I got an e-mail today from a third-party on behalf of a mutual customer. This person wanted to remind me that his e-mail to me the day before “was opened 22 mins 7 seconds after [he] sent it to [me]” and he was wondering if I had made any progress.
How did he know that? There was no message box advising me that the sender had requested a read receipt and asking if I wanted to send it. There was however a warning from my e-mail client (KMail) advising me that there were external references embedded in the HTML e-mail message. Like a fool, I disregarded this warning and clicked to display these references the first time around.
When I got his reminder I went back and examined the HTML content. At the end of the message was a link to an image on http://img.msgtag.com/. When this image is loaded, it notifies the sender that their mail has been opened along with the time elapsed from sending the mail to when it was eventually opened. MSGTAG is the company that provides this service in this instance.
I was annoyed about this. Damned annoyed. Someone e-mailing me had surreptitiously embedded an external image in an e-mail to for the express purpose of identifying when I opened his mail _without_ my permission and in violation of my privacy. It’s nobody’s damned business when or even if I have read their e-mails.
That information should be requested via the long established mechanism of requesting read receipts allowing the recipient to decide whether or not to notify the sender that their message has been read. In my case it’s not that hugh an issue – generally speaking I would not load external references. But what about the 90% or more of less informed users who would or whose clients wouldn’t even ask first?
With my somewhat limited knowledge of the Data Protection Act I am quite convinced that this is in breach of it. I’m not a lawyer and would love the opinion of one on this.
FWIW, it’s never caused me any problems that my mail reader doesn’t load external references. YMMV but it’s worth considering. I’m sure that many spammers use this idea to find out what addresses lead to a successful reading of their spam.
It’s an interesting, but highly complex, legal question. I’ll try and get an answer for you, but I don’t think it will be at all clear cut.
Regardless; open HTML-email at your peril. There’s just no good reason to ever do this, it’s simply broken.
A lot of marketing types use these things to track email open rates etc., While it can be very handy for tracking newsletters I would find this kind of usage a bit abusive. I’m not sure about the legality, but as most of my mail is filtered for this kind of junk it’s never been an issue ๐
Of course – in future your proxy (or local DNS) will now be reporting that img.msgtag.org == 127.0.0.1 ๐
Colm – if you get some information I’d love to hear it. With regard to opening HTML mail, in fairness I normally do not “click to allow” which is why I’ve never disabled that KMail feature. This one just caught me off guard… and it was the boldness of the sender to tell me how long after he sent the mail that I read it that got me really pissed off!
Would have to check this one out…
Interesting though. When I have a bit of down time at work, I will try and look this one up.
There’s lots of good reasons to track email and different methods of doing it. Thesre’s a couple outlined here –
http://www.demonzmedia.com/DemonzBlog/?p=6
One of the main reasons to do it is that it indicates whther or not there might be errors in your emails, plus the email client programs people are using to open the email – this is useful to know as email clients are extremely volatile when it comes to html markup. It is odd that they would actually contact you to tell you how soon it had been since you opened the email. Make a point by not opening it ๐