Gonna have a pretty high false negative rate though, right? Virtually all modern email programs and webmail systems block images by default (unless the sender has been marked as "safe" or sometimes if they've been added to your address book).
You might as well steal some of the (very clever) tricks used here: http://litmus.com/email-analytics to track whether the messages was forwarded and the time spent reading. They don't work all the time, but it's a pretty neat piece of code.
Just from looking at the litmus site I can't tell what "very clever" tricks they use, and I don't want to spend money signing up to find out. Thinking off the top of my head, perhaps they could be requesting a CSS stylesheet or an CSS3 font from their server to track reads without using an image. But that is all I can think of right now.
Could you tell me more about the "clever tricks" they use Eli?
Edit: I just thought of another trick: using the background-image or list-style-image CSS property to request an image from your own server. I found a chart that shows CSS support in major email services. Gmail looks like it would be the hardest to implement tracking in. In many other email clients it would be trivially easy:
I'm not actually sure they did much better than a regular image for tracking opens though I believe they also did a background-image. The clever bit was using some CSS with a background image to track the message being forwarded (outlook adds some predictable CSS class names to the message when it reformats it for forwarding) and the use of an image resource that never actually loads, but does a sleep/redirect loop so it can track how long the message has been open (assuming images aren't blocked in the first place). Also another CSS directive to see when the message is being printed. At least, that's what I remember when I disassembled the code some months ago. If I can dig it up when I'm back in the office, I'll post it.
Though I think you have a much better chance of getting people to load images in a newsletter or marketing message where that's the norm versus a personal message where it might seem weird or unnecessary.
the use of an image resource that never actually loads, but does a sleep/redirect loop so it can track how long the message has been open
Hmm, very interesting. So they essentially make their server side script sleep for a few seconds, but not long enough that the client gives up waiting, then they send the client a redirect to the same script again. When the client stops requesting the fake image then it is safe to assume that the email is no longer being read.
That is a great idea, very innovative. I wondered how they were measuring how long the email was read.
They generate a unique image for each email and track when the image has been accessed.
As others have mentioned, many email clients automatically block image downloads by default. So this way of tracking, at first glance, seems pretty limited.
Right. I was trying to think of clever tricks to get around image blocking. Some techniques, such as list-style-image look like they can get around most email services.
You'd think that wouldn't you. I found ways to track this stuff even when remote images are disabled in Thunderbird, Apple Mail, Android Mail, Mail on iOS, Outlook, tonnes of webmail apps:
I created a web application which crafts an email with lots of tests and sends it your address. When you open it, it tries to "call back" to my server and the web page shows you the results. If you see anything on there before hitting "Load Images" your client has a problem. You can access the app here:
That's a great and valid concern. We have studies that show that there is a high volume of people who enable images and thus we would get accurate readings there.
Open-tracking is just one of the features we have, and not central to our entire product. Response-tracking is something that we anticipate more people want to use, and is guaranteed to work in our implementation.
Thanks for the ideas! Stay tuned for our new features that we have planned. We named ourselves EmailOracle for a reason :)
I usually consider emails with some kind of read-receipt requests or (even worse) tracking images (which fortunately gets blocked in any decent email client) at least very rude.
I don't like the idea of such stealth read-receipts too. I would expect that sooner or later tricks which allow implementation of this feature will be blocked in most email clients as security holes because as many others pointed out it can be used by spammers to verify email addresses.
Why not to use real read-recepit requests (MDN, DSN) and respect someone's rigth to disable it in their mail client?
I agree it's rude. If I received what would otherwise be a text email from a client/coworker/etc except now my mail client is saying "Images have not been downloaded", I'd get a little suspicious.
To help alleviate this concern there is opt-out for emails received from free EmailOracle accounts (there is a link at the bottom of the email that says "Metrics by EmailOracle, click here to opt-out").
That is too late. Collecting data like this is only legitimate (or, if the reciever is european, legal) if the collection only ever starts after the collecting party has recieved a qualified declaration of consent from the reciever of the bugged mail.
If they don't get this consent before sending the mail, they are just scum.
What EmailOracle does is to enable prosumers with the ability to deal with outgoing email overload. We are a business tool and we have studies that show that this is a feature that is well-received and well-intentioned in enterprise communication.
This is also evidenced in how MS Outlook provides read-receipts for their emails, and Blackberry messages that also automatically do read-tracking.
Makers of a kitchen knives cannot really prevent customers from using the tool for nefarious purposes. We do our best to preserve the privacy of recipients and allow opting out as well.
