TL;DR
Tracking pixels are invisible 1x1 images hidden in emails. When you open an email, the pixel loads — and sends the sender your IP address, device type, browser, location, and exact open time.
They work in Gmail, Outlook, Yahoo, and most standard email clients. Unless you've specifically blocked remote images, tracking pixels are active every time you open an email.
Proton Mail blocks them automatically. No configuration required — Proton strips tracking content before you ever see the email.
Most people assume that reading an email is passive. You open it, the words appear, you close it. Nothing goes back the other way.
That assumption is wrong.
Every time you open an email in Gmail, Outlook, or Yahoo, there's a very good chance you're sending information back to the sender — without knowing it, without consenting to it, and without any way to see it happening.
The mechanism is called a tracking pixel. It's one of the most widespread surveillance tools on the internet, and almost nobody talks about it.
What Is a Tracking Pixel?
A tracking pixel is an image — a tiny, invisible one. Specifically, a single pixel (1x1) embedded in the body of an email. It's transparent, so you can't see it. It has no visible effect on how the email looks.
But when you open the email, your email client loads that image. And loading an image means making a request to the server where it's hosted. That request carries information about you: your IP address, the time of the request, your browser or email app, and your operating system.
The sender's server receives that request and logs it. Now they know exactly when you opened the email, from what device, using what app, and approximately where you were.
What a tracking pixel captures when you open an email:
- Exact date and time the email was opened
- Your IP address (which reveals your approximate location)
- Your device type (phone, tablet, laptop)
- Your operating system (iOS, Android, Windows, Mac)
- Your email client (Gmail app, Outlook, Apple Mail)
- How many times you opened the email
- Whether you forwarded it — it fires again when the recipient opens it
It's Not Just Marketers
The obvious users of tracking pixels are email marketers — companies that send newsletters and promotional emails want to know if you opened them. That's unsettling enough.
But the scope goes further.
⚠️ Your email provider is in on it too
Gmail and other free email providers don't just allow tracking pixels in the emails you receive — they use similar tracking infrastructure themselves. When you click a link in Gmail, you often pass through Google's tracking servers before landing at the destination. This tells Google what links you clicked, when, and from where — feeding directly into your advertising profile.
Beyond your email provider, tracking pixels are used by:
- E-commerce companies — knowing you opened a cart-abandonment email tells them you're still interested, triggering a follow-up
- Publishers and media sites — engagement data feeds into whether they send more or fewer emails
- Data brokers — companies that aggregate open data across many senders to build behavioural profiles for sale
- Insurance companies and lenders — some have used email engagement to assess creditworthiness
- Law firms and investigators — tracking pixels have been used to establish when documents were opened
The Scale of This
A study by researchers at the University of Michigan found that approximately 70% of emails sent by mailing lists contained trackers. A separate analysis by the Hey email team found tracking pixels in the majority of commercial emails they received.
This isn't a niche practice. It's standard industry behaviour. If you use a free email provider and receive any commercial or newsletter email, there is a very high probability that your opens are being tracked right now.
Can't You Just Block Remote Images?
Most email clients do offer an option to block remote images — and when enabled, this does prevent tracking pixels from firing. But there are problems with relying on this:
- It also blocks legitimate images, making emails harder to read
- Many email clients still load images by default from senders in your contacts
- Some senders work around image blocking by embedding tracking in links rather than images
- It requires you to manually configure each email client on every device
It's a partial, inconvenient fix — not a solution.
How Proton Mail Handles Tracking Pixels
Proton Mail takes a different approach. Rather than leaving it to you to configure image blocking, Proton strips tracking content automatically at the server level, before the email ever reaches your device.
When a tracked email arrives at Proton's servers, Proton identifies the tracking infrastructure, removes it, and delivers the email without it. The tracking pixel never loads. The sender's server never gets pinged. You remain invisible.
In some cases — particularly with heavily tracked marketing emails — this stripping process leaves emails looking different to how they were designed. Parts of the layout might break. Some images won't appear. This can feel odd at first.
But it's actually proof that the old system was tracking you. The emails that look different in Proton are the ones that were built around surveillance. What disappears was tracking infrastructure, not information. (If you want to understand exactly what that looks like, I wrote about the experience of switching and watching it happen.)
What You Can Do About This Today
The most effective single action you can take is to move your important email to a provider that handles this at the infrastructure level. You don't need to abandon your existing email address — keep Gmail for newsletters and junk, and use Proton for the correspondence that actually matters.
Your financial advisor. Your doctor. Your family. Those conversations shouldn't be feeding an ad machine or a data broker's profile.
Proton Mail is free to start. Five minutes to set up. And from the moment you switch, nobody knows when you're reading your email — or from where.