Test your email account for privacy leaks
You are being tracked on the Internet no matter where you go unless you are very careful what you do and also in regards to your data.
One common form is email tracking. This is being used to verify that a recipient has opened the email at the very least. Depending on the tracking methods used, it may provide additional information, for instance if a link was accessed or an image displayed.
The two most common methods used by trackers are links and remote contents. If a recipient clicks on a link, it is not only clear that the email has been opened, but also that the user visited the linked website or service. This may reveal additional information such as your IP address or operating system version.
The second method uses remote contents, images for example. Many email clients block these types of content by default to improve user privacy.
What most email users may not know is that there are additional means to track emails.
The free service Email Privacy Tester sends a specially prepared test email to an email address that you enter on the service's web page.
All you have to do then is to open it on the service website or an email client. Once you have done that, you should check back on the website of the service as it will highlight any tests that have been triggered by that.
Email Privacy Tester supports a total of 28 different tests at the time of writing. A click on any test on the results page displays information on how it is used in emails. The CSS background test for example loads an url that is used for tracking.
You will notice that most of the methods require some form of external content that is being loaded. A client that is blocking all forms of external content should block all of the tests, while others may only block select tests.
It is comfortable to enter an email address in the form and get results right away. If you prefer not to reveal your email address there, you can also add the tests manually to an email. For that to work, it is necessary to use unique addresses on a web server that you own as you need to check the hits that these resources get -- or not -- to find out if you can be tracked by that.
A source code is made available as well which may be an alternative as well in regards to setting it up yourself.
One of the interesting revelations of the test is that it provides you with a comparison between blocking and allowing remote contents.
What i would like to know is what to do to make sure the tests do not flag red. Is it solely dependent on the email providers settings or can we do something in our email client settings to prevent this? Thanks in advance.
Zoho triggers img submit as well as IP address and User agent callback.
Is there a way to stop?
The results page on first visit is all grey after entering my Gmail address, but it changes to 3 red after we open the e-mail and click on the, “…, please click here.”, link. The 3 red do not concern me as it is only, “CSS-Background Image”, “Image submit button”, and “Image Tag”. Or I don’t think they should concern me as I know the custom settings I have set will trigger page effects (dynamic background). But as far as I know no privacy issues or concerns here, so all is good, I think.
Really an interesting test. My email triggers DNS Prefetch and DNS Prefetch-Link, everything else is grey. Frankly, I’m not even sure what that means, but I’m thinking it’s not too bad. I’ll have to look it up when I have more time.
gmail with images off by default tests grey. (I only viewed mail, didnt open the three attachments)
Postbox is all grey unless I do things which I’d expect to be recorded.
Windows Phone 8.1, however, is appalling. Who can I write to?
fastmail and outlook 2013 leave everything grey, gmail triggers 4: Image Submit Button, CSS background-image, Image tag, DNS Prefetch – Anchor.
Yet another reason I’m happy I switched away from gmail :)
I have Gmail and all grey.
All grey :)
read on a mobile device or app most will leak
Seems like I’m secure. Only the DNS Prefetch – Link/Anchor turned red.
Everything else is still grey after returning to the site.
I had this too. I’m using Thunderbird. To pass this test, open the config editor in Thunderbird and set:
network.dns.disablePrefetch = true
^+1 Thanks for that Ray. Mine was set to false (now set to true). While I didn’t trigger anything (I suspect that’s due to DNSCrypt) its always good to have multiple layers (software + then system).
you forgot the h in https:// in ttps://emailprivacytester.com/
Thanks Leon, corrected.