Apple Link Tracking Protection: What impact does it have on the tracking of links in your emailings?

Two years after the major upheaval caused by the image caching in ios15Apple is now tackling link tracking!

Announced at WWDC23On June 5, 2023, at the same time as the beta release of iOS 17, iPadOS 17 and macOS Sonoma, this change attracts the attention of the emailing community.

Will we still be able to count clicks in emails? What parameters will be penalized in our URLs (Uniform Resource Locator) ?

The official release is scheduled for mid-September for iOS and iPadOS, and for autumn for macOS. In the meantime, here's what we know about the subject.

This article is based on numerous analyses published in recent weeks on the subject, all of which are mentioned for the sake of transparency. At the time of writing, Apple Link Tracking Protection (ALTP) is still in beta. There may therefore be changes between now and its release.

In short, what is the impact of Apple Link Tracking Protection?

On email campaigns, we can conclude that Apple Link Tracking Protection (ALTP) currently has almost no impact. ALTP aims to protect users' privacy by removing certain URL parameters that enable users to be tracked between different websites. Apple is clearly targeting advertising platforms rather than email campaign tracking.

In fact, it's the methodology of calculating clicks in emails via redirects that enables email tracking to be preserved.

How are clicks calculated in emails?

That's an important prerequisite to reading this article, and if you'd like to learn more about email stats, feel free to read our guide to emailing statistics !

Understanding email tracking is not that simple, and we won't spend too much time on it in this article, so let's concentrate on what's important here: tracking links and measuring clicks.

To measure a click in an email, the most common solution is to use a redirect, which allows the emailing solution to record the information before sending the web user back to the final destination.

For example, if you link to <a href="<https://www.example.com/my/product/?mc_eid=abc&coolid=abc>">Mon lien</a> in your email. When it is sent, your emailing platform will transform it into something that looks like this https//click.example.com/track/click/c3qm4z4eif7qs4cdqms

At the moment of clicking, the surfer goes through two successive stages (without realizing it):

1. The redirect page (which registers the click) : https//click.example.com/track/click/c3qm4z4eif7qs4cdqms
2. The final destination page : https://www.example.com/my/product/?mc_eid=abc&coolid=abc

It's worth noting that some (rare) emailing platforms don't use redirection to measure clicks. In this case, they add parameters to the final url, which are retrieved by a script on the destination page.

What is Apple trying to protect its users from with LTP?

With Link Tracking Protection, Apple's primary target seems to be advertising platforms, with Facebook Meta and Google in the lead.

Apple's aim is to prevent (or reduce as far as possible) the possibility of tracking users between different websites, in order to protect their privacy.

We all know that Apple (whether sincere or not) wants to protect its users' privacy. To this end, Apple has already put in place a number of protection mechanisms, notably with regard to cookies.

With LTP, Apple is tackling a bypass method linked to the limited effectiveness of third-party cookies. Since third-party cookies no longer work, many ad networks add parameters to the links to identify the user as they wander.

So Apple is attacking these parameters. And it's not going to be easy.

Take a look at the LTP presentation video: https://developer.apple.com/videos/play/wwdc2023/10053/?time=1521

Which environments are affected by the "Link Tracking Protection" from Apple?

While everyone's talking about iOS 17 in the context of the ALTP release, it's mainly Safari version 17 that's concerned. It's important to note that according to Similar WebIn July 2023, Safari accounted for over 25% of the world's web browsing. Far from negligible.

But LTP is not just integrated into Safari. The functionality is also present in Apple Mail and Apple Message. Whether on iPhone, iPad or macOS.

As a reminder, Apple Mail accounts for over 50% of openings worldwide. See our article dedicated to emailing benchmarks.

Finally, LTP is automatically activated in "private mode" in Safari. But Apple, as with Mail Privacy Protection, is going to suggest that users activate it by default. And adoption rates will undoubtedly be enormous.

Technically, how does "Link Tracking Protection" work?

As explained above, LTP will attempt to remove parameters passed in URLs that carry means of identifying Internet users moving from one website to another. Currently, only a list of parameters from https://privacytests.org/ is suppressed by "Link Tracking Protection".

For example, when you click on this link :

<a href="https://www.example.com/my/product/?mc_eid=abc&coolid=abc">Link</a>

It will become :

https://www.example.com/my/product/?coolid=abc

On closer inspection, the list of parameters is relatively limited. It mainly contains ad network IDs (DoubleClick, Google, Facebook, etc.). Nevertheless, the list does include IDs used by emailing tools.

Here is a list of email tools whose settings are affected by Link Tracking Protection (LTP):

• HubSpot
• Drip
• Mailchimp
• Adobe Marketo
• MailerLite
• Omeda
• Vero

The IDs of the emailing solutions concerned are only those that identify the surfer when they arrive on a web page. These are the IDs that act in a similar way to a cookie.

In addition, we have already received confirmations from some emailing solutions that are not affected:

• Actito (product team confirmation)
• Bloomreach (see this article)
• Mindbaz (see this article)

We'll update the list as we go along.

