the only way to block images. Consumers can and have been using features that disable remote loading of images for a long time. Whether it was for privacy or speed of downloads when the Internet was a bit slower, this image blocking is not new. And it’s one of the many reasons why opens were never really an accurate view of open activity. 

So as we continue to inch our way closer to pre-fetching, image proxy, or blocking of all images, some things to consider: 

  • Multi-part is a good thing for your content. Meaning you shouldn’t send just HTML, but opt to send a combination of HTML and text version. This allows those that only want text to get text.

    In your text version, have a nice summary of your email, offers, and links. I used to work on platforms that would create a very generic text version, “Can’t see this email, click here.. The good thing there for a sender is it forces a recipient to click and then you can track their actions from there.

    The negative of this approach is, if a user is disabling HTML, they’re not going to just want a link. And if that is all you send them, you may either lose that customer or drive a complaint. Give them what they want, a little privacy with all your good content.
  • For image heavy emails that put offers or key details in images, make sure your alt text is descriptive enough to replace the image when they aren't downloaded. Since image blocking isn’t going away and may even be highlighted as a feature for privacy, don’t let your email content suffer or have your customer miss out on key information.
  • Postcard emails and very image heavy emails  may want to be rethought. There have always been recommendations out there to have a good image to text ratio for deliverability. And the argument was there for accessibility reasons and for image blocking reasons. I don’t see that going away either.

The writing is on the wall that we need to get creative with how we measure campaign and program success and it cannot be at the detriment of the customer base. However, with that said, there is still something to be said about the value in opens. They may still provide some trending that we can lean on to identify a change in performance or deliverability.

For those who proxies images, like Apple, it’s almost a benefit as it’s a sanity check on your deliverability rate. As soon as opens drop, you know you are starting to hit the spam folder because currently Apple is only proxying images that are in the inbox (why waste resources on unwanted mail anyway).

There is an overhead to using proxies and pre-fetching emails. And there is a gap for blocking perceived trackers and I’m sure this will be exploited. So it’ll be interesting to see how the next rollout looks and the approach that is taken. 

Until next time!

Post a Comment