Services online are now offering simple ways to track whether users have opened e-mails or forwarded them. These services can be useful to anyone wondering whether their important e-mails have been opened. For us security/privacy conscious individuals this can be quite disturbing.
There sites we have found offer e-mail tracking services:
These sites embed “beacon images” in the emails that actually load a remote script that logs everything about the targets browser, including IP address, how long the e-mail was read, if it was forwarded, who it was forwarded too and more. Here is a list of all of the tracking capabilities of just readnotify.com
Here is an example using whoreadme.com of findings of an opened email:
Lets think about who would this be useful for? Marketers and Nosy People.
In order for the tracking service to work remote images must be enabled. While it may be easy to reject remote content from unknown senders, most e-mail clients automatically load remote content from senders in your address book.
Well how does this work?
The FAQ at Readnotify.com states the site allows customers to easily send e-mails using there services by entering in the recipients e-mail address as (email@example.com)
While testing whoreadme.com a user is able to enter in their own “sender” information making it seem as if the e-mail came from anyone they choose. This means that anyone in your address book can use this service against you and it is likely the remote content will automatically load.
More shockingly senders using these services can tell if you opened an e-mail even when using webmail like (Gmail, Yahoo, AOL, Hotmail, etc…). This
This just goes to show another reason why users should disable remote content entirely within all e-mail services and clients. This can be done in Gmail by doing the following: