惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
Cisco Talos Blog
Cisco Talos Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
V2EX
博客园 - 三生石上(FineUI控件)
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
D
Docker
S
SegmentFault 最新的问题
博客园 - 聂微东
美团技术团队
Apple Machine Learning Research
Apple Machine Learning Research
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Last Week in AI
Last Week in AI
M
MIT News - Artificial intelligence
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
GbyAI
GbyAI
L
LangChain Blog
Vercel News
Vercel News
博客园 - 叶小钗
MongoDB | Blog
MongoDB | Blog
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
Engineering at Meta
Engineering at Meta
T
Threat Research - Cisco Blogs
T
Threatpost
Scott Helme
Scott Helme
T
Tailwind CSS Blog
Latest news
Latest news
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
The Register - Security
The Register - Security
罗磊的独立博客
P
Proofpoint News Feed
腾讯CDC
S
Schneier on Security
雷峰网
雷峰网
A
About on SuperTechFans
T
Tenable Blog
F
Full Disclosure
Cyberwarzone
Cyberwarzone
博客园_首页
有赞技术团队
有赞技术团队
K
Kaspersky official blog

文章列表

Compulsive curiosity, or, how I built an infinite idea machine Gift details on the subscriber portal Portal link in the archive nav The physicists who convinced Fermilab to send Brazil's emails First, add no friction: How micropayments lost and subscriptions won Filter subscribers and automations by source Automations, rebuilt What email will look like in the future Filter subscribers by bounce date and reason Email could have been X.400 times better Three features are moving behind the paywall Firewall changes and improvements Put your name and voice into your company newsletter Simplified email address settings Subscription wall Inboxes were overwhelming before we'd even named them The US government tried really hard to screw up email Public postmortem: database connection exhaustion Ask a nerd: what is the best way to unsubscribe from newsletters? Bookshop.org embeds Email was into agents before they were cool Passwordless login Rename metadata keys in bulk A spring cleaning for our legal docs Ask a nerd: what happens when you click the spam button? Passkey support for two-factor authentication How Buttondown's API versioning works Safer defaults for the email creation API How to send email to space How we enabled Content Security Policy for everyone Recovery codes for two-factor authentication Filter sent emails by engagement rate How we migrated to TypeIDs without breaking clients How we check every link in your email Use newsletter metadata in your emails Should we bring back email exploders? Sort and filter by open and click rates Custom click tracking domains More newsletter settings in the API Revamped replies Custom email templates for everyone Simplified cancellation Ask a Nerd: Does email length affect deliverability? The changelog, reborn Swedish localization Forwarding an email is not always straightforward Public descriptions for tags OpenAPI spec for archives How Rodrigo brings a humanistic view to consumer technology Subscribers can come from anywhere. Even another newsletter platform's form. Survey responses on the web How Brandon Lucas Green shares his music and supports artists Your newsletter's archives are more valuable than your list Better tag self-management Smarter automation filters Granular API keys Snippets New design settings pages Ask A Nerd: How does newsletter cadence affect deliverability? Starred views More ways to customize your archives Inbox filtering Mastodon follower analytics Ask a Nerd: What are good open, click, and response rates for an email newsletter? How we migrated our database to PlanetScale Two new archive themes Custom buttons now work in Markdown mode Ask a Nerd: Does attaching files to your newsletter hurt deliverability? Seline and Tinylytics support Unban subscribers Announcement bars for your archives Bang paths, source routing, and how email trips were planned Public postmortem: archive downtime 2025 disposables.app Russian localization Ask a Nerd: Can you improve email deliverability with a personal domain? More locale options How we interview customers at Buttondown Bluesky analytics Reply to conversations Minimum viable complexity How Jeffery Hicks goes behind-the-scenes in his newsletter Changes to our stack in 2025 2026: Emails TK reminders in the editor What the hell is a UTM? Randomize survey answer order Why we insourced analytics Scroll sync in the editor 2026: Archives How Jamie Thingelstad uses Buttondown to explore tech topics How Kelly Jensen uses Buttondown to discuss key library issues Keeping feature creep at bay Improved filters Content Security Policy in archives Open source Sniperl.ink Auto-activating RSS reader subscriptions What the hell is ActivityPub? How Igor Ranc built Berlin's largest expat tech newsletter
How email tracking works behind the scenes
Justin Duke · 2025-06-13 · via

