Privacy and Larceny Are Impacting Your Newsletter's Stats

Bots are opening your email and clicking all of the links, but they have a good reason.

An AI-generated image of Jaron Lanier protecting your email.
Privacy and protection bots are clicking your email.

Your newsletter's open rate is almost certainly a lie. Oh, and the clicks are wrong, too. It is not your fault. You can blame privacy and larceny.

In the middle of 2024, many —if not most— of the email newsletter statistics reported via an email service provider are inaccurate or, more specifically, inflated.

This is changing, but for the moment, let's discuss the why.

Three R's Driving Privacy

The first big why is privacy. You see, real people (first R), regulations (second R), and rails (third 3) all have an interest in protecting personal privacy.

Real People

Privacy advocates have raised the alarm in recent years about how businesses, especially social media platforms, collect, share, and, frankly, abuse personal privacy.

Jaron Lanier, author of Ten Arguments for Deleting Your Social Media Accounts Right Now (2018), has asserted that social media platforms have used private behavioral data not only for ad targeting but also for behavioral modification. Those platforms are not just showing targeted ads. Instead, algorithms use what they know about folks to get them to want the products in those ads.

For the purposes of this article, it is enough to say that real people—the first R again—wanted to ensure the safety of their personal information (and their personal behavior).


For the next R, we have regulation. And, as I once said in a presentation: "Few things attract a bureaucrat faster than folks with an ax to grind. So, when real people feared for their real privacy, it led to regulation.

The most famous privacy regulation in recent years is the European Union's General Data Protection Regulation (GDPR). This hefty law has a lot to say about what sorts of personal information can be retained and used. What's more, it spawned other, similar regulations in many U.S. states. The California Consumer Protection Act (CCPA) is an example.

While this did not directly impact your email newsletter's lying statistics, we are getting pretty close.


In the privacy context, rails describe the software platforms that private information runs along like a train runs along tracks. Get it?

Seeking to comply with the GDPR and CCPA and prevent an outbreak of privacy-related alphabet soup, companies like Google, Apple, and others started to implement new privacy measures.

If you've heard about the end of third-party tracking cookies in browsers, you are already aware of some of the changes the rails are making.

Apple Mail Privacy Protection

The most notable example of rails impacting email is Apple Mail Privacy Protection (MPP).

MPP has been around since September 20, 2021, so it is not new. Nonetheless, loads of newsletter writers have no idea that it is impacting open rates.

MPP does a few things to protect an email recipient's privacy, including opening every email.

So basically, if you send a message to someone using the Apple Mail app, the MPP server will "open" the message often, dramatically inflating email open rates.

Twilio SendGrid estimated that 22.9% of Apple Mail opens are MPP in 2024. MPP was also responsible for 9.1% of Yahoo Mail Opens, 4.8% of Microsoft Outlook opens, and 4.6% of Gmail opens, again according to SendGrid.

It is common for 20% of a newsletter's reported opens to be non-human interactions from MPP or similar privacy protection solutions.

So, privacy impacts your newsletter's statistics, but it is not the only thing.


Spam emails are dangerous. Phishing scams, malware, and other malicious garbage try to steal money or cause harm.

Fortunately, email clients work hard to keep your inbox safe. This is good news, but those efforts also impact your email newsletter.

When you send a message, it goes to the receiving mail server. That server runs a scan looking for spam's ugly little earmarks.

If the server has even the slightest worry about the message, it "opens" the email and "clicks" any number of the links, following them to their respective destinations to ensure everything is safe.

These spam-fighting bots jack up open and click rates and can even give you poor feedback.

For example, imagine A/B testing two subject lines. One subject line has nine exclamation points, while the other uses more sensible punctuation. An email client will almost certainly open the exclamatory version since exclamation points are a powerful spam indicator. So, the bad subject line actually wins the A/B test, not because it is better, but because it is worse.

What To Do

Now that you know non-human interactions exist, you should do three things as an email newsletter creator.

  1. Try to understand the percentage of reported opens that come from bots. You can use a third-party tool like to track this.
  2. Monitor your domain's sending reputation.
  3. Be aware of how bot clicks impact things like sponsorships or the conversion rate for your own products.