ProtonBlog(new window)
Suscríbase mediante RSS
how to stop email trackers

How to stop email trackers from invading your privacy

Harry Bone(new window)

Compartir esta página

Around 50% of all emails contain trackers that spy on your email activity — over 160 billion messages sent every day. Here’s how they work and how to block them.

Working silently in the background, email trackers not only monitor how you respond to messages but can also be used to track you across the web. We explain how email trackers work, why they threaten your privacy, and the easiest way to stop them.

What is email tracking?
How do email trackers work?
Spy pixels
Tracking links
Why email trackers threaten your privacy
How to block email trackers
1. Get enhanced tracking protection
2. Hide your email with aliases
3. Turn off autoloading images
4. Get a browser extension
5. Use a VPN
Stop email trackers, protect your privacy

What is email tracking?

Email tracking is a form of digital surveillance that can monitor when, how, from where, and with what device you read emails. By inserting email trackers in newsletters and other marketing materials, companies may see whether you opened a message, details about your device, and even your location.

How do email trackers work?

There are two common types of email trackers: spy pixels and tracking links.

Spy pixels

Spy pixels, also known as tracking pixels, are tiny, single-pixel images that are inserted into an email.

When you open a message with a spy pixel, this transparent and usually invisible image is loaded from the source server, sending sensitive information back to the sender or the tracking database.

How email trackers work when you open an email

Spy pixels may collect the following information about your online activity:

  • Whether you opened an email and how many times
  • The date and time you opened it
  • What device and operating system you used to open it
  • Your internet service provider (ISP) and rough location inferred from your IP address(new window)

Some emails contain a single spy pixel to collect limited information for the sender, for example, to measure the email open rate for a marketing campaign. But others may contain several tracking pixels to send information to multiple third parties(new window).

Companies also try to track you with tracking links – URLs containing tracking parameters. Designed to track the effectiveness of marketing campaigns, tracking links can track your interactions with websites over time and between apps.

The most common tracking parameters are UTM (Urchin Tracking Module) parameters, which are supported natively by Google Analytics.

Here’s a breakdown of a link with typical UTM tracking parameters.

UTM parameters are often generic. But they can also be customized just for you, depending on the sender’s needs.

Ad and tech companies have also developed custom tracking parameters that aren’t always documented, making it hard to tell what information they collect. 

Clicking a tracking link in an email you receive can have a significant impact on your privacy because the advertiser already has your email address, which it can use to tie all your online activity together.

Why email trackers threaten your privacy

The threat email trackers pose to your privacy goes far beyond an individual sender knowing when you opened an email, as a Princeton study of spy pixels(new window) has shown.

First, by linking your email address, browser and device fingerprint(new window), and IP address with third-party tracking cookies, email trackers can be used to track your browsing activity across the web.

Second, as trackers can connect email addresses to your browsing histories and profiles, this “leads to further privacy breaches such as cross-device tracking and linking of online and offline activities”, as the Princeton research explains. For example, you could get ads from a store if you had the store’s loyalty card linked to your email address.

Third, emails may contain several trackers that send information to multiple third parties, not just an individual sender. Princeton researchers found that 70% of emails from mailing lists contain at least one tracker.(new window) One sample email analyzed sent tracking requests to 24 third parties, including major data brokers(new window).

Armed with this data, big tech companies, advertisers, governments, or even criminal attackers can build detailed profiles of you(new window) — all without your consent.

At Proton, we’ve found that almost 50% of all emails contain spy pixels(new window). Across the globe, that means over 166 billion emails are sent with trackers every day.

How to block email trackers

There are ways to block spy pixels, though they’re not all equally effective or convenient. Here’s how you can stop email trackers from spying on you:

1. Get enhanced tracking protection

The easiest way to stop email tracking is to use Proton Mail with enhanced tracking protection(new window).

