Test your email account for privacy leaks

Martin Brinkmann
May 25, 2014
Updated • May 26, 2014
Email
|
15

You are being tracked on the Internet no matter where you go unless you are very careful what you do and also in regards to your data.

One common form is email tracking. This is being used to verify that a recipient has opened the email at the very least. Depending on the tracking methods used, it may provide additional information, for instance if a link was accessed or an image displayed.

The two most common methods used by trackers are links and remote contents. If a recipient clicks on a link, it is not only clear that the email has been opened, but also that the user visited the linked website or service. This may reveal additional information such as your IP address or operating system version.

The second method uses remote contents, images for example. Many email clients block these types of content by default to improve user privacy.

What most email users may not know is that there are additional means to track emails.

The free service Email Privacy Tester sends a specially prepared test email to an email address that you enter on the service's web page.

All you have to do then is to open it on the service website or an email client. Once you have done that, you should check back on the website of the service as it will highlight any tests that have been triggered by that.

Email Privacy Tester supports a total of 28 different tests at the time of writing. A click on any test on the results page displays information on how it is used in emails. The CSS background test for example loads an url that is used for tracking.

You will notice that most of the methods require some form of external content that is being loaded. A client that is blocking all forms of external content should block all of the tests, while others may only block select tests.

email privacy tester

It is comfortable to enter an email address in the form and get results right away. If you prefer not to reveal your email address there, you can also add the tests manually to an email. For that to work, it is necessary to use unique addresses on a web server that you own as you need to check the hits that these resources get -- or not -- to find out if you can be tracked by that.

A source code is made available as well which may be an alternative as well in regards to setting it up yourself.

One of the interesting revelations of the test is that it provides you with a comparison between blocking and allowing remote contents.

Summary
Test your email account for privacy leaks
Article Name
Test your email account for privacy leaks
Description
Send a test email to your email address to find out if it fails some or all of the privacy tests embedded in the mail
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. angelripper said on August 25, 2014 at 11:13 pm
    Reply

    What i would like to know is what to do to make sure the tests do not flag red. Is it solely dependent on the email providers settings or can we do something in our email client settings to prevent this? Thanks in advance.

  2. exlnc said on July 18, 2014 at 2:24 pm
    Reply

    Zoho triggers img submit as well as IP address and User agent callback.
    Is there a way to stop?

  3. Blue said on May 26, 2014 at 8:39 pm
    Reply

    The results page on first visit is all grey after entering my Gmail address, but it changes to 3 red after we open the e-mail and click on the, “…, please click here.”, link. The 3 red do not concern me as it is only, “CSS-Background Image”, “Image submit button”, and “Image Tag”. Or I don’t think they should concern me as I know the custom settings I have set will trigger page effects (dynamic background). But as far as I know no privacy issues or concerns here, so all is good, I think.

    1. alan said on May 27, 2014 at 2:57 pm
      Reply

      Really an interesting test. My email triggers DNS Prefetch and DNS Prefetch-Link, everything else is grey. Frankly, I’m not even sure what that means, but I’m thinking it’s not too bad. I’ll have to look it up when I have more time.

  4. uhtred said on May 25, 2014 at 11:45 pm
    Reply

    gmail with images off by default tests grey. (I only viewed mail, didnt open the three attachments)

  5. Dave said on May 25, 2014 at 10:56 pm
    Reply

    Postbox is all grey unless I do things which I’d expect to be recorded.

    Windows Phone 8.1, however, is appalling. Who can I write to?

  6. CWagner said on May 25, 2014 at 10:09 pm
    Reply

    fastmail and outlook 2013 leave everything grey, gmail triggers 4: Image Submit Button, CSS background-image, Image tag, DNS Prefetch – Anchor.

    Yet another reason I’m happy I switched away from gmail :)

    1. TheAslan said on May 25, 2014 at 10:20 pm
      Reply

      I have Gmail and all grey.

  7. TheAslan said on May 25, 2014 at 10:07 pm
    Reply

    All grey :)

    1. Classic Toxin said on May 17, 2016 at 10:08 am
      Reply

      read on a mobile device or app most will leak

  8. BKV said on May 25, 2014 at 9:29 pm
    Reply

    Seems like I’m secure. Only the DNS Prefetch – Link/Anchor turned red.
    Everything else is still grey after returning to the site.

    1. Ray said on May 26, 2014 at 3:56 am
      Reply

      I had this too. I’m using Thunderbird. To pass this test, open the config editor in Thunderbird and set:

      network.dns.disablePrefetch = true

      1. Pants said on May 26, 2014 at 6:11 am
        Reply

        ^+1 Thanks for that Ray. Mine was set to false (now set to true). While I didn’t trigger anything (I suspect that’s due to DNSCrypt) its always good to have multiple layers (software + then system).

  9. leon said on May 25, 2014 at 9:09 pm
    Reply

    you forgot the h in https:// in ttps://emailprivacytester.com/

    1. Martin Brinkmann said on May 25, 2014 at 11:15 pm
      Reply

      Thanks Leon, corrected.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.