Email tracking

Last updated May 09, 2024

Emailtracking is a method for monitoring whether the email message is read by the intended recipient.^[1] Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date when an email is received or opened, as well as the IP address of the recipient.

Email tracking is useful when the sender wants to know whether the intended recipient actually received the email or clicked the links. However, due to the nature of the technology, email tracking cannot be considered an absolutely accurate indicator that a message was opened or read by the recipient.

Most email marketing software provides tracking features, sometimes in aggregate (e.g., click-through rate), and sometimes on an individual basis.

Read-receipts

Some email applications, such as Microsoft Office Outlook and Mozilla Thunderbird, employ a read-receipt tracking mechanism. The sender selects the receipt request option prior to sending the message, and then upon sending, each recipient has the option of notifying the sender that the message was received or read by the recipient.

However, requesting a receipt does not guarantee that one will be received, for several reasons. Not all email applications or services support sending read receipts, and users can usually disable the functionality if they so wish. Those that do support it are not necessarily compatible with or capable of recognizing requests from a different email service or application. Generally, read receipts are only useful within an organization where all mail users are using the same email service and application.

Depending on the recipient's mail client and settings, they may be forced to click a notification button before they can move on with their work. Even though it is an opt-in process, a recipient might consider it inconvenient, discourteous, or invasive.

Read receipts are sent back to the sender's "inbox" as email messages, but the location may be changed depending on the software used and its configuration. Additional technical information, such as the sender's details, the email software they use, the IP addresses of the sender, and their email server is commonly available inside the headers of the read receipt.

The technical term for these is "MDN - Message Disposition Notifications",^[2] and they are requested by inserting one or more of the following lines into the email headers: "X-Confirm-Reading-To:"; "Disposition-Notification-To:"; or "Return-Receipt-To:".

Several email tracking services also feature real-time notifications, producing an on-screen pop-up whenever the sender's email has been opened.

Return-receipts

Another kind of receipt can be requested, which is called a DSN (delivery status notification), which is a request to the recipient's email server to send the sender a notification about the delivery of an email that the sender has just sent. The notification takes the form of an email, and will indicate whether the delivery succeeded, failed, or got delayed, and it will warn the sender if any email server involved was unable to give the sender a receipt. DSNs are requested at the time of sending by the sending application or server software (not inside the email or headers itself), and the sender can request to "Never" get any, to "Always" get one, or (which most software does by default) only to get a DSN if delivery fails (i.e.: not for success, delay, or relay DSNs). These failure DSNs are normally referred to as a "Bounce". Additionally, the sender can specify in their DSN request whether the sender wants their receipt to contain a full copy of their original email, or just a summary of what happened. In the SMTP protocol, DSNs are requested at the end of the RCPT TO: command (e.g.: RCPT TO:<> NOTIFY=SUCCESS, DELAY) and the MAIL FROM: command (e.g.: MAIL FROM:<> RET=HDRS).

Email marketing and tracking

Some email marketing tools include tracking as a feature. Such email tracking is usually accomplished using standard web tracking devices known as cookies and web beacons. When an email message is sent, if it is a graphical HTML message (not a plain text message) the email marketing system may embed a tiny, invisible tracking image (a single-pixel gif, sometimes called a web beacon) within the content of the message. When the recipient opens the message, the tracking image is referenced. When they click a link or open an attachment, another tracking code is activated. In each case a separate tracking event is recorded by the system. These response events accumulate over time in a database, enabling the email marketing software to report metrics such as open-rate and click-through rate. Email marketing users can view reports on both aggregate response statistics and individual response over time.

Such email tracking services are used by many companies, but are also available for individuals as subscription services, either web-based or integrated into email clients such as Microsoft Outlook or Gmail ^[3]

Email tracking services may also offer collations of tracked data, allowing users to analyze the statistics of their email performance.