Phone numbers leak more info than you might expect. They tell, based on country and area code, where the caller’s located—or at least where their phone number was registered. The caller’s name is likely to pop up on caller ID, and their carrier may be discoverable with a quick lookup. One could infer that the caller is awake and available at the time of the call. And if the callee answers, one can also infer that they are available—that they heard the call, saw the info, and decided to still take the time to talk.

When Caller ID was first introduced, the idea that you could know who was calling you was controversial.

“Caller ID poses invasion of privacy,” shouted the Chicago Tribune’s headline in 1990. “Ever since Alexander Graham Bell invented the telephone in 1876, there has been an expectation of privacy,” the piece argued (forgetting, apparently, the original human operators who originally connected phone calls, and the party lines that made eavesdropping all-too easy). “The contrivance of new technology cannot change that expectation. And a person should not be forced to give it up.”

Then came email.

I sent an email, and all I got was this referer data

Email itself is innocuous enough. An email address shares no more data than a phone number; at most you could guess the email address owner’s name and learn their workplace, educational institution, personal site, or preferred tech company from the domain.

Plain text is all that email requires. “The body of a message is simply lines of US-ASCII characters,” reads the RFC that defines email. Stick to that, and when you send an email you’ll only know if the message didn’t bounce. You’ll know nothing else about the person you emailed and if they ever read your message.

But something in us wants to know, wonders if an email still makes a “You’ve got mail!” sound if it falls in the digital forest and no one is there to hear it. “We just want people to get back to us,” as Stephanie Dubick wrote after digging into email tracking. “We want to be connected.” It feels nice to know someone opened your email, better still that they opened it repeatedly.

And that urge brings out the worse angels of our nature.

Email tracking centers around the simplest of things: Images. With first web mail apps like Hotmail (neé HoTMaiL, for HTML), HTML started creeping into messages, first as a way to add formatting and images, soon enough as a way to turn emails into tiny websites (something Google would later try to advance with AMP).

Emails were meant to be small, needed to be small on the era’s dial-up connections. With HTML, you didn’t need to send the whole image in an email. You could just link to the image, and load it from the server. Who wouldn’t want to make your emails more beautiful?

And then someone—a marketer, surely—realized that downloading the image gave insights into what happened to that email you’d sent. Whenever someone opened your email, they’d ping your server to download the image. Boom: Now you know that your email was received and read.

A tracking pixel can learn a lot about recipients—or not much at all, if the data’s proxied or faked, as Gmail does to protect privacy

Along with that ping, the email sender would get HTTP referer data (fun fact: a misspelling that became tech jargon), the same data servers get whenever someone clicks a link on a webpage. The time and date, the IP address with its general location data, even the recipient’s internet company. Their operating system, web browser, and even default language. With CSS to load different images for light or dark mode, senders can divine which mode the recipient uses. A similar bit of CSS could load yet another image if the email was printed, or if the image was in a quoted portion of a message (suggesting it was forwarded). With lazy loading (supported, today, in Apple Mail, Thunderbird, Samsung Email, and Hey), they’d even know how far down the email a reader scrolled (and, with timestamps, how long they spent reading).

Every time the email’s opened, the image gets loaded again—suggesting that a reader was interested enough in the message to check it multiple times. Or if it was opened from a new location, especially in a quoted portion of an email, it just might have been sent to another person.

The same data was sent, regardless of image size. So you could include a nice photo to illustrate your email, and gain the benefits of extra data about readers at the same time. Or you could be a bit more sneaky, embed a tiny, 1x1 pixel transparent image, and gain the same data without readers ever suspecting anything.

Web bugs, they were called at first. Tracking bugs. Spy pixels. Tracking pixels. The idea was the same. And by 1999, they’d sparked the same privacy concerns that caller ID had raised a decade prior.

