Abstract
Email is among the cornerstones of our online lives. It has evolved from carrying text-only messages to delivering well-designed HTML contents. The uptake of web protocols into email, however, has facilitated the migration of web tracking techniques into email ecosystem. While recent privacy regulations have impacted the web tracking technologies, they have not directly influenced the email tracking techniques. In this short paper, we analyze a corpus of 5216 emails, give an overview of the identified tracking techniques, and argue that the existing email tracking methods do not comply with privacy regulations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
The URL structure was detected based on the answer provided in Stackoverflow at https://stackoverflow.com/questions/33002037/which-email-software-is-used-optiext-optiextension-dll-in-url.
- 8.
References
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 674–689. ACM (2014). https://doi.org/10.1145/2660267.2660347
Anderson, R., Moore, T.: The economics of information security. Science 314, 610 (2006). https://doi.org/10.1126/science.1130992
Bender, B., Fabian, B., Haupt, J., Lessmann, S., Neumann, T., Thim, C.: Track and treat - usage of e-mail tracking for newsletter individualization. In: Twenty-Sixth European Conference on Information Systems (ECIS2018), Portsmouth, UK, June 2018
Bender, B., Fabian, B., Lessmann, S., Haupt, J.: E-mail tracking: status quo and novel countermeasures. In: Proceedings of the thirty-seventh international conference on information systems (ICIS), Dublin, Ireland, December 2016
Conversant: Five building blocks of identity management. https://www.conversantmedia.com/hubfs/US%20Conversant/IMAGE%20ILLUSTRATIONS%20and%20VIDEOs/Resource-center-assets/PDFs/Five_Keys_to_Identity_Resolution_24Apr2019.pdf. Accessed 15 Dec 2020
Coursen, S.: Solving the problem of html mail (2002). https://www.securityfocus.com/columnists/58. Accessed 02 Feb 2021
Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., Weippl, E.: Measuring cookies and web privacy in a post-GDPR world. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 258–270. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15986-3_17
Dimova, Y., Acar, G., Olejnik, L., Joosen, W., Van Goethem, T.: The cname of the game: Large-scale analysis of dns-based tracking evasion. In: Proceedings on Privacy Enhancing Technologies (2021). https://arxiv.org/pdf/2102.09301
Englehardt, S., Han, J., Narayanan, A.: I never signed up for this! Privacy implications of email tracking. Proc. Priv. Enhanci. Technol. 2018(1), 109–126 (2018)
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1388–1401 (2016). https://doi.org/10.1145/2976749.2978313
Epsilon: The way the cookie data crumbles: People-based profiles vs. cookie-based solutions (2019). https://www.epsilon.com/hubfs/Cookie%20Crumbles.pdf. Accessed 15 Dec 2020
Europol: Internet Organised Crime Threat Assessment (IOCTA) 2020. European Union Agencyfor Law Enforcement Cooperation (Europol) (2020)
Fabian, B., Bender, B., Weimann, L.: E-mail tracking in online marketing - methods, detection, and usage. In: 12th International Conference on Wirtschaftsinformatik, March 2015
FTC.gov: Can-spam act: a compliance guide for business. https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business. Accessed 17 Feb 2021
Haupt, J., Bender, B., Fabian, B., Lessmann, S.: Robust identification of email tracking: a machine learning approach. Eur. J. Oper. Res. 271(1), 341–356 (2018). https://doi.org/10.1016/j.ejor.2018.05.018
Isaac, M., Lohr, S.: Unroll.me service faces backlash over a widespread practice: selling user data (2017). https://nyti.ms/2pYH0Eb. Accessed 15 Dec 2020
Kalantari, S.: Open about open rate? In: IFIP International Summer School on Privacy and Identity Management. Springer, Cham (2021, to appear)
Klaviyo Help Center: How to set up dedicated click tracking. https://help.klaviyo.com/hc/en-us/articles/360001550572-Setting-Up-Dedicated-Click-Tracking. Accessed 20 Feb 2021
Klaviyo Help Center: Smart send time in klaviyo (2021). https://help.klaviyo.com/hc/en-us/articles/360029794371-Smart-Send-Time-in-Klaviyo. Accessed 21 Feb 2021
Lefrere, V., Warberg, L., Cheyre, C., Marotta, V., Acquisti, A.: The impact of the GDPR on content providers. In: The 2020 Workshop on the Economics of Information Security (2020). https://weis2020.econinfosec.org/wp-content/uploads/sites/8/2020/06/weis20-final43.pdf
LiveIntent: Overview of custom audiences (2020). https://support.liveintent.com/hc/en-us/articles/204889644-Overview-of-Custom-Audiences. Accessed 15 Dec 2020
Maass, M., Schwär, S., Hollick, M.: Towards transparency in email tracking. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 18–27. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21752-5_2
MailChimp: Insights from mailchimp’s send time optimization system (2014). https://mailchimp.com/resources/insights-from-mailchimps-send-time-optimization-system/. Accessed 20 Feb 2021
Masinter, L.: The “data” URL scheme. Internet Requests for Comments, August 1998. https://tools.ietf.org/html/rfc2397
Müller, J., Brinkmann, M., Poddebniak, D., Schinzel, S., Schwenk, J.: What’s up Johnny? - covert content attacks on email end-to-end encryption. In: 17th International Conference on Applied Cryptography and Network Security (ACNS 2019), pp. 1–18 (2019)
One More Company: State of email with 1.5 billion emails processed (2017). https://evercontact.com/special/email-tracking.html
Poddebniak, D., et al.: Efail: breaking S/MIME and openPGP email encryption using exfiltration channels. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 549–566. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak
Roberts, C.: Announcing send time optimization (2017). https://www.campaignmonitor.com/blog/new-features/2017/05/announcing-send-time-optimization/. Accessed 20 Feb 2021
Storm, D.: The hidden privacy hazards of HTML email (2000). https://strom.com/awards/192.html. Accessed 01 Feb 2021
The Tor Project: Towards a tor-safe mozilla thunderbird reducing application-level privacy leaks in thunderbird, July 2011. https://web.archive.org/web/20200618193439/trac.torproject.org/projects/tor/raw-attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf. Accessed 02 Feb 2020
Voth, C.: Reaper exploit. http://web.archive.org/web/20011005083819/www.geocities.com/ResearchTriangle/Facility/8332/reaper-exploit-release.html. Accessed 15 Dec 2020
Xu, H., Hao, S., Sari, A., Wang, H.: Privacy risk assessment on email tracking. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, pp. 2519–2527, April 2018. https://doi.org/10.1109/INFOCOM.2018.8486432
Acknowledgments
We would like to thank Pierre Dewitte for his insightful comments during the early stages of this research, as well as Max Maass and PrivacyMail (https://privacymail.info/) for their willingness to share data related to this study.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Kalantari, S., Put, A., De Decker, B. (2021). Trackers in Your Inbox: Criticizing Current Email Tracking Practices. In: Gruschka, N., Antunes, L.F.C., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2021. Lecture Notes in Computer Science(), vol 12703. Springer, Cham. https://doi.org/10.1007/978-3-030-76663-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-76663-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-76662-7
Online ISBN: 978-3-030-76663-4
eBook Packages: Computer ScienceComputer Science (R0)