Your Email Strategy May Blow Up Sooner Than You Think

Does an email still count as first-party data if you never know who the email belongs to, or whether it belongs to anyone at all?

And what happens as email obfuscation becomes an “enabled by default” feature of consumer devices and web browsers?

Just when everyone thought email might be a refuge from cookies and MAIDs, consumer tech companies like Apple are doing their best to ensure that email doesn’t become another tracking vector.

First-party Data ≈ Email

Contemporary buy-side digital marketing and sell-side publishing strategies emphasize first-party data, largely centered around email. Put simply, the mantra is: “get as many consumer email sign-ups as you can.”

All things being equal, this is probably a good strategy for the present day. Direct or deterministic channels and tactics continue to gain ground versus broadcast, and as user-level IDs such as cookies and MAIDs continue to evaporate, email is a next best alternative “connective tissue.”

Emails are also an asset that brands and publishers — currently in a power struggle with major tech platforms — can own and control. This notion of ownership and control is important, because the current presumption that an email record can be “owned” by, say, a brand or a publisher may soon be flipped on its head.

Apple and other tech companies are pioneering new features that may turn email into a Schrödinger-esque mind game where email addresses are unilaterally purpose-limited by the consumer.

“I’ll Have Your People Talk to My People”

Apple and other tech companies are pioneering new features that may turn email into a Schrödinger-esque mind game where email addresses are unilaterally purpose-limited by the consumer; where the email record held by a brand or a publisher (or a walled garden) is little more than a pointer to somewhere…or to nowhere.

Specifically, those features are:

  • Email address obfuscation and masking—Apple’s Hide My Email allows Apple users to fill out email sign-up fields with randomly generated “burner” emails like ‘blue126_cat@icloud.com’ which then forward to the user’s genuine email address without divulging the genuine email address. Users can easily disable the Hide My Email address without having to request an unsubscribe or account deletion. Firefox Relay is another example of a browser-based email masking solution.
  • IP address masking—Email clients (including Apple’s) can hide the recipient’s IP address by transmitting all pixels and images through a proxy server or VPN.
  • Pixel blocking—Email clients block pixels and other mechanisms senders might use to track email opens.

Like Giving Out a Fake Number

Burner emails undermine the concept of addressability and take a great deal of agency away from the email record holder/sender. Consumers will only be reachable via email to the degree they wish to be. With the power of Hide My Email (or similar feature), many consumers probably won’t bother forwarding the randomly generated emails to themselves. I know that’s exactly what I would do: it would be like handing out a fake number at a bar to get someone to go away.

So core metrics like email list size, unsub rate, and open rate all become less meaningful.

Hash and Burn

Aside from screwing up everyone’s newsletter and email list strategy, Hide My Email-esque burner emails really mess with ad tech that uses HEMs (Hashed E-Mails…it’s a weird acronym even for adtech) as a tool for post-cookie/-MAID ad addressability and measurement. HEMs rely on email as a persistent, unique identifier that can work across potentially all logged-in contexts. The core principle is this: myles@fakeemail.com the Walmart customer is the same person as myles@fakeemail.com the WSJ reader, and so forth.

But what if I’m a Hide My Email user?

Walmart thinks I’m rate89_quiet@icloud.com and WSJ thinks I’m infrastructure315_publicity@icloud.com. In this case, there’s no way for publishers, walled gardens, DSPs, or ID graphs to know that both those emails resolve to me.

Email Privacy by Default

Many will say, “But email privacy features have been around for years!”

That’s correct, but never before has a consumer tech behemoth like Apple made these features native and default. For example, as Apple customers upgrade to iOS 15, they are prompted the next time they open the Mail app whether they want to enable Mail Privacy Protection. I checked this myself. Apple might as well simplify the second choice to say “Allow creepy snooping.”

Some predict that Apple may turn on Private Relay (which masks IP address) by default with iOS 16. What happens if and when Apple either makes Hide My Email even easier to use or enabled by default?

And then what happens when other consumer tech companies (Google, for one) update their features and defaults to keep up with privacy pioneers like Apple? From a messaging and feature standpoint, it’s hard to argue that “less privacy is good” once Apple has turned privacy into a heavily-publicized selling point and turnkey feature.

Lastly, why would a consumer ever *stop* using such features once they got into the habit of it? Why ever give out your real email address to any company ever again?

My genuine email address and identity have stayed with me, the zero-party (the data subject). In other words: my email has traveled zero steps from my personal control.

I’m Gonna Say It: Email Might Become Zero-party Data

Does a burner email captured by a brand or publisher still count as first-party data? In my opinion: not really.

Let’s say I supply rate89_quiet@icloud.com as a burner email during a sign-up process. Let’s list out what the brand/publisher has truly acquired and ask ourselves whether any of it counts as “first-party data:”

  • A pointer (burner email) to someone who remains unknown
  • A pointer that may be de-linked at any time
  • An email record that can’t be deterministically linked to any other consumer record

I, the consumer, have not revealed anything! My genuine email address and identity have stayed with me, the zero-party (the data subject). In other words: my email has traveled zero steps from my personal control. I can revoke the data at any time by unilaterally de-linking the burner email from my side.

If a brand or publisher sends me an email, they have no way of knowing whether it was ever received or viewed. I suppose the sender could estimate a probability of receipt, but it’s no longer deterministically knowable whether a sent email has reached a recipient (who will remain anonymous in any case). This is where I think it gets Schrödinger-esque and where I think much of the ad industry misses the point on what “zero-party data” will actually turn out to be and why the concept has genuine importance.

I know there are lots of “gotchas” and exceptions to everything I’ve suggested here, but I hope this has been a useful perspective in understanding the factors that email strategy and first-party data strategy will have to account for both now and in a future that may be coming faster than many of us think.