To bug or not to bug

“Are the use of Web Bugs unethical?” asked an FAQ published by the EFF on November 11, 1999.

It’s a question that’s been debated ever since. Superhuman reopened the debate in 2019, with what it called “read statuses” turned on by default. Only these weren’t the traditional opt-in read receipts, but instead were tracking pixels that told you if a recipient opened your email, and where they were when they did so.

It didn’t feel fair, to recipients. As Fred argued in his Surveilled newsletter, “it’s the recipient’s privacy that gets violated, and they don’t derive a whole lot of convenience from the surveillance Superhuman subjects them to, nor did they even agree to trade away their privacy in the first place.” Or as Mike Davidson put it: “You, the sender, do not get to decide how I, the receiver, respond to you.”

The EFF’s Richard Smith agreed. “Clearly Web Bugs are controversial. Because they allow people to be monitored, when they don't expect it, they certainly can be very upsetting. For example, most people will likely be troubled to learn that an outsider is tracking when they read Email.”

Brett Glass in PC Mag had landed on a similar take, two decades earlier, for tracking pixels in both websites and emails. “A Web bug contributes nothing to your web browsing experience; the only reason it’s there is so that a server can follow your browsing activities. But a Web bug can’t do any snooping that can’t be done via visible images. It’s just sneakier and therefore more suspicious.”

It’s not so much that people are never ok with sharing their data, otherwise they wouldn’t sign up for newsletters or use the web in the first place. It’s the sneakiness that stings.

Worse, tracking sneakily is illegal, in a growing number of jurisdictions. GDPR, for example, requires that EU recipients are informed of and consent to receiving tracking pixels. Recipients can always opt out, by disabling HTML messages or disabling remote images in their email app—technically adapt recipients, at any rate—but the EU wants tracking pixels, instead, to be opt-in.

Learning to let go of the email data

Most email services today either load images by proxy or block them—your choice

And, increasingly, the data’s just not worth collecting. First, there’s the risk that by tracking data, your email could get put in Gmail’s promotions tab or, worse, marked as spam. A well-written plain-text email is most likely to land in your recipient’s inbox. A more salesy message with HTML formatting and, worse, an obvious tracking pixel has much worse odds.

“If other users using the same or similar tracking pixel are spamming, you are inheriting their bad inbox placement,” suggested one sales person in a forum, who found their deliverability rate improved drastically after removing a tracking pixel. Obviously not a guarantee; plenty of tracked emails get through just fine. But when you’re starting out, every little bit in your favor counts.

And even if you decide the risk is worth it, the data you receive may be more than useless. Plenty of apps like Outlook refrain from loading images by default; someone could read your email, without ever opening the tracking image. Others, including Gmail and Apple Mail, pre-load images—making emails load instantly for readers, but also making the image data useless to senders as every email appears to have been opened.

Gmail goes to the next level. Send a tracking pixel to a Gmail or Google Workspace address, and Google will load the image from a random server with a fake configuration. I tested it out while writing. The first tracking pixel I sent was loaded instantly in Mountain View by a Google LLC, running ... Edge on Windows 10. The next tracking pixel got picked up by another Google Server in Mason City, Iowa that claimed to be running Windows XP. All the while, I sat at home in neither location, opening the email on my phone.

Sure, tracking pixels will still get some data. You could filter out Gmail recipients and learn a bit from the others. But the value of that data is rapidly depreciating—making it even less worth annoying your readers.

That, among other reasons, is why Buttondown keeps tracking off by default. And why, if you do enable tracking, Buttondown lets your recipients opt out of tracking on their own.

The best email analytics is a reply, anyhow, and when you learn to let go of the open data, you might have to try harder to write in a way that’ll strike up conversation. That’s a worthwhile pursuit. Every reply will feel so much better than the tiny dopamine (or cortisol, if the numbers are bad) spike you get from seeing your email open stats.

Choose what you want to do with remote images

Speaking of, if you want to keep others from learning when you open their emails, you can block others’ tracking pixels (and other images) in your email app:

It’s your inbox, your mail to read in private. No reason to let a bug watch over your shoulder, if you don’t want to.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。