This is also evidenced in how MS Outlook provides read-receipts for their emails
Which everyone who is aware of it disables. I'll be blocking your service on the firewall, just good information hygiene. Thanks for announcing it here!
I've worked and consulted in over 15 very large enterprises. While it may not constitute a survey of the entire Fortune 500+, I've come into contact with enough business & IT professionals to know that is is - in fact - not a well-received feature. It's used by either underperforming folks as a CYA measure or other folks who have side-swiped by self-serving individuals.
There is no legitimate use or business-case for a read-receipt service, especially ones that use the same techniques as malware writers.
I fully support your third-party "who responded to me?" reporting & reminder tool, as I can see that being incredibly useful - especially to those who are not adept at scripting and/or using mailer APIs.
I have never worked in a large enterprise, or a Fortune 500 company, but email receipts are a necessary evil. Certain industries rely on time sensitive work to be done base upon an email. If this doesn't happen, business is lost and contracts fall through.
While I strongly dislike Outlook, their opt-in read-receipts are the best implementation that I know of as far as privacy and ease-of-use are concerned.
This is a hot button issue in the sense that it "spies" on the foreign email reader without their permission. Many spammers use this same technique to verify if an email address is valid or not (e.g. checking if keyed-URL images loaded).
A few responses from people who don't like this idea might include:
- Blocking the service
- Auto-opening and auto-reading "every" email that comes into their inbox (no way to tell which one was/wasn't read)
- Being extra-careful, reading emails selectively (e.g. don't read anything after 4pm otherwise you might get stuck doing overtime)
As you might tell, I'm personally not a fan of this. But if I were a lawyer, or boss, or part of law enforcement, I might like this idea. The current implementation of "email receipts" is very broken, especially in the corporate world.
The thing is, if a company or employee ever gets burned by this, they'll block it. Most everyone I've worked with turns email receipts off in Outlook for this reason.
Don't take my cynicism to heart though. Nobody has tried this idea in this way (that I'm aware of). It's very interesting. You never know how it'll pan out unless you try. Plus this is just the opinion of some dude on the internet; not a very good indicator if it'll succeed or not. ;)
Unless I'm reading this wrong, the service relies on the broken misfeature of many modern email clients that diverge from the original RFCs for mail by treating HTML as something they can process. A client that only handles plain text email (with attachments as something separate to hand off to an external program) is safe from this kind of abuse.
Yes, we agree that this tool will not appeal to everyone, but it is something that a lot of enterprise users have requested and thus we have built it with them in mind.
We'd also like to emphasize that open-tracking is only 1 feature in the bundle of tools that EmailOracle will offer, but it happens to be one that we were ready to launch with.
Somebody please write a blocker for this. Do we need something special, or can we just add some rules to AdBlock Plus to work around these antisocials?
I'm sorry you feel this way. You can opt-out of emails sent to you from free EmailOracle accounts. Maybe we should add to our website the ability to automatically opt-out of all future tracking?
I just wanted to say that I take you at your word followed by a modest version of the interdiction below, but then I noticed your fine piece of corporate doublespeak of only allowing opt-out against mail from free users of your service, which allows you to show a pretense of trying to do the right thing while at the same time co-opting those concerned about your offering into providing arguments for up-selling your customers.
So I once and for all forbid you to include any of your tracking technology into any message that is sent or forwarded to any email address that I currently use or own, or which I will at any time in the future use or own. In addition, I also forbid you to collect, store, process or share any information related to any email sent to or recieved by me or any email account I can access, or related to any device or software I may use to access this mail. And no, I am not mad or gullible enough to tell someone so completely lacking in moral judgement as to even think about implementing a feature like that and then defending it in the way you do any information about my email adresses, to protect them against being sold to other equally dishonest email senders, or abused in other ways.
A pre-emptive opt-out could work, but how exactly would you implement it?
Do I have to give you all my email addresses that I want to opt-out with?
Do I have to get an "optout" cookie so that the server with the tracking pixels and whatnot knows not to track me?
I think I'd rather block this at the email client level. This way I don't have to trust anyone's optout procedures, as well as being protected from any nefarious trackers that don't care about things such as opting-out.
Yes, users are free to still continue whatever means they have used in the past to opt-out, including at the client level. We don't (and can't) prevent any of that.
Of course you can't prevent it, however one of your application's goals is to work around email client filters that would block traditional tracking methods. Just to be clear, I have no problem with what you are doing.
I would like to know if blocking images is enough to not be tracked. Do email clients have sufficient image blocking or do they let through images specified in CSS (or similar) through?