Privacy issues

Email tracking is used by individuals and businesses including email marketers, help desks, spammers and phishers to verify that emails are actually read by recipients, that email addresses are valid, and that the content of emails has made it past spam filters.^[4] Such tracking can also reveal if emails get forwarded, but who emails get forwarded to are usually not noted.^{[ citation needed ]} About 24.7% of all emails track their recipients, but no more than half of the users are aware of being tracked.^[5] When used maliciously, it can be used to collect confidential information about businesses and individuals and to create more effective phishing schemes.

Common data that can be accessed from email tracking includes, but is not limited to, the IP address, client device properties (desktop or mobile, browser type and version), and a date/time stamp of when the email was read.^[6]

The tracking mechanisms employed are typically first-party cookies and web beacons.

HP email tracking scandal

In the U.S. Congressional Inquiry investigating the HP pretexting scandal it was revealed that HP security used an email tracking service called ReadNotify.com to investigate boardroom leaks.^[7] The California attorney general's office has said that this practice was not part of the pretexting charges. HP said they consider email tracking to be legitimate and will continue using it.^[8]

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are cypherpunk anonymous remailers, mixmaster anonymous remailers, and nym servers, among others, which differ in how they work, in the policies they adopt, and in the type of attack on the anonymity of e-mail they can resist. Remailing as discussed in this article applies to e-mails intended for particular recipients, not the general public. Anonymity in the latter case is more easily addressed by using any of several methods of anonymous publication.

Various anti-spam techniques are used to prevent email spam.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. Email marketing strategies commonly seek to achieve one or more of three primary objectives: build loyalty, trust, or brand awareness. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.

In email, a return receipt is an acknowledgment by the recipient's email client to the sender of receipt of an email message. What acknowledgment, if any, is sent by the recipient to the sender is dependent on the email software of the recipient.

Push technology, also known as server push, refers to a communication method, where the communication is initiated by a server rather than a client. This approach is different from the "pull" method where the communication is initiated by a client.

Variable envelope return path (VERP) is a technique used by some electronic mailing list software to enable automatic detection and removal of undeliverable e-mail addresses. It works by using a different return path for each recipient of a message.

Mobile marketing is a multi-channel online marketing technique focused at reaching a specific audience on their smartphones, feature phones, tablets, or any other related devices through websites, e-mail, SMS and MMS, social media, or mobile applications. Mobile marketing can provide customers with time and location sensitive, personalized information that promotes goods, services, appointment reminders and ideas. In a more theoretical manner, academic Andreas Kaplan defines mobile marketing as "any marketing activity conducted through a ubiquitous network to which consumers are constantly connected using a personal mobile device".

HTML email is the use of a subset of HTML to provide formatting and semantic markup capabilities in email that are not available with plain text: Text can be linked without displaying a URL, or breaking long URLs into multiple pieces. Text is wrapped to fit the width of the viewing window, rather than uniformly breaking each line at 78 characters. It allows in-line inclusion of images, tables, as well as diagrams or mathematical formulae as images, which are otherwise difficult to convey.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

A bounce address is an email address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MAIL FROM, 5321-FROM, return address, From_, Errors-to, etc. It is not uncommon for a single document to use several of these names.

<span class="mw-page-title-main">Gmail interface</span> Overview of the interface of Googles email service Gmail

The Gmail interface makes Gmail unique amongst webmail systems for several reasons. Most evident to users are its search-oriented features and means of managing e-mail in a "conversation view" that is similar to an Internet forum.

EmailTray is a lightweight email client for the Microsoft Windows operating system. EmailTray was developed by Internet Promotion Agency S.A., a software development d.

A web beacon is a technique used on web pages and email to unobtrusively allow checking that a user has accessed some content. Web beacons are typically used by third parties to monitor the activity of users at a website for the purpose of web analytics or page tagging. They can also be used for email tracking. When implemented using JavaScript, they may be called JavaScript tags. Web beacons are unseen HTML elements that track a webpage views. Upon the user revisiting the webpage, these beacons are connected to cookies established by the server, facilitating undisclosed user tracking.

A cold email is an unsolicited e-mail that is sent to a receiver without prior contact. It could also be defined as the email equivalent of cold calling. Cold emailing is a subset of email marketing and differs from transactional and warm emailing.

