A subset of subscribers want to receive emails but don't want to be tracked. GDPR-focused clients get this request formally. Other subscribers express it informally - "I'll read your emails, just stop watching everything I do."
SFMC supports this natively with the DoNotTrack attribute. The subscriber gets emails; SFMC doesn't record opens or clicks for them.
How DoNotTrack works
Every subscriber record in All Subscribers has a DoNotTrack attribute - boolean, defaults to false.
Set to true for a subscriber, and:
- Emails still send as normal
- Open events not recorded for this subscriber
- Click events not recorded
- Subscriber still appears in Sent but no Opens or Clicks
From the subscriber's perspective: they get email. From your tracking perspective: they're invisible in engagement reports.
Setting DoNotTrack
Three ways:
Manual: All Subscribers > find subscriber > edit > toggle DoNotTrack.
Automation: SQL Query Activity updating the flag based on criteria (e.g., "all subscribers who requested DoNotTrack via our Preference Center this week").
API: Set via SFMC REST/SOAP API from an external system (e.g., the client's GDPR consent management system).
The automation path scales. Manual doesn't.
Pattern: Preference Center with DoNotTrack toggle
Complete setup:
1. Preference Center page includes checkbox:
"I'd like to receive emails but prefer not to be tracked"
2. Submission updates a "PrivacyPreference" DE with the subscriber's choice.
3. Scheduled Automation (hourly):
-> SQL Query: for every subscriber flagged in PrivacyPreference DE,
set DoNotTrack = true in All Subscribers
4. Confirm update visible in All Subscribers within the hour.
Subscriber controls their own tracking preference; automation keeps All Subscribers in sync.
When DoNotTrack matters
- GDPR jurisdictions: some interpretations require DoNotTrack option
- Healthcare (HIPAA contexts): sensitive audiences
- Fintech: often stricter privacy expectations
- B2B with legal/compliance professionals: audience sophisticated about tracking, more likely to request
For these clients, building DoNotTrack into the Preference Center is mandatory, not optional.
What DoNotTrack doesn't do
- Doesn't stop sending - subscriber still receives email
- Doesn't prevent deliverability tracking - bounces still recorded (needed for sender reputation)
- Doesn't affect unsubscribe tracking - if they unsubscribe, that still records (compliance requirement)
- Doesn't apply retroactively - tracking already recorded stays in Data Views
For "full removal of all my data," that's a separate GDPR/CCPA process - right-to-erasure workflow, not just DoNotTrack.
Reporting impact
When DoNotTrack is active for a subset of your audience:
- Open rate and click rate slightly underreport true engagement
- The effect is larger for the subscribers with DoNotTrack; smaller for everyone else
- Sent count and delivery rate unaffected
- Complaint rate unaffected (complaints always recorded)
For most accounts, DoNotTrack population is small (<2% of subscribers) and the reporting effect is minor. Worth flagging in client reports only if the population is materially larger.
Mistake 1: Not building a path for subscribers to opt in
DoNotTrack attribute exists but there's no mechanism for subscribers to request it. Feature is useless without a customer-facing toggle.
Fix: build into Preference Center from the start. Let subscribers self-service.
Mistake 2: Batch-updating DoNotTrack = true for everyone
Client mishears a privacy briefing and flips DoNotTrack to true for their entire list. Tracking goes dark across the account. Engagement reporting breaks.
Fix: individual opt-in only. Never bulk-flip.
Mistake 3: Assuming DoNotTrack = unsubscribe
Support team confuses the two. Subscriber requests DoNotTrack; support marks them Unsubscribed. Subscriber stops receiving emails they wanted.
Fix: clear distinction in team training. DoNotTrack = receive email, no tracking. Unsubscribe = receive nothing.
DoNotTrack and Journey Builder
Journeys that use engagement-based branching (Engagement Split, Scoring Split) behave predictably with DoNotTrack:
- Subscribers with DoNotTrack = true won't have engagement data → typically route to "no engagement" branch
- This may not be what you want - they received the email but didn't click-track
Workaround: for journeys where this matters, add a pre-filter excluding DoNotTrack subscribers, so they don't enter the engagement-dependent logic. They still get the email via a separate send.
Compromise: they receive, they aren't scored, they can't be routed by engagement.
Takeaway
DoNotTrack is the middle ground between full tracking and full unsubscribe. Particularly relevant for GDPR and privacy-sensitive industries. Build into Preference Center from the start for self-service; never bulk-apply. The reporting effect is typically small; the trust gain for privacy-sensitive audiences is significant.
Building privacy-compliant SFMC implementations? Our Salesforce team designs consent management and tracking preferences matched to client's regulatory context on production engagements. Get in touch ->
See our full platform services for the stack we cover.
Top comments (0)