Email marketers are tracking your every move, and you might not even know it
Why it matters to you
Think twice before you open your next email — it might contain tracking technologies that let marketers see your location, browsing history, and more.
In this day and age, no one’s a stranger to email. The world’s most popular form of peer-to-peer messaging reached new heights in 2015, when users sent and received a collective 205 billion emails. Its growth isn’t slowing down anytime soon — analysts at the Radicati Group project that email users will exchange as many as 246 billion messages in 2019.
But there’s a downside to email’s ubiquity, and it has to do with privacy. Increasingly, senders use web beacons — tracking objects in a web page or email — to collect information about the people who receive them.
One common tactic involves embedding one-by-one pixel images, called “clear GIFs,” in the footer, header, or attachments of a message, which forces web browsers to download the image from a web server. The server collects gobs of information in the process, including the date, the physical location of the device that opened it, the length of time the message was open, the number of times it was subsequently opened, the pages that were opened when the message was displayed, and even the people who’d been forwarded the message beforehand.
Folks who click on the links embedded in a marketer’s email — including (but not limited to) the “Unsubscribe” link in newsletters and mailing lists — are subject to much more invasive forms of tracking. One technique, canvas fingerprinting, uses a web script to instruct the browser to draw a unique, invisible image that can be used to track a person’s web history. Another called cookie syncing lets marketers share information they’ve discovered about people, and link together IDs they’ve created to identify their devices. And a third method — “super cookies” — uses persistent local files to build a picture of a person’s preferences.
As creepily voyeuristic as that sounds, online tracking, and mail tracking in particular, is a well-established practice that’s perfectly legal. Marketers aren’t required to disclose the use of tracking technologies, and email providers like Google even has a support page dedicated to guiding advertisers through the process. Email managers like Constant Contact, HubSpot, Yesware, Bananatag, Streak, and MailChimp compile tracking reports for paying customers. In recent years, employers, sales people, nonprofit organizations, bill collectors, and even publishers like The New York Times have adopted tracking to figure out the efficacy of mailing campaigns.
In a recent study, One More Company, an email technology startup, found that more than 40.6 percent of its client’s emails in 2017 were tracked, and that “conversational” emails — emails that fall outside the category of newsletters, marketing materials, and other ad campaigns — tripled in tracking from 5 percent in 2015 to 16 percent in 2017.
Marketers argue that email trackers actually help recipients because senders use the data to craft more relevant messages, but not everyone feels that way. A 2012 survey by researchers at the Berkeley Center for Law and Technology found a majority of Americans — 60 percent — do not want information collected about the websites they visit.
“[Marketers] are very creative,” Florian Seroussi, CEO of One More Company, told Digital Trends. “They fetch the data in a variety of ways. It’s very invasive.”
It’s not all that surprising, then, that the growth in email tracking has corresponded with a proliferation of new services to combat it. Some email providers have built-in settings that disable trackers. Gmail asks permission before displaying images in an email — clicking “no” prevents images, including invisible tracking pixels, from loading. Within the default Mail app on Apple’s iPhone and iPad, users can disable tracking images by toggling the “load remote images” option in the settings menu.
Desktop users have more tools at their disposal. PixelBlock, an extension for Google’s Chrome web browser, shows the number of tracking attempts and the source of the tracking widget for each message. Ugly Email, meanwhile, detects and highlight which messages in Gmail inboxes have tracking software embedded in them.
Others are more holistic. Senders, a service from One More Company, acts as a middleman between mail services and recipients. It intercepts emails as they arrive and uses algorithms to scan them for tracking code. After automatically scrubbing them of embeds, it forwards the “clean” message to the intended recipient’s inbox.
Anti-tracking tools like Senders have proven popular. The early success of Senders (formerly known as Trackbusters), which doesn’t require special software or a browser plugin, surprised even its creators.
“We expected 100 to 200 outside users at first,” Seroussi said. “Instead, we had 10,000 to 12,000. It’s a growing concern — people want minimal tracking. Tracking make them uncomfortable, and they think companies shouldn’t be doing it without a disclaimer.”
There isn’t much appetite at the federal level, unfortunately. A proposed federal “do not track” bill in 2015 failed to gain steam, and earlier this year, Republicans voted to repeal Federal Communications Commission (FCC) protections that prevented Internet providers from collecting, storing, and sharing customers’ behavioral information. For now, built-in settings and third-party tools are email users’ only recourse.
“All those email services aren’t going anywhere,” Seroussi said. “Email, unlike instant messaging apps like WhatsApp, is an open environment — if I send email to anyone in the world, they don’t need specific software to download it or see it. The volume of emails we get is only going to increase.”