Spy pixels or tracker pixels are hyperlinks to remote image files in HTML email messages that have the effect of spying on the person reading the email if the image is downloaded. They are commonly embedded in the HTML of an email as small, imperceptible, transparent graphic files. Spy pixels are commonly used in marketing, and there are several countermeasures in place that aim to block email tracking pixels. However, there are few regulations in place that effectively guard against email tracking approaches.

References

↑ Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). ""I never signed up for this! Privacy implications of email tracking."". Proc. Priv. Enhancing Technol. 2018: 109–126. doi: 10.1515/popets-2018-0006 . S2CID 41532115.
↑ T. Hansen, Ed.; AT&T Laboratories; A. Melnikov, Ed.; Isode Ltd (February 2017). "RFC 8098 - Message Disposition Notification". IETF Data Tracker. Internet Engineer Task Force: 5.
↑ Gordon, Whitson (6 February 2013). "How to Track the Emails You Send (and Avoid Being Tracked Yourself)". lifehacker. Retrieved 24 March 2014.
↑ Xu, Haitao, Shuai Hao, Alparslan Sari, and Haining Wang. "Privacy risk assessment on email tracking". EEE INFOCOM 2018-IEEE Conference on Computer Communications.{{cite journal}}: CS1 maint: multiple names: authors list (link)
↑ Xu, Haitao; Hao, Shuai; Sari, Alparslan; Wang, Haining (2018). Privacy Risk Assessment on Email Tracking. IEEE INFOCOM 2018-IEEE Conference on Computer Communications. IEEE. pp. 2519–2527. doi:10.1109/infocom.2018.8486432.
↑ Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). "I never signed up for this! Privacy implications of email tracking". Proceedings on Privacy Enhancing Technologies. 2018 (1): 109–126. doi: 10.1515/popets-2018-0006 .
↑ Evers, Joris (29 September 2006). "How HP bugged e-mail". CNET. Retrieved 6 April 2016.
↑ McMillian, Robert (2006-10-09). Web Bugs Trained to Track Your E-Mail. PC World - Business Center, 9 October 2006.Retrieved from http://www.pcworld.com/article/id,127444-c,onlineprivacy/article.html%5B%5D.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). ""I never signed up for this! Privacy implications of email tracking."". Proc. Priv. Enhancing Technol. 2018: 109–126. doi: 10.1515/popets-2018-0006 . S2CID 41532115.

[2] T. Hansen, Ed.; AT&T Laboratories; A. Melnikov, Ed.; Isode Ltd (February 2017). "RFC 8098 - Message Disposition Notification". IETF Data Tracker. Internet Engineer Task Force: 5.

[:0-3] Gordon, Whitson (6 February 2013). "How to Track the Emails You Send (and Avoid Being Tracked Yourself)". lifehacker. Retrieved 24 March 2014.

[4] Xu, Haitao, Shuai Hao, Alparslan Sari, and Haining Wang. "Privacy risk assessment on email tracking". EEE INFOCOM 2018-IEEE Conference on Computer Communications.{{cite journal}}: CS1 maint: multiple names: authors list (link)

[5] Xu, Haitao; Hao, Shuai; Sari, Alparslan; Wang, Haining (2018). Privacy Risk Assessment on Email Tracking. IEEE INFOCOM 2018-IEEE Conference on Computer Communications. IEEE. pp. 2519–2527. doi:10.1109/infocom.2018.8486432.

[6] Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). "I never signed up for this! Privacy implications of email tracking". Proceedings on Privacy Enhancing Technologies. 2018 (1): 109–126. doi: 10.1515/popets-2018-0006 .

[7] Evers, Joris (29 September 2006). "How HP bugged e-mail". CNET. Retrieved 6 April 2016.

[8] McMillian, Robert (2006-10-09). Web Bugs Trained to Track Your E-Mail. PC World - Business Center, 9 October 2006.Retrieved from http://www.pcworld.com/article/id,127444-c,onlineprivacy/article.html%5B%5D.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]