One Thing To Do Today: Turn off image loading for email

Let’s do something super simple today. Turn off default image loading in your email client or settings. HTML emails can conceal tiny little tracking images. The act of opening the email loads the image which informs the server it’s loading from:

  • That you opened the email.
  • The time you opened the email.
  • The IP address you opened it from, potentially traceable to a physical location.
  • The amount of time between that image loading and any click through behavior on your part.
  • The type of computer and software that loaded it (Safari bowser, Outlook, etc)
  • Whether you “deleted it, forwarded it, printed it

This information will be collected every time the same email gets loaded. So if that’s done from work, home, a phone, etc. that represents a lot of location and behavior information adding up in the databases of bulk email analytics providers with contracts across multiple clients and industries.

Screen shot of HTML source code
Tiny image reference that tells the email sender that I’ve loaded the image, from where, and at what time.

Let’s use me as case in point. Checking out the source code of an email from the local garden center chain revels an image set to rendered as 1 pixel wide by 1 pixel high. The super long hexadecimal number set identifies that it was me that loaded it. That’s a heck of a spacer gif. Notice also the image isn’t being sent to my email client via HTTPs. That’s incredibly rude.

Email marketers go to a lot of trouble to get the most from their campaigns. They want to know what subject lines convince people to open the emails.  What offers get the most click throughs? What time of day are people checking their email? How long after it gets sent will people see the message? They are tuning their behavior to game yours.  Sales people can be informed that an email was recently opened and move to call “while the pitch is fresh.”

As if sales motivations weren’t annoying enough, company HR departments use these techniques to track employee engagement on internal communications as well. (Why don’t you read the newsletter, Janice? That’s a star off your performance review…)

Some folks I admire and trust have turned to email newsletters. TinyLetter seems to be the service of choice, and their privacy policy is the same doozy as everyone else. MailChimp corporate has quite the profile on me. Let me tell ya.

In my career I’ve used email campaign software several times and I found the metrics very helpful. As a result, some of this tracking I’ve manually opted-in to because I thought I was choosing to support the newsletter author. After writing this article I’m going to re-opt out. I’ve been reminded that the data these services collect does not get encrypted and reserved for the exclusive use of those authors.

Let’s put the people I’ve actually invited into my inbox aside for a moment because the bigger threat comes from SPAM and other unsolicited emails, filled to the gills with invisible trackers. If I open one by mistake I don’t want it getting back to the mothership that they’ve got a live one. No thank you.

Moving a bit into what might feel like tinfoil hat territory, but another reminder email itself is not a secure protocol. I don’t check the source of every email I receive. If there is no cryptographic checksum, who knows what’s showing up from even trusted senders. Image loading turned off by default helps avoid surprises.

Compared to some of the other things we’ve done, this might seem like a tiny little act. The tiny little acts matter. Right now the average consumer has been compressed to the bottom of the information food chain. Turning off auto image loading takes back just a bit more personal dignity. Don’t give up a drop of that for free.

 

 

carlyn

I make things that do stuff. The best, though, is teaching others to do the same. Founder of @crashspacela Alum of @ITP_NYU

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.