Email tracking
Email tracking is a method for monitoring whether the email message is read by the intended recipient.[1] Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date when an email is received or opened, as well as the IP address of the recipient.
Email tracking is useful when the sender wants to know whether the intended recipient actually received the email or clicked the links. However, due to the nature of the technology, email tracking cannot be considered an absolutely accurate indicator that a message was opened or read by the recipient.
Most email marketing software provides tracking features, sometimes in aggregate (e.g., click-through rate), and sometimes on an individual basis.
Read-receipts
Some email applications, such as Microsoft Office Outlook and Mozilla Thunderbird, employ a read-receipt tracking mechanism. The sender selects the receipt request option prior to sending the message, and then upon sending, each recipient has the option of notifying the sender that the message was received or read by the recipient.
However, requesting a receipt does not guarantee that one will be received, for several reasons. Not all email applications or services support sending read receipts, and users can usually disable the functionality if they so wish. Those that do support it are not necessarily compatible with or capable of recognizing requests from a different email service or application. Generally, read receipts are only useful within an organization where all mail users are using the same email service and application.
Depending on the recipient's mail client and settings, they may be forced to click a notification button before they can move on with their work. Even though it is an opt-in process, a recipient might consider it inconvenient, discourteous, or invasive.
Read receipts are sent back to the sender's "inbox" as email messages, but the location may be changed depending on the software used and its configuration. Additional technical information, such as the sender's details, the email software they use, the IP addresses of the sender, and their email server is commonly available inside the headers of the read receipt.
The technical term for these is "MDN - Message Disposition Notifications",[2] and they are requested by inserting one or more of the following lines into the email headers: "X-Confirm-Reading-To:"; "Disposition-Notification-To:"; or "Return-Receipt-To:".
Several email tracking services also feature real-time notifications, producing an on-screen pop-up whenever the sender's email has been opened.
Return-receipts
Another kind of receipt can be requested, which is called a DSN (delivery status notification), which is a request to the recipient's email server to send the sender a notification about the delivery of an email that the sender has just sent. The notification takes the form of an email, and will indicate whether the delivery succeeded, failed, or got delayed, and it will warn the sender if any email server involved was unable to give the sender a receipt. DSNs are requested at the time of sending by the sending application or server software (not inside the email or headers itself), and the sender can request to "Never" get any, to "Always" get one, or (which most software does by default) only to get a DSN if delivery fails (i.e.: not for success, delay, or relay DSNs). These failure DSNs are normally referred to as a "Bounce". Additionally, the sender can specify in their DSN request whether the sender wants their receipt to contain a full copy of their original email, or just a summary of what happened. In the SMTP protocol, DSNs are requested at the end of the RCPT TO: command (e.g.: RCPT TO:<> NOTIFY=SUCCESS, DELAY) and the MAIL FROM: command (e.g.: MAIL FROM:<> RET=HDRS).
Email marketing and tracking
Some email marketing tools include tracking as a feature. Such email tracking is usually accomplished using standard web tracking devices known as cookies and web beacons. When an email message is sent, if it is a graphical HTML message (not a plain text message) the email marketing system may embed a tiny, invisible tracking image (a single-pixel gif, sometimes called a web beacon) within the content of the message. When the recipient opens the message, the tracking image is referenced. When they click a link or open an attachment, another tracking code is activated. In each case a separate tracking event is recorded by the system. These response events accumulate over time in a database, enabling the email marketing software to report metrics such as open-rate and click-through rate. Email marketing users can view reports on both aggregate response statistics and individual response over time.
Such email tracking services are used by many companies, but are also available for individuals as subscription services, either web-based or integrated into email clients such as Microsoft Outlook or Gmail [3]
Email tracking services may also offer collations of tracked data, allowing users to analyze the statistics of their email performance.
Privacy issues
Email tracking is used by individuals including email marketers, spammers and phishers to verify that emails are actually read by recipients, that email addresses are valid, and that the content of emails has made it past spam filters.[4] Such tracking can also reveal if emails get forwarded, but who emails get forwarded to are usually not noted. About 24.7% of all emails track their recipients, but no more than half of the users are aware of being tracked.[5] When used maliciously, it can be used to collect confidential information about businesses and individuals and to create more effective phishing schemes.
Common data that can be accessed from email tracking includes, but is not limited to, the IP address, client device properties (desktop or mobile, browser type and version), and a date/time stamp of when the email was read.[6]
The tracking mechanisms employed are typically first-party cookies and web beacons.
HP email tracking scandal
In the U.S. Congressional Inquiry investigating the HP pretexting scandal it was revealed that HP security used an email tracking service called ReadNotify.com to investigate boardroom leaks.[7] The California attorney general's office has said that this practice was not part of the pretexting charges. HP said they consider email tracking to be legitimate and will continue using it.[8]
See also
- Email privacy
- Spy pixel
- Document automation in supply chain management & logistics
- Bounce message
References
- Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). ""I never signed up for this! Privacy implications of email tracking."". Proc. Priv. Enhancing Technol. 2018: 109–126. doi:10.1515/popets-2018-0006. S2CID 41532115.
- T. Hansen, Ed.; AT&T Laboratories; A. Melnikov, Ed.; Isode Ltd (February 2017). "RFC 8098 - Message Disposition Notification". IETF Data Tracker. Internet Engineer Task Force: 5.
- Gordon, Whitson (6 February 2013). "How to Track the Emails You Send (and Avoid Being Tracked Yourself)". lifehacker. Retrieved 24 March 2014.
- Xu, Haitao, Shuai Hao, Alparslan Sari, and Haining Wang. "Privacy risk assessment on email tracking". EEE INFOCOM 2018-IEEE Conference on Computer Communications.
{{cite journal}}
: CS1 maint: multiple names: authors list (link) - Xu, Haitao; Hao, Shuai; Sari, Alparslan; Wang, Haining (2018). Privacy Risk Assessment on Email Tracking. IEEE INFOCOM 2018-IEEE Conference on Computer Communications. IEEE. pp. 2519–2527. doi:10.1109/infocom.2018.8486432.
- Englehardt, Steven; Han, Jeffrey; Narayanan, Arvind (2018). "I never signed up for this! Privacy implications of email tracking". Proceedings on Privacy Enhancing Technologies. 2018 (1): 109–126. doi:10.1515/popets-2018-0006.
- Evers, Joris (29 September 2006). "How HP bugged e-mail". CNET. Retrieved 6 April 2016.
- McMillian, Robert (2006-10-09). Web Bugs Trained to Track Your E-Mail. PC World - Business Center, 9 October 2006.Retrieved from http://www.pcworld.com/article/id,127444-c,onlineprivacy/article.html.