Author Topic: Aqua mail blocks tracking mechanism of email tracking extension MailTrack  (Read 6857 times)

downloaderfan

  • Newbie
  • *
  • Posts: 10
Ok, before I start, I would like to make it clear that this is something I like about Aqua Mail. There is a chrome extension called Mail Track which allows you to track whether an email is read or not using a tracking pixel. During my testing, I found that whenever I open the mail in Aqua Mail, MailTrack isn't able to track the mail & the sender isn't notified about the mail being read. Yes, I do have image loading On by default. The same email, when I load on gmail in chrome, mailtrack is able to track the mail.

Now, its clear that Aqua Mail loads messages or at least images inside messages differently than gmail in chrome, since MailTrack works on web gmail and not on Aqua Mail. My question is, is email tracking theoretically impossible using a tracking pixel when using an app like Aqua Mail or is Mail Track doing something wrong & could an update from their side fix this issue? 

StR

  • Hero Member
  • *****
  • Posts: 1558
In principle, if you have automatic image loading "On", it should load all images, and the moment the image is loaded, tracking happens. I don't know if Kostya implemented anything special here.
Usually, the tracking pixel is an image that has a 1x1 size. It would be hard for the app to know how large the image is without sending an HTTP request "GET", which IS the "trackable/tracking event".
How can an app distinguish tracking-pixel images from the rest?
1. By the size, if that is specified explicitly ("height=1, width=1"). I suspect that the mail-tracking providers are not that stupid to leave the Jolly Roger out there.
2. By the URL:
The URL has several parts: the domain name, the file name, and parameters.
The file name is often unique for each message, which allows tracking of the individual message.
Sometimes, it is the parameters that contain the unique identifier of your message.
So, in general, you cannot reliably figure out that it is a tracking pixel based on these two parts.
Domain name may or may not contain unique information. But even if it does contain a unique portion (typically a 3rd level domain) Typically, the 2nd level domain portion would be the same (pertaining to the company), i.e. http://third.second.first , e.g. aq8wdb9.trackingmail.com
So, that portion can be used by ad-blocking/privacy apps. AFAIK, Aquamail doesn't do any filtering of that sort. If your tracking pixel is blocked in Aquamail despite the automatic loading of images enabled all the way, - I'd expect you have one of those apps installed.

Now, the reason why loading Gmail in Chrome (and, quite possibly even in Gmail app) might not be affected by the ad-blockers is that Gmail would be loading those images on their server is loading those images first, and then feeding them to you and your web-browser (or Gmail client). So, the image has been loaded BEFORE the ad-blocker could do anything about it.

downloaderfan

  • Newbie
  • *
  • Posts: 10
Thanks for your detailed reply :)

Quote
If your tracking pixel is blocked in Aquamail despite the automatic loading of images enabled all the way, - I'd expect you have one of those apps installed.

I do have a modified hosts file on my android that blocks ads within apps. Maybe that is also blocking the tracking pixel.

Ok, this question is related to my previous IP address question but it is also related to your following statement, so I'm just gonna ask it here. The reason I'm asking about this now is because I just found out about it.

Quote
Now, the reason why loading Gmail in Chrome (and, quite possibly even in Gmail app) might not be affected by the ad-blockers is that Gmail would be loading those images on their server is loading those images first, and then feeding them to you and your web-browser (or Gmail client). So, the image has been loaded BEFORE the ad-blocker could do anything about it.

There is a title called 'How Gmail helps make images safe' on this [nofollow] page. Now, when I load images in AquaMail, since it's not going through gmail servers, can my IP address be tracked just by me loading an image inside AquaMail?

StR

  • Hero Member
  • *****
  • Posts: 1558
There is a title called 'How Gmail helps make images safe' on this page. Now, when I load images in AquaMail, since it's not going through gmail servers, can my IP address be tracked just by me loading an image inside AquaMail?

Yes, when you load images in AquaMail (or any other app that is not cloud-based), the [effective external] IP address is exposed to that webserver. It's equivalent to loading that image in a web browser (unless you are using some proxy there).
And that is the reason (privacy concerns) why the default setting in Aquamail is to disable automatic image loading.
Just in case you haven't thought about it, - Aquamail is rather privacy-conscious.
Here is an old thread (no longer updated) that compared different aspects of privacy for different Android e-mail apps.