Impact of redirection on LTP

There is one piece of information on which there seems to be consensus. It's the important difference between URLs that are redirected and URLs that are not redirected.

In the event of a redirect, the parameters that were not "visible" in the redirect URL are not deleted by Apple, unless the Internet user is using Safari Safe Browsing (very rare cases). And as the overwhelming majority of email solutions use this mechanism, LTP has virtually no impact on them.

Let's take our example from above.

• The link in the email: <a href="https://www.example.com/my/product/?mc_eid=abc&coolid=abc">Mon lien</a>
• The redirect page (which registers the click) : https//click.example.com/track/click/c3qm4z4eif7qs4cdqms
• The final destination page : https://www.example.com/my/product/?mc_eid=abc&coolid=abc

If there is a redirection, parameter mc_eid= is retained, even though it is included in the list of parameters deleted by LTP.

Let's go back to the same example, but without the :

• The link in the email: <a href="https://www.example.com/my/product/?mc_eid=abc&coolid=abc">Mon lien</a>
• The final destination page : https://www.example.com/my/product/?coolid=abc

Without redirection, the parameter is deleted.

There are only a handful of email routers that don't use redirects to track email links. So, at present, the impact on email marketing is extremely limited.

Knak's blog has put together a table explaining the various redirection scenarios:

In the end, what we'll remember is that :

1. You can put any personal data in a parameter as long as it's not in the parameter list, it will be kept. This would even apply to an email address passed in plain text in a URL (for example: email=yesreply@badsender.com)
2. If a redirection exists between the url in the email and the final url, the list settings will be retained as long as the user/recipient does not use private browsing.

When you put it like that, protection is easy to circumvent for email marketers and their emailing solutions. The real target is clearly the big platforms (hello Meta and Google).

What impact does LTP really have on the tracking of links in your email campaigns?

As we have seen, the impact is very slight... for now. For the solutions that seem to be affected (Mailchimp, Marketo, HubSpot, etc.), the redirection used for link tracking means that the incriminated IDs are still transmitted.

This is certainly true when visitors come from email. But if you use these solutions to marketing automationIf you use Hubspot to build landing pages and forms, the impact is likely to be very real. For example, a user identified on your website who arrives on a Hubspot landing page will probably no longer be shown a form pre-filled with his or her data.

Nevertheless, very few platforms are affected, and these will be able to offer relatively easy workarounds. But let's not fool ourselves: in the other direction, Apple will also be able to evolve the parameters concerned and update its list.

But how far will they go?

Probably even further! But is that a bad thing?

In the system implemented by Apple (as with Apple Mail Privacy Protection for image caching), it's the user who is in control. If they really want to be tracked (which in the overwhelming majority of cases... they don't), they can always refuse to activate ALTP.

So yes, Apple will continue in this direction, and others will follow. For email marketing, LTP is currently limited in scope by link tracking redirection. But technically, there's absolutely nothing stopping Apple from going further and processing links after redirection.

The only limit they're unlikely to cross right away is to break the redirection itself in emails. Because then, the experience of millions of users would be affected. It would be experienced as a bug. And Apple can't afford that.

Data is important when it comes to marketing. But tracking prospects and customers is not the only way to communicate and market. Let's respect our customers' desire for privacy, and focus a little more on honesty and creativity.

Furthermore, the best way to identify your visitors is to provide them with added value in a "connected" area of your website. This way, after clicking on an e-mail, they'll arrive on a site already identified by a "first party" cookie. In this case, there's no need to track them constantly.

Relive Badsender's live presentation on the impact of Apple Link Tracking Protection on email marketing

In replay

Listen to the podcast here or on your listening platform

Sources and resources about Apple Link Tracking Protection

• Read Apple's press release on the subject here : https://www.apple.com/newsroom/2023/06/apple-announces-powerful-new-privacy-and-security-features/
• Marketers, what you need to know about iOS 17, LTP, and privacy trends by Peter Jakuš : https://medium.com/@peterjakus/marketers-what-do-you-need-to-know-about-ios-17-ltp-and-privacy-trends-6006e9f02bfe
• Apple's Link Tracking Protection: The Impact on Email & Other Channels by Sterling Shew and Chad S. White : https://blogs.oracle.com/marketingcloud/post/apples-link-tracking-protection-the-impact-on-email-other-channels
• iOS17 filtering click tracking links by Steve Atkins : https://wordtothewise.com/2023/06/ios17-filtering-click-tracking-links/
• Link Tracking and iOS 17: What marketers need to know by The Newsletter Newsletter : https://medium.com/@thenewsletternewsletter/link-tracking-and-ios-17-what-marketers-need-to-know-b117986e1ae0
• Link Tracking Protection in iOS 17 & macOS Sonoma: Important changes for marketers by Nicole Merlin : https://knak.com/blog/blog/link-tracking-updates-ios-17/