Trackers in Your Inbox: Criticizing Current Email Tracking Practices

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12703)


Email is among the cornerstones of our online lives. It has evolved from carrying text-only messages to delivering well-designed HTML contents. The uptake of web protocols into email, however, has facilitated the migration of web tracking techniques into email ecosystem. While recent privacy regulations have impacted the web tracking technologies, they have not directly influenced the email tracking techniques. In this short paper, we analyze a corpus of 5216 emails, give an overview of the identified tracking techniques, and argue that the existing email tracking methods do not comply with privacy regulations.


Email tracking Third party tracking Privacy regulations 



We would like to thank Pierre Dewitte for his insightful comments during the early stages of this research, as well as Max Maass and PrivacyMail ( for their willingness to share data related to this study.


  1. 1.
    Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 674–689. ACM (2014).
  2. 2.
    Anderson, R., Moore, T.: The economics of information security. Science 314, 610 (2006). Scholar
  3. 3.
    Bender, B., Fabian, B., Haupt, J., Lessmann, S., Neumann, T., Thim, C.: Track and treat - usage of e-mail tracking for newsletter individualization. In: Twenty-Sixth European Conference on Information Systems (ECIS2018), Portsmouth, UK, June 2018Google Scholar
  4. 4.
    Bender, B., Fabian, B., Lessmann, S., Haupt, J.: E-mail tracking: status quo and novel countermeasures. In: Proceedings of the thirty-seventh international conference on information systems (ICIS), Dublin, Ireland, December 2016Google Scholar
  5. 5.
  6. 6.
    Coursen, S.: Solving the problem of html mail (2002). Accessed 02 Feb 2021
  7. 7.
    Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., Weippl, E.: Measuring cookies and web privacy in a post-GDPR world. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 258–270. Springer, Cham (2019). Scholar
  8. 8.
    Dimova, Y., Acar, G., Olejnik, L., Joosen, W., Van Goethem, T.: The cname of the game: Large-scale analysis of dns-based tracking evasion. In: Proceedings on Privacy Enhancing Technologies (2021).
  9. 9.
    Englehardt, S., Han, J., Narayanan, A.: I never signed up for this! Privacy implications of email tracking. Proc. Priv. Enhanci. Technol. 2018(1), 109–126 (2018)CrossRefGoogle Scholar
  10. 10.
    Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1388–1401 (2016).
  11. 11.
    Epsilon: The way the cookie data crumbles: People-based profiles vs. cookie-based solutions (2019). Accessed 15 Dec 2020
  12. 12.
    Europol: Internet Organised Crime Threat Assessment (IOCTA) 2020. European Union Agencyfor Law Enforcement Cooperation (Europol) (2020)Google Scholar
  13. 13.
    Fabian, B., Bender, B., Weimann, L.: E-mail tracking in online marketing - methods, detection, and usage. In: 12th International Conference on Wirtschaftsinformatik, March 2015Google Scholar
  14. 14. Can-spam act: a compliance guide for business. Accessed 17 Feb 2021
  15. 15.
    Haupt, J., Bender, B., Fabian, B., Lessmann, S.: Robust identification of email tracking: a machine learning approach. Eur. J. Oper. Res. 271(1), 341–356 (2018). Scholar
  16. 16.
    Isaac, M., Lohr, S.: service faces backlash over a widespread practice: selling user data (2017). Accessed 15 Dec 2020
  17. 17.
    Kalantari, S.: Open about open rate? In: IFIP International Summer School on Privacy and Identity Management. Springer, Cham (2021, to appear)Google Scholar
  18. 18.
    Klaviyo Help Center: How to set up dedicated click tracking. Accessed 20 Feb 2021
  19. 19.
    Klaviyo Help Center: Smart send time in klaviyo (2021). Accessed 21 Feb 2021
  20. 20.
    Lefrere, V., Warberg, L., Cheyre, C., Marotta, V., Acquisti, A.: The impact of the GDPR on content providers. In: The 2020 Workshop on the Economics of Information Security (2020).
  21. 21.
    LiveIntent: Overview of custom audiences (2020). Accessed 15 Dec 2020
  22. 22.
    Maass, M., Schwär, S., Hollick, M.: Towards transparency in email tracking. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 18–27. Springer, Cham (2019). Scholar
  23. 23.
    MailChimp: Insights from mailchimp’s send time optimization system (2014). Accessed 20 Feb 2021
  24. 24.
    Masinter, L.: The “data” URL scheme. Internet Requests for Comments, August 1998.
  25. 25.
    Müller, J., Brinkmann, M., Poddebniak, D., Schinzel, S., Schwenk, J.: What’s up Johnny? - covert content attacks on email end-to-end encryption. In: 17th International Conference on Applied Cryptography and Network Security (ACNS 2019), pp. 1–18 (2019)Google Scholar
  26. 26.
    One More Company: State of email with 1.5 billion emails processed (2017).
  27. 27.
    Poddebniak, D., et al.: Efail: breaking S/MIME and openPGP email encryption using exfiltration channels. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 549–566. USENIX Association, Baltimore, August 2018.
  28. 28.
    Roberts, C.: Announcing send time optimization (2017). Accessed 20 Feb 2021
  29. 29.
    Storm, D.: The hidden privacy hazards of HTML email (2000). Accessed 01 Feb 2021
  30. 30.
    The Tor Project: Towards a tor-safe mozilla thunderbird reducing application-level privacy leaks in thunderbird, July 2011. Accessed 02 Feb 2020
  31. 31.
  32. 32.
    Xu, H., Hao, S., Sari, A., Wang, H.: Privacy risk assessment on email tracking. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, pp. 2519–2527, April 2018.

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.imec-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations