privacy
Reporting is an important part of DMARC. It provides valuable feedback from mailbox providers to help you identify any problems with authentication of your legitimate emails, and allows you to monitor for fraudulent email misuse of your domain name. But lots of people set up DMARC without understanding the reporting component — I myself have been guilty of simply routing DMARC reports (which tend to comprise a low volume if emails containing XML-formatted data attachments) to a folder or mailbox to review them “someday.” And if that day ever comes, I figure it would be good to understand what I’m looking at as far as the two different types of DMARC reporting — and why, ultimately, RUA (aggregate) reporting is all I (and you) should rely on. When creating a “reporting address” for your DMARC record, you might notice that there are two different “reporting” fields in the DMARC record
If I had a dollar for every time somebody asked me about Apple iOS 17’s new Link Tracking Protection, I’d have at least 32 dollars! And that’s more than enough to buy a cheeseburger at the Newark airport, if I skip the scotch! But seriously, I wrote up everything I know about the latest Apple email/ link/ proxy/ privacy-related changes and I’ve published it over on the Kickbox blog. Check it out.
Time to clarify a bit of confusion that I know people are having with Apple’s private/hiding methodology for email privacy: Private Relay versus Private Relay versus Hide my Email.Apple’s got a couple ways that they let an end subscriber hide their email address from an email sender, while still allowing communication to go through. Let’s review them.1. Apple Private Relay — let’s get this one out of the way first. Apple Private Relay can relate to both email sending and web browsing. On the web browsing side, Private Relay, a feature that comes with the paid iCloud+ service, “hides your IP address and browsing activity in Safari and protects your unencrypted internet traffic so that no one — including Apple — can see both who you are and what sites you’re visiting. Learn more about that here. TL;DR? This particular bit doesn’t have anything to do with email. 2. “Hide My Email”
Here, find quick links to everything I can find relating to the upcoming Apple privacy changes. Remember what we learned from MPP — meaning that exactly when and how the functionality launches is still TBD, exactly what this impacts could change over time, and that this will not be the end of the world. Stay tuned as I’m sure there will be more to write and to learn about this functionality as we move forward torward final public release (and then after).iOS17 filtering click tracking links (Steve Atkins, Word to the Wise)Link Tracking Protection in iOS 17 & macOS Sonoma: Important changes for marketers (Nicole Merlin, Knak)Marketers, what you need to know about iOS 17, LTP, and privacy trends (Peter Jakus, Bloomreach Engagement)The Scoop on iOS 17 and Link Tracking (Scott Desgrosseilliers, Wicked Reports)Bonus: Are you wondering this functionality would be enabled or disabled by users? See “How to automatically
Peter Jakuš, Product Manager for omnichannel marketing automation platform Bloomreach Engagement has put together even more useful information on the upcoming iOS17 privacy protections that will modify links. Great details and examples. Thanks for sharing, Peter!
When I recently mentioned that new Apple privacy changes were coming in iOS17, it was nigh impossible to share exactly what was coming, as I did not have the opportunity to test it myself — and even if any of us tests it, it could end up working differently when the final version of Apple’s latest mobile operating system is finally released, later this year. So, I didn’t have much to share. Thankfully, somebody has to come to the rescue.Steve Atkins of Word to the Wise has done a most excellent job of exploring exactly how automatic removal of click-tracking parameters works in the current iOS17 beta. It is most definitely worth a read, to better understand how things are probably going to work in iOS17. Do keep in mind, functionality could still be subject to change. Even with that limitation, this is still great research and kudos to Steve
I’ve heard quite a bit of concern about what iOS 17’s automatic removal of click-tracking parameters means, but less discussion of what it actually does. Broadly it’s Apple trying to improve user-privacy by making it harder to do cross-site tracking at scale. Cross-site tracking is the basis of a lot of privacy-violating tracking technologies, and tracking parameters added to links evade Safari’s technologies that mitigate tracking via cross-site cookies or other forms of session storage. (As partial compensation, Apple is supporting Private Click Measurement. That’ll allow ad click measurements without sending PII to the advertisers.) But, what does it actually mean? I’ve not seen much in the way of documentation, so I built a test harness, installed an iOS 17 developer beta on a spare iPad and looked at what it does. The test setup is very, very simple. I have a custom webserver that accepts clicks and logs the
When Apple’s iOS 17 and MacOS Sonoma come to the public later this fall, there will be new privacy improvements, as there always are. This time around, Apple’s looking to block some tracking methodology by stripping various parameters from URLs.Will it strip parameters from email messages received in Apple Mail? Will the parameters stripped include UTM codes, the common tracking mechanism marketers use to identify traffic sources in certain scenarios? If they do, that’d have a significant impact on marketers. This was my fear at first, what if they block this relatively harmless tracking mechanism (that doesn’t tend to identify individuals).Right now, though, it looks like UTMs might be safe? And Apple’s apparently not going to strip out parameters from links in email messages — the focus instead is apparently on removing excess variables from URLs when copying them from Safari or Apple Mail for sharing with others.I think.This is
Back in 2021 I blogged about DuckDuckGo announcing their new privacy-focused duck.com email service. Fast forward to now and it appears as though the service is now open to all. Yay?
Previously I’ve talked about the affirmative consent standard found in the US federal anti-spam law (CAN-SPAM). I’ve found it very useful test when trying to understand if a process is appropriately opt-in our not. Wondering if GDPR has something similar? It does.For various reasons, the UK and the EU have slightly differing versions of GDPR, but the UK’s Information Commissioner’s Office provides us with a pretty good guide for email marketing permission standards, and I think it’s a good starting point to learn about opt-in requirements EU-wide.The ICO explains that “Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions.”Opt-in is key — see “What methods can we use to obtain consent?” for more details. No pre-checked box, not hidden in terms and conditions, and make it easy to understand.The handy website GDPR.eu, put together by Proton AG