Every time you open a marketing email, there is a good chance the sender knows exactly when you opened it, where you were, what device you used, and how many times you came back to it. Email tracking is one of the most pervasive and invisible forms of online surveillance, and most people have no idea it is happening. This guide explains how email tracking works and walks you through how to shut it down across every major email client.
How Email Tracking Works
Email tracking relies on a few simple techniques that have been standard practice in marketing and sales for over a decade:
- Tracking pixels: The most common method. The sender embeds an invisible 1x1 pixel image in the email, hosted on their server. When your email client loads the image, the server logs your IP address, the time, your approximate location, your device type, and your operating system. You never see the image — it is completely invisible to the naked eye.
- Web beacons: Similar to tracking pixels but sometimes embedded as transparent images, iframes, or other HTML elements that trigger a server request when the email is rendered.
- Link redirects: Instead of linking directly to a destination URL, the sender routes every link through a tracking server. When you click, the tracker records the click, your IP address, and the timestamp before redirecting you to the actual page. This is why links in marketing emails often look like long strings of random characters.
- Read receipts: Some email systems request a delivery or read confirmation. In corporate environments using Exchange or Outlook, read receipts can be sent automatically without your knowledge unless you change the default settings.
What Data Email Trackers Collect
A single tracking pixel can reveal a surprising amount of information about you:
- Whether you opened the email and the exact date and time
- How many times you opened it — marketers use this to gauge interest level
- Your IP address, which reveals your approximate geographic location (city-level or more precise)
- Your device type — desktop, phone, or tablet
- Your operating system and email client — iPhone, Android, Gmail web, Outlook, etc.
- Whether you forwarded the email to someone else (some trackers detect multiple opens from different IPs)
Tracking Happens Silently
Most email tracking requires zero interaction on your part. You do not have to click anything — simply opening the email and allowing images to load is enough for the sender to collect your data. Studies have found that tracking pixels are present in more than 70% of marketing emails and a growing percentage of personal and transactional messages.
How to Disable Email Tracking in Gmail
Gmail loads images through Google's own proxy servers by default, which provides partial protection by hiding your IP address from the sender. However, the sender still knows you opened the email and when. To block tracking pixels entirely:
- Open Gmail and click the gear icon, then See all settings.
- In the General tab, scroll to Images.
- Select Ask before displaying external images.
- Click Save Changes at the bottom of the page.
With this setting enabled, Gmail will not load remote images automatically. You will see a prompt at the top of each email asking whether to display images, giving you control over which senders can track you. You can choose to always display images from trusted senders individually.
How to Disable Email Tracking in Apple Mail
Apple introduced Mail Privacy Protection in iOS 15 and macOS Monterey, and it remains one of the strongest built-in anti-tracking features available in any email client. When enabled, it preloads all remote content through Apple's proxy servers in the background — regardless of whether you open the email. This means:
- Senders cannot tell when (or if) you opened the email
- Your IP address is hidden behind Apple's proxy
- Your location is masked
To enable Mail Privacy Protection:
On iPhone or iPad
- Go to Settings > Apps > Mail.
- Tap Privacy Protection.
- Enable Protect Mail Activity.
On Mac
- Open Mail > Settings (or Preferences).
- Go to the Privacy tab.
- Check Protect Mail Activity.
How to Disable Email Tracking in Outlook
Microsoft Outlook blocks external images by default in the desktop application, but Outlook on the web and mobile may not. To verify your settings:
Outlook Desktop (Windows)
- Go to File > Options > Trust Center > Trust Center Settings.
- Click Automatic Download.
- Check Don't download pictures automatically in standard HTML email messages or RSS items.
Outlook on the Web
- Click the gear icon and go to View all Outlook settings.
- Navigate to Mail > Junk email or Mail > External images.
- Select Always use the Outlook service to load images to route images through Microsoft's proxy, or block them entirely.
You should also disable automatic read receipts. In Outlook desktop, go to File > Options > Mail and under Tracking, select Never send a read receipt.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanHow to Disable Email Tracking in Yahoo Mail
Yahoo Mail loads images by default and does not route them through a proxy, making it one of the least private major email clients. To block tracking images:
- Click the gear icon and select More settings.
- Go to Viewing email.
- Under Show images in messages, select Ask before showing external images.
This prevents remote images from loading automatically and stops most tracking pixels from firing.
Browser Extensions That Block Email Trackers
If you use webmail (Gmail, Outlook.com, Yahoo Mail in a browser), dedicated browser extensions can detect and block tracking pixels before they load:
- Ugly Email: Available for Chrome and Firefox. It scans your Gmail inbox and places an "eye" icon next to emails that contain known tracking pixels. It blocks the pixel from loading when you open the email.
- PixelBlock: A lightweight Chrome extension specifically for Gmail. It blocks tracking pixels and shows a red eye icon when a tracker is detected and blocked.
- Trocker: Works with Gmail and Outlook on the web. It detects tracking pixels and link trackers, blocks them, and shows you which companies attempted to track you.
Combine Extensions with Client Settings
Browser extensions only work when you access email through a web browser. If you also check email on your phone or through a desktop app, make sure to configure tracking protection in those clients separately. The most effective approach is to disable remote image loading at the client level and use a browser extension as a second layer of defense.
Privacy-Focused Email Services
If you want tracking protection built into the service itself rather than bolted on through settings and extensions, consider switching to a privacy-focused email provider:
- ProtonMail: Based in Switzerland, ProtonMail offers end-to-end encryption and blocks tracking pixels by default. Remote images are stripped and loaded through Proton's proxy only when you explicitly choose to view them. ProtonMail also does not log your IP address.
- Tuta (formerly Tutanota): A German-based encrypted email service that blocks external image loading by default and does not support tracking pixels. Tuta also encrypts your entire mailbox, including subject lines and contacts.
Both services offer free tiers and paid plans with custom domain support, making them viable replacements for Gmail or Yahoo Mail for personal use.
Use Email Aliases to Compartmentalize Tracking
Even with tracking pixels blocked, senders still know the email address they sent to. If you use the same email address everywhere, companies can correlate your activity across different services. Email aliases solve this by giving each service a unique address that forwards to your real inbox:
- SimpleLogin (now part of Proton) lets you create unlimited aliases that forward to your real email. If an alias starts receiving spam or tracked emails, you disable it without affecting anything else.
- Apple Hide My Email generates random addresses for each service you sign up for.
- Firefox Relay provides a limited number of free aliases with a paid option for unlimited use and a custom domain.
Using aliases means that even when a sender tracks you, they cannot connect that activity to your accounts on other services. If an alias gets sold to a data broker, you know exactly which company leaked it.
Stop Tracking at the Source with PrivacyOn
Blocking tracking pixels stops companies from monitoring your email behavior, but it does not address how your email address ended up in their databases in the first place. Data brokers and people-search sites collect, aggregate, and sell personal information — including email addresses — to marketers, advertisers, and anyone else willing to pay. The more widely your email address is circulated, the more tracked and targeted emails you receive.
PrivacyOn attacks this problem at the root. Instead of just blocking the tracking that reaches your inbox, PrivacyOn removes your personal information — including your email address — from 100+ data broker and people-search sites. By cutting off the supply of your data to marketers, you reduce the volume of tracked emails you receive in the first place. PrivacyOn continuously monitors for your data reappearing and submits new removal requests automatically, so your email stays out of broker databases over time.
The most effective email privacy strategy combines both approaches: block tracking in your email client so senders cannot surveil your behavior, and use PrivacyOn to remove your email from the data broker ecosystem so fewer senders have it to begin with.