Candidly, you already know who wants to opt out: they have images blocked. If you really want to do the right thing, don't add more tricky tracking mechanisms than hidden images.
edit: apparently this feature already exists in a clearer, more concise fashion.
How about mandating a footer that discloses the tracking feature and has a one click opt-out link:
"The email you are reading is using EmailOracle tracking to notify the sender upon first read in order to provide you with better service. If you would like to opt-out of all tracking from EmailOracle, please [click here]. To learn more about this product [click here]"
If anyone wanted to burn their relationship with me, spying on what most would consider to be unwatched activity, involving something as specific and interpersonal as email, would be a pretty good way.
It's just... creepy.
If you have a legal need to make sure I've received something, use registered post.
Anyone who is concerned about security and tracking will leave images blocked by default, but most average people will turn image blocking off so that they can see the pictures in whatever trashy chain email is making the rounds.
The don't realize that this allows spammers to track whether or not the email address is live, they just think that it saves them from having to click "Show All Images".
I would suspect people to be far more liberal with the "Always display images in emails from ..." if they know the sender personally. But still an important objection, since it obviously breaks the process...
Reading this was very surprising for me, because I'd always assumed this kind of thing was impossible.
After going over the comments here, there is apparently a (well known) trick of adding images to email, then tracking hits for that image on your server, thus giving you "email analytics". Apparently this is one of the reasons that most email programs block images by default. In fact, I've long wondered why images are blocked by default, and only now found out.
Always amazes me how many things I have yet to learn!
What a terrible name for the company. When I first read the title I thought "Email Oracle? Why would would I do that?". Not to mention Oracle will probably make claims to it.
I think that is why they have kept it. It will give them insanely high publicity. Moreover, I think they might be able to keep it too. It's not like Oracle sued Matrix team for having an Oracle. :)
Also, to the people who are saying images are not displayed in most of the email clients, browsers, don't forget smartphones where there is no option of blocking images.
I thought it was on by default? I'm sure it used to be? The iPhone used to load remote content from <video> and <audio> tags even when "load remote images" was disabled. Fixed now though. I think.
I really like the idea of an "expect followup with in N days" feature for GMail. It's interesting that GMail's dominance as a client for heavy email users has accidentally enabled a market of add-ons delivered as browser extensions.
It appears that one of the features this site offers is the ability to find e-mails you've sent that need followup because they haven't been responded to. I'd love to have that feature built into Gmail (and it seems like something very doable). Does anyone have a search/filter setup that allows you to find these "need to followup" e-mails?
EmailOracle does build this feature right into Gmail :)
It adds a link in the left panel of Gmail (under "Contacts") that lets you open up a new pane (just like the "Tasks" pane) that contains all of your emails needing follow-up.
A visually attractive site and sounds like a great plugin!
But quickly looking through the site...who are you? DNS records show private whois...GoDaddy's Domain By Proxy service. I'm logging in by giving my Gmail or GoogleApp credentials but is this through OpenID? Is there a terms of service before I do this? If you were a known entity I'm sure I would be quite a bit more forgiving.
Also, I saw a previous comment here by Tim about no visible pricing info by Tim...why should I have to login just to see what is required for an upgrade?
I'm interested but too many reasons for hesitation has me clicking away...
I'd rather have a "successful delivery response". It's enough to know that the email was delivered to a device you are responsible for. Tracking who's opening it and when seems a little creepy, also you'll have false positives if the email is blind forwarded.
Having worked with attorney's. "I didn't get the email" is common. I'd like just to have a list of the response codes from their server to prove that they accepted delivery.
The website mentions nothing of pricing. That's a little off-putting because it either suggests to me there is a hidden charge or they are doing something nefarious with access to my email account (like reading my email to send me targeted spam or something like that).
I recall a similar service a few years back which went a step further and encoded the text into an image, which allowed the sender to revoke the entire message at a later time.
Google is not finding anything; maybe it's gone now.
> Until now, you’ve been the person with the least control over your emails because, after you send them, they can be stored and scanned in more places than you can imagine. Do you want anyone to permanently store your messages? Do you want your words to possibly live in infamy without your knowledge?
Um, isn't that kind of an accepted risk when giving someone something? This whole thing sounds very fishy to me, actually.
How does it work? Their about page is very very vague, and uses some double-talk to make your message seem incredibly secure (specifically, the hard-to-print FAQ entry: http://www.bigstring.com/info/faqs/answers/printed.php)
You might as well steal some of the (very clever) tricks used here: http://litmus.com/email-analytics to track whether the messages was forwarded and the time spent reading. They don't work all the time, but it's a pretty neat piece of code.