Skip to main content
SpringerLink
Log in

Trackers in Your Inbox: Criticizing Current Email Tracking Practices

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12703))

Included in the following conference series:

  • 863 Accesses

Abstract

Email is among the cornerstones of our online lives. It has evolved from carrying text-only messages to delivering well-designed HTML contents. The uptake of web protocols into email, however, has facilitated the migration of web tracking techniques into email ecosystem. While recent privacy regulations have impacted the web tracking technologies, they have not directly influenced the email tracking techniques. In this short paper, we analyze a corpus of 5216 emails, give an overview of the identified tracking techniques, and argue that the existing email tracking methods do not comply with privacy regulations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.zerobounce.net/.

  2. 2.

    https://www.salesforce.com/.

  3. 3.

    https://analytics.withgoogle.com/.

  4. 4.

    https://privacymail.info/.

  5. 5.

    https://www.klaviyo.com/.

  6. 6.

    https://www.selligent.com.

  7. 7.

    The URL structure was detected based on the answer provided in Stackoverflow at https://stackoverflow.com/questions/33002037/which-email-software-is-used-optiext-optiextension-dll-in-url.

  8. 8.

    https://amp.dev/about/email/.

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 674–689. ACM (2014). https://doi.org/10.1145/2660267.2660347

  2. Anderson, R., Moore, T.: The economics of information security. Science 314, 610 (2006). https://doi.org/10.1126/science.1130992

    Article  Google Scholar 

  3. Bender, B., Fabian, B., Haupt, J., Lessmann, S., Neumann, T., Thim, C.: Track and treat - usage of e-mail tracking for newsletter individualization. In: Twenty-Sixth European Conference on Information Systems (ECIS2018), Portsmouth, UK, June 2018

    Google Scholar 

  4. Bender, B., Fabian, B., Lessmann, S., Haupt, J.: E-mail tracking: status quo and novel countermeasures. In: Proceedings of the thirty-seventh international conference on information systems (ICIS), Dublin, Ireland, December 2016

    Google Scholar 

  5. Conversant: Five building blocks of identity management. https://www.conversantmedia.com/hubfs/US%20Conversant/IMAGE%20ILLUSTRATIONS%20and%20VIDEOs/Resource-center-assets/PDFs/Five_Keys_to_Identity_Resolution_24Apr2019.pdf. Accessed 15 Dec 2020

  6. Coursen, S.: Solving the problem of html mail (2002). https://www.securityfocus.com/columnists/58. Accessed 02 Feb 2021

  7. Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., Weippl, E.: Measuring cookies and web privacy in a post-GDPR world. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 258–270. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15986-3_17

    Chapter  Google Scholar 

  8. Dimova, Y., Acar, G., Olejnik, L., Joosen, W., Van Goethem, T.: The cname of the game: Large-scale analysis of dns-based tracking evasion. In: Proceedings on Privacy Enhancing Technologies (2021). https://arxiv.org/pdf/2102.09301

  9. Englehardt, S., Han, J., Narayanan, A.: I never signed up for this! Privacy implications of email tracking. Proc. Priv. Enhanci. Technol. 2018(1), 109–126 (2018)

    Article  Google Scholar 

  10. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1388–1401 (2016). https://doi.org/10.1145/2976749.2978313

  11. Epsilon: The way the cookie data crumbles: People-based profiles vs. cookie-based solutions (2019). https://www.epsilon.com/hubfs/Cookie%20Crumbles.pdf. Accessed 15 Dec 2020

  12. Europol: Internet Organised Crime Threat Assessment (IOCTA) 2020. European Union Agencyfor Law Enforcement Cooperation (Europol) (2020)

    Google Scholar 

  13. Fabian, B., Bender, B., Weimann, L.: E-mail tracking in online marketing - methods, detection, and usage. In: 12th International Conference on Wirtschaftsinformatik, March 2015

    Google Scholar 

  14. FTC.gov: Can-spam act: a compliance guide for business. https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business. Accessed 17 Feb 2021

  15. Haupt, J., Bender, B., Fabian, B., Lessmann, S.: Robust identification of email tracking: a machine learning approach. Eur. J. Oper. Res. 271(1), 341–356 (2018). https://doi.org/10.1016/j.ejor.2018.05.018

    Article  Google Scholar 

  16. Isaac, M., Lohr, S.: Unroll.me service faces backlash over a widespread practice: selling user data (2017). https://nyti.ms/2pYH0Eb. Accessed 15 Dec 2020

