There's a number sitting in your ESP dashboard right now that you probably trust more than you should. It's your open rate. And a meaningful chunk of it was generated by software that has never read a single word of your email.
This isn't a new problem, but it's a growing one - and the industry has been oddly reluctant to talk about it plainly. So let me try.
When a recipient's email client loads a tracking pixel, that registers as an open. The assumption baked into every ESP dashboard is that an email client loads the pixel because a human looked at the email. That assumption has been wrong for years, and it's getting more wrong with time.
Apple's Mail Privacy Protection - introduced in 2021 - is the most widely discussed culprit. MPP pre-fetches emails in the background, loading images and firing pixels before the recipient ever opens the app. Apple doesn't tell you this is happening. Your ESP dashboard just sees an open. So does your reporting. So does the A/B test you're running on subject lines.
But MPP is one source of noise among several. Corporate security gateways scan incoming emails and follow links to check for malicious content - generating click and open events in the process. Link pre-fetchers in various clients do the same. And then there are the bots: automated systems crawling email content for a range of purposes, most of which have nothing to do with the human who nominally received the message.
I don't have a clean industry-wide number for how much of reported engagement is non-human, because nobody does - it varies enormously by list composition, industry, and the proportion of recipients using MPP-enabled clients. What I can tell you is that for some senders we work with, the gap between reported opens and what we'd estimate as genuine human opens is 30 to 40 percent. For others it's smaller. I've never seen it be zero.
The practical consequences are worse than most people realize, because open rates don't just live in a dashboard - they drive decisions.
Deliverability warm-up schedules are often paced against engagement signals. If your warm-up tool sees strong opens from day one, it may accelerate faster than your actual human engagement justifies, creating a reputation signal that doesn't reflect real subscriber interest. Suppression logic - the rules that decide when to stop mailing inactive subscribers - fires on the same inflated numbers. You end up mailing people who haven't genuinely engaged in months because the bot-generated opens are keeping them off the suppression list. And A/B test conclusions, particularly on subject lines and preview text, can be completely inverted when one variant happens to trigger more pre-fetching behavior than another.
Not only that: sender reputation scoring at some mailbox providers incorporates engagement signals. The details of how are opaque, but the general principle - that high engagement correlates with good sending practice - means that artificially inflated engagement may be masking reputation problems that would otherwise surface earlier.
The response I hear most often when I raise this is something like: "Sure, but doesn't it affect everyone equally? So the relative picture is still accurate." And I'd agree with that, partially, if the inflation were uniform. It isn't. MPP adoption varies by client. Bot behavior varies by industry and list source. A B2B list with a lot of corporate security gateways will have a very different NHI profile than a B2C consumer newsletter. Comparing your open rates against industry benchmarks - or against your own historical data from before MPP - is genuinely misleading.
The first step is to stop treating raw open rates as a reliable primary metric for anything other than rough directional trends. They're still useful for spotting obvious deliverability problems - a sudden drop that can't be explained by NHI is a real signal. But as a measure of content resonance, subject line effectiveness, or list health, they need to be supplemented with something cleaner.
Click-to-open rates are more resistant to NHI inflation, particularly if your links aren't being pre-fetched - though that's not guaranteed. Conversion tracking - actual actions taken after the email - is more reliable still. Reply rates, for campaigns where a reply is a natural response, are hard to fake.
The more ambitious approach is filtering NHI events at the infrastructure level, before they reach your analytics at all. This is what our Bot Detection API does - it identifies non-human interactions at the event level based on behavioral signals that distinguish automated activity from genuine human engagement, and flags them so you can exclude them from reporting, suppression logic, and A/B test analysis.
I'll be direct about the short-term experience of doing this: your numbers will get worse. Open rates will drop, sometimes significantly. If you're reporting to stakeholders who are used to seeing a certain figure, that conversation will be uncomfortable. But you'll be looking at something that more accurately reflects what's actually happening - and the decisions you make on accurate data will be better than the ones you were making before.
Bots move on after they've scanned your email. Your subscribers either read it or they didn't. The only question worth answering is which is which.