How to prevent yourself from being tracked by email

E-mail has evolved from text to richly formatted messages and images. Today, they are similar to web pages. This means that senders can embed tracking elements in the code to know what happens in the inbox of those who read them.

This allows you to track the movements of readers of requested or not (spam) newsletters. According to researchers at Princeton University, who analyzed about 1,000 marketing messages, 70% of the emails had ad crawlers.

How does it work?

They automatically download elements such as “invisible images” that inform the sender of the reader’s activities on that page/e-mail. They are able to transmit personal data (email address, for example) in the QueryString.

In these cases, the domain crawler query also revealed the IP address, from which the approximate location of the account owner could be determined.

What is a QueryString?

“The link consists of the host and content before the question mark (?), Followed by a string called query string, sent by the recipient. This data may contain hidden information for the purpose of collecting and monitoring data and may be saved in a cookie. ”

An email to be crawled needs to be written in HTML

Writing an email as if it were a Web page allows you to refer to an image of a remote server owned by the sender. When the email is opened, the remote server image is downloaded by sending you an HTTP request.

A spammer or marketer who chooses to send bulk messages can include a photo with a unique URL (assigned to emails or IDs) in each email so that they can reveal which recipients have opened their emails and which have not opened them.

The HTTP request, in addition to your IP, must also contain a user-agent header that provides a brief description of your browser and operating system. And reveals about:

Who opened the e-mail;
What time the email was opened;
Where it was opened;
What type of device it was opened in;

What is the benefit to those who send emails like that?

These features allow the creative agencies and senders of these emails to be more assertive. And tracking is extremely useful for so-called A/B tests. When they store cookies, they are able to make the browser “recognize” that it is the same user on other sites (outside the email).

This allows you to find out more information about the interests of users, and sell that information to advertisers or make use of it. That is why, when opening a message about discounts for a certain product, its promotions begin to chase you on the internet. There are basically two ways to track you by email:

send an email with a reading receipt;
send an email with an embedded image;

How to protect yourself from this?

Gmail users are the least “vulnerable” because Google scans all images and downloads them to their servers before passing them to the inbox. The company checks for suspicious content on the images.

These pre-Gmail checks increase image security because:

Senders may not use images to collect data from the computer or location;
Senders may not use the image to use cookies in their browser;
Gmail checks for malicious software already known on the uploaded images;

When Gmail considers a suspect sender or message, the images are not automatically displayed. You receive a notification asking if you want to see.

You can do this by forcing your inbox from your mail server to render as plain text or allowing it to render HTML without images.

How to prevent you from being tracked by email

Disable automatic download of images in your email;
Download only images from trusted senders and requested newsletters;
Use a VPN to hide your real IP address from advertisers;
Use privacy-focused browsers that do not require unsolicited downloads.

How to make Gmail ask before displaying images

In addition to protecting you, if your Internet connection is slow or you want to save mobile data, turn off the display of images. By default, when you receive an email with an image in Gmail, you automatically see it. Here’s how to disable it.