Unfortunately, that’s often not how it happens. Many senders, including the U.S. government, do email tracking clumsily. Bad email tracking is ubiquitous, secretive, pervasive, and leaky. It can expose sensitive information to third parties and sometimes even others on your network. According to a comprehensive study from 2017, 70% of mailing list emails contain tracking resources. To make matters worse, around 30% of mailing list emails also leak your email address to third party trackers when you open them. And although it wasn’t mentioned in the paper, a quick survey we did of the same email dataset they used reveals that around 80% of these links were over insecure, unencrypted HTTP.
In addition, several of these third-party email tracking technologies will try to share and correlate your email address across different emails that you open, and even across different websites that you visit, further shaping your invisible online profile. And since people often access their email from different devices, email address leaks allow trackers (and often network observers) to correlate your identity across devices.
It doesn’t have to be that way. For users, there are usually ways to “opt out” of tracking within your email client of choice. For mail client developers, including a few simple features can help protect your users’ privacy by default. And if you’re at an organization that does perform tracking, you can take a proactive approach to respecting user privacy and consent. Here are some friendly suggestions to help make tracking less pervasive, less creepy, and less leaky…”