DoNotTrack in SFMC: Respecting Privacy Without Unsubscribing

A subset of subscribers want to receive emails but don't want to be tracked. GDPR-focused clients get this request formally. Other subscribers express it informally - "I'll read your emails, just stop watching everything I do."

SFMC supports this natively with the DoNotTrack attribute. The subscriber gets emails; SFMC doesn't record opens or clicks for them.

How DoNotTrack works

Every subscriber record in All Subscribers has a DoNotTrack attribute - boolean, defaults to false.

Set to true for a subscriber, and:

• Emails still send as normal
• Open events not recorded for this subscriber
• Click events not recorded
• Subscriber still appears in Sent but no Opens or Clicks

From the subscriber's perspective: they get email. From your tracking perspective: they're invisible in engagement reports.

Setting DoNotTrack

Three ways:

Manual: All Subscribers > find subscriber > edit > toggle DoNotTrack.

Automation: SQL Query Activity updating the flag based on criteria (e.g., "all subscribers who requested DoNotTrack via our Preference Center this week").

API: Set via SFMC REST/SOAP API from an external system (e.g., the client's GDPR consent management system).

The automation path scales. Manual doesn't.

Pattern: Preference Center with DoNotTrack toggle

Complete setup:

Subscriber controls their own tracking preference; automation keeps All Subscribers in sync.

When DoNotTrack matters

• GDPR jurisdictions: some interpretations require DoNotTrack option
• Healthcare (HIPAA contexts): sensitive audiences
• Fintech: often stricter privacy expectations
• B2B with legal/compliance professionals: audience sophisticated about tracking, more likely to request

For these clients, building DoNotTrack into the Preference Center is mandatory, not optional.

What DoNotTrack doesn't do

• Doesn't stop sending - subscriber still receives email
• Doesn't prevent deliverability tracking - bounces still recorded (needed for sender reputation)
• Doesn't affect unsubscribe tracking - if they unsubscribe, that still records (compliance requirement)
• Doesn't apply retroactively - tracking already recorded stays in Data Views

For "full removal of all my data," that's a separate GDPR/CCPA process - right-to-erasure workflow, not just DoNotTrack.

Reporting impact

When DoNotTrack is active for a subset of your audience:

• Open rate and click rate slightly underreport true engagement
• The effect is larger for the subscribers with DoNotTrack; smaller for everyone else
• Sent count and delivery rate unaffected
• Complaint rate unaffected (complaints always recorded)

For most accounts, DoNotTrack population is small (<2% of subscribers) and the reporting effect is minor. Worth flagging in client reports only if the population is materially larger.

Mistake 1: Not building a path for subscribers to opt in

DoNotTrack attribute exists but there's no mechanism for subscribers to request it. Feature is useless without a customer-facing toggle.

Fix: build into Preference Center from the start. Let subscribers self-service.

Mistake 2: Batch-updating DoNotTrack = true for everyone

Client mishears a privacy briefing and flips DoNotTrack to true for their entire list. Tracking goes dark across the account. Engagement reporting breaks.

Fix: individual opt-in only. Never bulk-flip.

Mistake 3: Assuming DoNotTrack = unsubscribe

Support team confuses the two. Subscriber requests DoNotTrack; support marks them Unsubscribed. Subscriber stops receiving emails they wanted.

Fix: clear distinction in team training. DoNotTrack = receive email, no tracking. Unsubscribe = receive nothing.

DoNotTrack and Journey Builder

Journeys that use engagement-based branching (Engagement Split, Scoring Split) behave predictably with DoNotTrack:

• Subscribers with DoNotTrack = true won't have engagement data → typically route to "no engagement" branch
• This may not be what you want - they received the email but didn't click-track

Workaround: for journeys where this matters, add a pre-filter excluding DoNotTrack subscribers, so they don't enter the engagement-dependent logic. They still get the email via a separate send.

Compromise: they receive, they aren't scored, they can't be routed by engagement.

Takeaway

DoNotTrack is the middle ground between full tracking and full unsubscribe. Particularly relevant for GDPR and privacy-sensitive industries. Build into Preference Center from the start for self-service; never bulk-apply. The reporting effect is typically small; the trust gain for privacy-sensitive audiences is significant.

---

Building privacy-compliant SFMC implementations? Our Salesforce team designs consent management and tracking preferences matched to client's regulatory context on production engagements. Get in touch ->

See our full platform services for the stack we cover.