How many times a day do you check email? We know that web trackers snoop and stalk us when we surf, but the same could be said of email tracking. In fact, it’s much more intense than you likely realized according to “I never signed up for this! Privacy implications of email tracking” (pdf); the paper was written by Princeton University researchers Steven Englehardt, Jeffrey Han and Arvind Narayanan for the PETS 2018 (Proceedings on Privacy Enhancing Technologies).
The researchers called email tracking “pervasive” as 85% contained embedded third-party content; of those, 70% are the same ones that are involved in web tracking.
Review of this article
Privacy implicationsA pixel in the body of an email can give the opening time of the email to a third party. Many Mailing senders do not respect the email address privacy of the recipient. They use third parties services to track the email address. These third parties services can grow their own mailing list with the gathered email addresses.
To avoid that, do not load images in your email client. It is as simple as that. The pixel is a remote image. It is loaded and works only when images are loaded. The original article discusses of solution to load some images and not others.
Companies emails statisticsFor a company, this pixel is useful to evaluate the performance of an email marketing strategy. It can be legitimate to use it.
But guidelines must be respected. The pixel must be sent in https to protect request parameters (containing the email address). There must be the least amount of pixels loaded in the email body. These pixels must lead to only one destination, your analytics tool. It must be the same company that send the email and gather statistics, the email address being already known, it is not leaked out.
For instance, Limawi emails have one tracking pixel sent in https to our own private analytics tool without any external dependencies, Piwik.