Apple Mail Privacy Protection (MPP), launched in iOS 15, pre-fetches email content through a proxy — generating open events for emails that were never read by a human. Systems that branch or score exclusively on open events are routing contacts based on machine-generated signals, not human intent. A contact's sequence may advance to the "engaged" branch because Apple's privacy proxy opened the email — no human action required. iso-25010:2011 functional-suitability.functional-correctness classifies this as a functional accuracy defect: the system computes engagement from unreliable inputs, producing systematically incorrect routing for a large portion of Apple Mail users.
Low because open-only engagement scoring produces incorrect branching for Apple Mail users without causing immediate data loss — the harm is gradual misdirection of sequence logic.
Weight engagement signals by reliability: replies and bookings are definitive human actions; clicks are reliable; opens require MPP adjustment before use in scoring or branching decisions.
const ENGAGEMENT_WEIGHTS = {
reply: 10, // Definitive — human authored
booking: 15, // Highest-intent signal
click: 5, // Reliable — human action
website_visit: 3, // Reliable if UTM-tracked
open: 1, // Unreliable — MPP generates false positives
} as const
function computeEngagementScore(events: EngagementEvent[]): number {
return events.reduce((sum, e) => sum + (ENGAGEMENT_WEIGHTS[e.type] ?? 0), 0)
}
For branching decisions, use clicks or replies as the threshold trigger — not opens alone. If opens must be used, apply a suppression window: ignore opens that arrive within 5 seconds of delivery (a proxy fingerprint) or that occur without any subsequent click.
ID: campaign-orchestration-sequencing.reply-engagement.multi-signal-engagement
Severity: low
What to look for: Check how engagement is measured for branching and lead scoring decisions. Due to Apple Mail Privacy Protection (MPP) and similar privacy features, email opens are no longer a reliable sole indicator of engagement — many opens are generated by mail proxies, not actual human readers. Look for whether the system combines multiple signals: email opens (with MPP caveat), link clicks (more reliable), replies (most reliable), website visits (via UTM or tracking), or calendar bookings. Red flags: using opens as the only engagement signal for branching decisions, treating every open as a human action with no MPP adjustment.
Pass criteria: Engagement decisions (branching, lead scoring) use multiple signals. At minimum, clicks and replies are weighted more heavily than opens. The codebase or documentation acknowledges MPP limitations. Enumerate all engagement signal types used and count them — at least 3 distinct signals must be weighted (e.g., open, click, reply). Report the ratio of signal types even on pass.
Fail criteria: All engagement logic uses email opens as the primary or sole signal, with no acknowledgment of MPP false-positives or weighting of more reliable signals. Using opens and clicks but treating them with equal weight does not count as pass if MPP is not addressed.
Skip (N/A) when: The system does not use engagement for branching or scoring decisions.
Detail on fail: "Engagement branches solely on open events — no click or reply signal used" or "Lead scoring increments score by 10 on every open event with no MPP adjustment or click/reply weighting"
Remediation: Weight engagement signals by reliability:
const ENGAGEMENT_WEIGHTS = {
reply: 10, // Most reliable — human action
click: 5, // Reliable — human action
open: 1, // Least reliable — MPP creates false positives
website_visit: 3, // Reliable if properly tracked
booking: 15, // Highest intent signal
}
function computeEngagementScore(events: EngagementEvent[]): number {
return events.reduce((sum, event) => sum + (ENGAGEMENT_WEIGHTS[event.type] ?? 0), 0)
}