If you are using Gmail's web interface, their servers work as a buffer, downloading the images (if configured). [Some] Mail apps that are using cloud storage/servers might also do the same. But then those services know the content of the e-mail messages that you receive. If you are using Gmail as your mail providers, then it doesn't matter for you: they already analyze all your messages anyway. If you are using them (or any other cloud-based intermediary) to access your e-mail account(s) from other providers, that is a different story.

Pick your poison.  ;D

Update: Note that the very fact that the image is accessed (even by a Gmail server) confirms to the sender that the message was sent to the working address. So, this allows spam senders verifying addresses that are working from the large list they scraped or purchased from address scrapers.
That's yet another reason for the app not to load images automatically.
« Last Edit: May 26, 2017, 12:44:24 am by StR »

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Quote
Now, the reason why loading Gmail in Chrome (and, quite possibly even in Gmail app) might not be affected by the ad-blockers is that Gmail would be loading those images on their server is loading those images first, and then feeding them to you and your web-browser (or Gmail client).

It's my understanding that this is how Gmail for Android operates, yes.

Now back to original topic:

Aqua Mail doesn't do anything to filter out those "tracking" images, but it does block remote content by default (same as Fastmail web mail or even Thunderbird).

I regularly see those "tracking" images (or placeholders) in some messages in Aqua Mail.

If you wish Aqua to load linked images by default, you will want to make these adjustments:

- App settings -> message view -> turn off "spam control for linked images"

- App settings -> network -> under both "WiFi" and "Mobile", turn on "show images".
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

downloaderfan

  • Newbie
  • *
  • Posts: 10
Quote
Just in case you haven't thought about it, - Aquamail is rather privacy-conscious.
Here is an old thread (no longer updated) that compared different aspects of privacy for different Android e-mail apps.

Yeah, I know...I used TypeApp(cloud based) as my main email app on android for 2 years, before switching to Aqua Mail for privacy reasons.

Quote
Note that the very fact that the image is accessed (even by a Gmail server) confirms to the sender that the message was sent to the working address. So, this allows spam senders verifying addresses that are working from the large list they scraped or purchased from address scrapers.
That's yet another reason for the app not to load images automatically.

There are already multiple email address checker sites online like this [nofollow] one which allow a person to verify whether an email address is valid or not. That site worked well when I tested it with a few different email addresses.

Quote
Now, the reason why loading Gmail in Chrome (and, quite possibly even in Gmail app) might not be affected by the ad-blockers is that Gmail would be loading those images on their server is loading those images first, and then feeding them to you and your web-browser (or Gmail client). So, the image has been loaded BEFORE the ad-blocker could do anything about it.

I just found out about this [nofollow] addon that does block tracking pixels from working. I tested it with Mail Track and mail track was not able detect email being read on web gmail. Most probably regular ad blockers don't target blocking tracking pixel domain names.

Quote
Aqua Mail doesn't do anything to filter out those "tracking" images, but it does block remote content by default (same as Fastmail web mail or even Thunderbird).

I regularly see those "tracking" images (or placeholders) in some messages in Aqua Mail.

If you wish Aqua to load linked images by default, you will want to make these adjustments:

- App settings -> message view -> turn off "spam control for linked images"

- App settings -> network -> under both "WiFi" and "Mobile", turn on "show images".

I have always had these two settings set the way you have mentioned, still Mail Track doesn't work. So I checked the hosts file & found out that mail track is indeed blocked by it.

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Quote
I have always had these two settings set the way you have mentioned, still Mail Track doesn't work. So I checked the hosts file & found out that mail track is indeed blocked by it.

So, problem solved? It was something in your hosts file?
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

Adrian1404

  • Newbie
  • *
  • Posts: 1
For the email verification system, you can usezerobounce.net because they're more accurate. The system works by reducing and eliminating invalid, abuse, complaint, inactive, and spam-trap email address. You can use API, real-time validation. They also provide IP address validation and verification of key recipient demographics and has the ability to add missing information on certain emails, such as the name, gender, and location of the owner.
They are the most secure email validation system you can find.

Vivica

  • Newbie
  • *
  • Posts: 1
Re: Aqua mail blocks tracking mechanism of email tracking extension MailTrack
« Reply #8 on: September 03, 2020, 04:37:04 pm »


Hi!! I'd like to share an alternative service - Proofy.io. Their email verification algorithm includes domain validation, syntax verification, spam-trap removal, risk validation, MX records validation, complainers verification, real-time bounce email checking, and email de-duplication.