  17. Kalantari, S.: Open about open rate? In: IFIP International Summer School on Privacy and Identity Management. Springer, Cham (2021, to appear)

    Google Scholar 

  18. Klaviyo Help Center: How to set up dedicated click tracking. https://help.klaviyo.com/hc/en-us/articles/360001550572-Setting-Up-Dedicated-Click-Tracking. Accessed 20 Feb 2021

  19. Klaviyo Help Center: Smart send time in klaviyo (2021). https://help.klaviyo.com/hc/en-us/articles/360029794371-Smart-Send-Time-in-Klaviyo. Accessed 21 Feb 2021

  20. Lefrere, V., Warberg, L., Cheyre, C., Marotta, V., Acquisti, A.: The impact of the GDPR on content providers. In: The 2020 Workshop on the Economics of Information Security (2020). https://weis2020.econinfosec.org/wp-content/uploads/sites/8/2020/06/weis20-final43.pdf

  21. LiveIntent: Overview of custom audiences (2020). https://support.liveintent.com/hc/en-us/articles/204889644-Overview-of-Custom-Audiences. Accessed 15 Dec 2020

  22. Maass, M., Schwär, S., Hollick, M.: Towards transparency in email tracking. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 18–27. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21752-5_2

    Chapter  Google Scholar 

  23. MailChimp: Insights from mailchimp’s send time optimization system (2014). https://mailchimp.com/resources/insights-from-mailchimps-send-time-optimization-system/. Accessed 20 Feb 2021

  24. Masinter, L.: The “data” URL scheme. Internet Requests for Comments, August 1998. https://tools.ietf.org/html/rfc2397

  25. Müller, J., Brinkmann, M., Poddebniak, D., Schinzel, S., Schwenk, J.: What’s up Johnny? - covert content attacks on email end-to-end encryption. In: 17th International Conference on Applied Cryptography and Network Security (ACNS 2019), pp. 1–18 (2019)

    Google Scholar 

  26. One More Company: State of email with 1.5 billion emails processed (2017). https://evercontact.com/special/email-tracking.html

  27. Poddebniak, D., et al.: Efail: breaking S/MIME and openPGP email encryption using exfiltration channels. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 549–566. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak

  28. Roberts, C.: Announcing send time optimization (2017). https://www.campaignmonitor.com/blog/new-features/2017/05/announcing-send-time-optimization/. Accessed 20 Feb 2021

  29. Storm, D.: The hidden privacy hazards of HTML email (2000). https://strom.com/awards/192.html. Accessed 01 Feb 2021

  30. The Tor Project: Towards a tor-safe mozilla thunderbird reducing application-level privacy leaks in thunderbird, July 2011. https://web.archive.org/web/20200618193439/trac.torproject.org/projects/tor/raw-attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf. Accessed 02 Feb 2020

  31. Voth, C.: Reaper exploit. http://web.archive.org/web/20011005083819/www.geocities.com/ResearchTriangle/Facility/8332/reaper-exploit-release.html. Accessed 15 Dec 2020

  32. Xu, H., Hao, S., Sari, A., Wang, H.: Privacy risk assessment on email tracking. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, pp. 2519–2527, April 2018. https://doi.org/10.1109/INFOCOM.2018.8486432

Download references

Acknowledgments

We would like to thank Pierre Dewitte for his insightful comments during the early stages of this research, as well as Max Maass and PrivacyMail (https://privacymail.info/) for their willingness to share data related to this study.

Author information

Authors and Affiliations

  1. imec-DistriNet, KU Leuven, Leuven, Belgium

    Shirin Kalantari, Andreas Put & Bart De Decker

Authors
  1. Shirin Kalantari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Put
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bart De Decker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shirin Kalantari .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

  2. Department of Computer Science, University of Porto, Porto, Portugal

    Luís Filipe Coelho Antunes

  3. Goethe University Frankfurt, Frankfurt, Germany

    Kai Rannenberg

  4. ENISA, Athens, Greece

    Prokopios Drogkaris

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kalantari, S., Put, A., De Decker, B. (2021). Trackers in Your Inbox: Criticizing Current Email Tracking Practices. In: Gruschka, N., Antunes, L.F.C., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2021. Lecture Notes in Computer Science(), vol 12703. Springer, Cham. https://doi.org/10.1007/978-3-030-76663-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-76663-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-76662-7

  • Online ISBN: 978-3-030-76663-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation