How Tracking Pixels Monitor Your Email, and How You Can Stop Them

Tracking Pixel Feature

You know that little “Do you want to send a read receipt?” message you get every now and then when you open an email? You might reasonably assume that if you don’t see that message you’re not sending anything back. That’s not necessarily true. Thanks to the magic of something called a tracking pixel (a tiny image embedded in HTML and/or JavaScript), just opening the email can tell the sender not only when you did it, but your IP address (and, therefore, your location), email client, and operating system.

Tracking Pixel Read Receipt Request

Tracking pixels have been around for quite a while now, both in emails and on webpages, and have periodically come under fire for being a very sneaky way to gather data, as the user is typically not informed that they’re sending any information. It’s not just companies, either: this technology is freely available for individuals to use, making it possible for anyone to find someone else’s location just by sending them an email with a clickbait subject line and a tracking pixel.

What are tracking pixels and how do they work?

A tracking pixel is just a 1×1 image pixel (like a GIF, JPEG, PNG, etc.) that is embedded in an email or webpage the same way that any other image would be, except it’s hidden. Pixels are already pretty tiny, but by making the image transparent, blending it with the background, or manipulating some code, you can make the tracking element essentially invisible. However, it is still an image, so when you open something with the tracking pixel in it, your browser or email client will send a request to whatever server the tracking pixel is stored on.

Tracking Pixels Pixel Graphic

When the server gets this request, it logs (at minimum) the time, date, and IP address of the device that requested the pixel. If it’s in an email, that log information can be used as an extra-detailed read receipt. If the pixel is on a webpage, it’ll fire your IP address (and possibly other behavioral information) back to whatever server it’s hosted on, where it will be used for traffic analytics and/or to help build a more detailed profile on you.

Tracking pixels in your email

Personal correspondence tracking is probably the most contentious application of tracking pixels, as it feels fairly creepy. Case in point: Superhuman, an email client startup, got some flak for building in an automatic tracking pixel system that told its users when and where their messages had been opened. They haven’t removed the feature, but did disable it by default and remove location data in response.

Tracking Pixel Supertracker Test

You don’t have to be a superhuman user to put a tracking pixel in your emails, though – a quick search will turn up plenty of services that will help you with your “marketing.”

Having personal correspondence tracked that way feels intrusive, sure, but marketing emails aren’t being used to stalk us or judge us for how long we wait to respond after opening a message. They’re mostly trying to optimize their communication strategies.

Are Windows or Mac users more likely to click through? Are your subject lines resonating with people in Wisconsin but flopping with Oregonians? If you’re trying to refine your email marketing (or find good spam targets), getting this kind of data from tracking pixels is honestly too good to pass up and companies probably aren’t going to stop.

If you’re not keen on getting spam, though, be aware that loading images (or even other HTML elements, honestly) in spam emails will probably fire a tracking pixel that notifies the spam server that you’re an active email user who clicks on spam. Your prize issue … more spam! Also, the spammers know where you live now.

Tracking pixels on the web

Learning that our emails are giving up information may be a bit of a shock, but we’ve come to assume that webpages are tracking us pretty much all the time, so this is less surprising. Tracking pixels are just one of many tracking methods that sites use in addition to cookies, and you can find them being used in a lot of popular analytics and ad targeting tools.

Tracking Pixel Facebook Pixel Code

The Facebook pixel, for example, allows sites to connect to Facebook advertising functionality by embedding a tracking pixel that fires visitors’ IP addresses and browsing activity back to Facebook, which can use that data to find your profile and serve you ads. They’re hardly the only company doing this, though. Pixel tracking is widespread among ad-targeting and analytics firms that specialize in collecting and brokering user data.

Can they be stopped?

Tracking Pixel Thunderbird Block Third Images

As far as email tracking goes, the main fix is to make sure your email client is set to ask before it loads external images. The catch is that you have to say no to all the images in the email, some of which you may actually want to see. If you want to go full nuclear, you can just disable HTML in your emails altogether. Some providers and clients allow you to do this, and there is something of a security/privacy argument to be made for plain-text emails.

Alternatively, if you use Gmail (and only Gmail), you can get Ugly Email or Pixelblock, which are Chrome extensions that detect and disable tracking in emails for you without blocking the other images.

On the web, things are more complicated. Web beacons are designed to be hard to find, and while privacy extensions like Ghostery and Privacy Badger can catch some of them, they probably won’t get them all. GDPR may require sites to ask your permission before tracking you, but compliance is scattered and varies by user region. In any case, some trackers are probably going to get through any screens you put up, so for truly private browsing you’ll need to go through, at minimum, a VPN and Tor.

Andrew Braun Andrew Braun

Andrew Braun is a lifelong tech enthusiast with a wide range of interests, including travel, economics, math, data analysis, fitness, and more. He is an advocate of cryptocurrencies and other decentralized technologies, and hopes to see new generations of innovation continue to outdo each other.


  1. “which are Chrome extensions”
    Are there extensions for other browsers? Chrome may be the most popular but it certainly is not the only browser. Or are you just biased towards Chrome?

    1. Good question–it looks like Ugly Email also has a version for Firefox, which you can find on their website (linked in the article) or the Firefox extensions library. It is still exclusively for use with Gmail, though.

      As far as Chrome bias goes, you caught me! I actually refuse to acknowledge the legitimacy of any other browser but Chrome. Vive la Google! :D

      Seriously, no; I’m not biased towards Chrome. I mostly use Firefox and Brave, though I’ve gone through Opera/Vivaldi phases. I generally try not to use Chrome for privacy reasons.

      1. Thanks for the tip about Ugly Mail for Firefox. (Even though it comes from a Google-lover :-))

  2. Like many articles, this one goes half-way. A complete article would show how to disable this on all the major e-mail suppliers (Gmail, Yahoo, AOL, etc.) and provide the names of other firms who supply software to do so.

    Article was interesting and somewhat informative, but does not present a range of solutions

    1. Unfortunately, there wasn’t room to cover that much in this article–since there’s interest, though, I may do a follow-up with screenshots detailing how to set email services to ask before loading external images, but that’s not a particularly hard thing to figure out on your own and some sites have already covered that. Not loading images is pretty much the only solution to this unless you’re using Gmail (Ugly Email/Pixelblock browser extensions, as mentioned above), but if you care about your privacy that much, you’re probably not using Gmail.

      As far as I know, there isn’t any consumer software available (aside from the Gmail/Chrome extensions) that can detect and remove/block tracking pixels, which is why I didn’t mention any. If you know of some I’d be interested to hear about it!

      1. Andrew I second that. You should be covering the solution as well. As if it wasn’t bad enough with all the targeted advertising now we have to worry about the moving pixels. What’s bext? Tracking eye movements while you browse your favorite video.

  3. I have long used Thunderbird as an email client and set it to text only.

    Many senders (especially my ISP) interpret requests for text only email as an invitation to send emails that consist solely of a message to click on their link to read the message. Worse, the links contain super long query strings so even if you use Tor, they know it’s you. Stripping the query strings results in an error message that states “missing string”.

    I now just delete all messages with html links. They are all spam anyway.

Comments are closed.