Enhance tracking protection automatically blocks trackers by

  • Removing known spy pixels every time you receive an email
  • Preloading other remote images using a proxy with a generic IP address to hide your IP address and location
  • Caching images for a few days for faster, secure access
  •  “Cleaning” tracking links to remove known UTM or other tracking parameters

Proton Mail tells you when you open an email containing blocked trackers with this tracker icon. The number on the icon (9 in the example below) indicates the total number of trackers (spy pixels) blocked and links cleaned.

Shield icon showing the figure 9 with a tooltip showing 3 trackers blocked and 6 links cleaned

Click the shield icon to learn more about the blocked trackers and cleaned links. 

More details about the trackers blocked and links cleaned

Enhanced tracking protection is enabled by default on the Proton Mail web, iPhone, and iPad apps for all Proton Mail users.

Learn more about enhanced tracking protection

Get Proton Mail button

2. Hide your email with aliases

Another way to limit email tracking is to hide your email address. By using email aliases(new window), you can send and receive emails while protecting your personal email address from third-party tracking.

A good email aliasing service, like SimpleLogin by Proton(new window), allows you to create random email addresses for different services, keeping your real address private.

3. Turn off autoloading images

As spy pixels work by loading images, you can block them by stopping images from loading automatically.

Here’s how to stop autoloading images with popular email providers on the web. With most email services, you’ll also need to change the equivalent settings in any desktop or mobile apps you use.

Stop Gmail autoloading images

  1. Sign in to your account at mail.google.com(new window).
  2. Go to Settings → General → Images.
  3. Select Ask before displaying external images.

Stop Outlook.com autoloading images

  1. Sign in to your account at outlook.com(new window)
  2. Go to Settings → General → Images
  3. Select Always use the Outlook service to load images.

Stop Proton Mail autoloading images

  1. Sign in to your account at mail.proton.me(new window).
  2. Click Settings → All settings → Proton Mail → Email privacy
  3. Turn off Auto show remote images.

With Proton Mail, you don’t need to turn off autoloading images because it has enhanced tracking protection enabled by default on the Proton Mail web, iPhone, and iPad apps. Since you can view images without being spied on, remote images are autoloaded by default on these platforms.

4. Get a browser extension

If you use Gmail, you can use third-party extensions, like Ugly Email or PixelBlock, to block email trackers. But these are browser-based and only work with Gmail on the web.

Moreover, adding any third party to your email is always an extra privacy risk as you need to give them full access to your email.

5. Use a VPN

Finally, using a trusted virtual private network (VPN)(new window) like Proton VPN(new window) can help to beat email trackers. A VPN encrypts your internet traffic and hides your real IP address.

First, masking your IP address makes it more difficult for trackers to link your email activity with your identity.

Second, some good VPNs actively block some trackers. For example, Proton VPN’s NetShield Ad-blocker(new window) blocks connection attempts to servers hosting trackers and malware, including email trackers. But email-specific blockers, like Proton Mail’s enhanced tracking protection, will often be more effective as they’re focused on email.

Stop email trackers, protect your privacy

Spying on you silently in the background, email trackers are endemic and a pervasive threat to your privacy.

Some trackers may be relatively innocuous, like silent read receipts from companies to measure a single marketing campaign. Others are far more invasive, linking your email activity with your IP address, device details, and browsing history to track you across the web for surveillance-based advertising(new window).

While you may have checked a box next to a company’s privacy policy(new window), you never signed up to reveal intimate personal details about your life — information that can be shared and sold beyond your control.

At Proton, we’re working to give everyone the tools to stay secure and in control of their personal data at all times. That’s why we offer Proton Mail free with enhanced tracking protection.

Get Proton Mail for free

If you want to support our mission, sign up for a paid plan. Our Proton Unlimited plan includes 500 GB of encrypted storage, 15 addresses, and unlimited aliases to protect your email address. 

Stay secure!

Proteja sus correos electrónicos y su privacidad
Obtenga Proton Mail gratis

Artículos relacionados

en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
en
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
en
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
en
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
en
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage