|This article needs additional citations for verification. (October 2013)|
Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.
Email tracking is useful when the sender wants to know if the intended recipient actually received the email, or if they clicked the links. However, due to the nature of the technology, email tracking cannot be considered an absolutely accurate indicator that a message was opened or read by the recipient.
Some email applications, such as Microsoft Office Outlook, employ a read-receipt tracking mechanism. The sender selects the receipt request option prior to sending the message, and then upon sending, each recipient has the option of notifying the sender that the message was received or read by the recipient.
However, requesting a receipt does not guarantee that you will get one, for several reasons. Not all email applications or services support read receipts, and users can generally disable the functionality if they so wish. Those that do support it are not necessarily compatible with or capable of recognizing requests from a different email service or application. Generally, read receipts are only useful within an organization where all employees/members are using the same email service and application.
Depending on the recipient's mail client and settings, they may be forced to click a notification button before they can move on with their work. Even though it is an opt-in process, a recipient might consider it inconvenient, discourteous, or invasive.
Read receipts are sent back to one's "Inbox" as email messages. Additional technical information, such as who it is from, the email software they use, and the IP addresses of the sender and their email server, is available inside the Internet headers of the read receipt.
The technical term for these is "MDN - Message Disposition Notifications", and they are requested by inserting one or more of the following lines into the email headers: "X-Confirm-Reading-To:"; "Disposition-Notification-To:"; or "Return-Receipt-To:".
Another kind of receipt can be requested, which is called a DSN (delivery status notification), which is a request to the recipient's email server to send you a notification about the delivery of an email that you have just sent. The notification takes the form of an email, and will indicate whether the delivery succeeded, failed, or got delayed, and it will warn you if any email server involved was unable to give you a receipt. DSNs are requested at the time of sending by the sending application or server software (not inside the email or headers itself), and you can request to "Never" get any, or to "Always" get one, or (which most software does by default) only to get DSN if delivery fails (i.e.: not for success, delay, or relay DSNs). These failure DSNs are normally referred to as a "Bounce". Additionally, you can specify in your DSN request whether you want your receipt to contain a full copy of your original email, or just a summary of what happened. In the SMTP protocol, DSNs are requested at the end of the RCPT TO: command (e.g.: RCPT TO:<> NOTIFY=SUCCESS,DELAY) and the MAIL FROM: command (e.g.: MAIL FROM:<> RET=HDRS).
Email marketing and tracking
Some email marketing tools include tracking as a feature. Such email tracking is usually accomplished using standard web tracking devices known as cookies and web beacons. When you send a tracked email message, if it is a graphical HTML message (not a plain text message) the email marketing system may embed a tiny, invisible tracking image (a single-pixel gif, sometimes called a web beacon) within the content of the message. When the recipient opens the message, the tracking image is referenced. When they click a link or open an attachment, another tracking code is activated. In each case a separate tracking event is recorded by the system. These response events accumulate over time in a database, enabled the email marketing software to report metrics such as open-rate and click-through rates. Email marketing users can view reports on both aggregate response statistics and individual response over time.
Email tracking is used by individuals, email marketers, spammers and phishers, to verify that emails are actually read by recipients, that email addresses are valid, and that the content of emails has made it past spam filters. It can sometimes reveal if emails get forwarded (but not usually to whom). When used maliciously, it can be used to collect confidential information about businesses and individuals and to create more effective phishing schemes.
The tracking mechanisms employed are typically first-party cookies and web bugs.
Although it is possible to opt-out of email tracking, doing so does not come without sacrifice. Within one's individual email client, one can turn off images and decline any read-receipt requests.
One should note that there are email-tracking services which convert the email message into an image before delivering the message. One obviously cannot read the message contained in the image if image display is disabled in one's email client.
HP email tracking scandal
In the U.S. Congressional Inquiry investigating the HP pretexting scandal it was revealed that HP security used an email tracking service called ReadNotify.com to investigate boardroom leaks. The California attorney general’s office has said that this practice was not part of the pretexting charges. HP said they consider email tracking to be legitimate and will continue using it.
- Evers, Joris (2006-09-28). How HP bugged e-mail. CNET News.com, 28 September 2006. Retrieved from http://archive.is/20130410171841/http://news.com.com/How+HP+bugged+e-mail/2100-1029_3-6121048.html.
- Author unknown (date unknown). News - CIO.com - Business Technology Leadership. Retrieved from http://www.cio.com/blog_view.html?CID=25624[dead link].
- McMillian, Robert (2006-10-09). Web Bugs Trained to Track Your E-Mail. PC World - Business Center, 9 October 2006.Retrieved from http://www.pcworld.com/article/id,127444-c,onlineprivacy/article.html.