Mailing list software should stop spying on subscribers

The internet is finally coming out of its long haze on privacy, but it’s with one hell of a hangover. So many practices that were once taken for granted are now getting a second, more critical look. One of those is the practice of spying on whether recipients of marketing emails open them or not.

Back in August, we vowed to stop using such spying pixels in our Basecamp emails. And do you know what? It’s been fine! Not being able to track open rates, and fret over whether that meant our subject lines weren’t providing just the right HOOK, has actually been a relief.

But whether these open rates are “useful” or not is irrelevant. They’re invasive, they’re extracted without consent, and they break the basic assumptions most people have about email. There’s a general understanding that if you take actions on the internet, like clicking a link or visiting a site, there’s some tracking associated with that. We might not like it, but at least we have a vague understanding of it. Not so with email spy pixels.

Just about every normal person (i.e. someone not working in internet marketing) has been surprised, pissed, or at least dismayed when I tell them about spy pixels in emails. The idea that simply opening an email subjects you to tracking is a completely foreign one to most people.

When I’ve raised this concern in conversations with people in the marketing industry, a lot of them have taken offense to the term “spy pixels”. Affixing the spying label made a lot of them uncomfortable, because they were just trying to help! I get that nobody wants to think of themselves as the bad guy (Eilish not withstanding), but using the word “spy” isn’t exactly a reach.

Here’s the dictionary definition of a spy: “a person who secretly collects and reports information on the activities, movements, and plans”. That fits pretty well to a spy pixel that tracks whether you open an email or not, without your knowledge or consent!

So. Let’s stop doing that. Collectively. And the best place to instigate reform is with the mailing list software we use. A modest proposal for a basic ethics reform:

1) Mailing list software should not have spy pixels turned on by default. This is the most important step, because users will follow the lead of their software. It must be OK to spy on whether people open my marketing emails if the software I’m using it provides that by default.

2) Mailing list software can ask for explicit consent when the sender really does want to track open rates. Let the sender include a disclaimer at the bottom of their email: “[The sender] would like to know when you open this email to help improve their newsletter. If that’s OK with you, [please opt-in to providing read receipts]. Thanks!”.

That’s it. Don’t do it by default, ask for informed consent if you must. Being respectful of someone’s privacy isn’t rocket science.

And remember, you can still tag your links in those emails with ?source=newsletter or whatever to see whether your call-to-action is working. As we discussed, people have a basic understanding that clicking links and visiting websites – explicit actions they take! – has some tracking involved.

This isn’t going to magically make everything better. It’s not going to fix all the issues we have with privacy online or even all the deceptive practices around mailing lists. But it’s going to make things a little better. And if we keep making things a little better, we’ll eventually wake up to a world that’s a lot better.

13 thoughts on “Mailing list software should stop spying on subscribers

  1. Reminds me of the days of Outlook/Exchange when it had “read receipts” and everybody had it enabled by default. But those receipts were not hidden from the recipient of the email.
    An annoying modal dialog popped up right after opening the email.
    And it had a nice “Never send read receipts” checkbox right on it.

    1. That’s actually not true. If a sender requested a read receipt, you’d be notified of the senders request and could accept or deny the request. If you accepted read reads, you’d never be notified again. If you denied them, anytime a sender requested read receipts (which is rare) you’d be ask again to accept or deny.

  2. What are other things that you believe should be improved regarding online privacy? Other than social networks, that’s an easy guess

  3. How do you think about click tracking? Do you still use this on Basecamp?

    I see both sides of the argument on click tracking, so I’m curious which side you take:

    * Pro: Click tracking happens through a website. Users can reasonably assume that visiting a website is subject to industry-standard tracking.

    * Con: Users may not know that their intention to view a 3rd-party website goes through a click-tracking server that knows their identity and can gather the exact same info as tracking pixels (such as IP address).

  4. I agree with the premise here, but can’t figure out how you would segregate spy pixels vs every other image on the email. Perhaps, all copies of the same email have the same static path to the images rather than dynamic?

    1. I think David here is talking about the ethics from the business owner’s perspective. In that case, there’s never a need for a “unique” image for an individual subscriber. So if the same image is delivered to everyone, there’s no identifying data and no reason to log the requests into a system to mine data from.

      From a user’s perspective, it’s harder to protect against this. There are browser plugins that do though and at the most basic level they have a list of domains and IP’s that are used by tracking servers and they just block that.

  5. We track marketing emails just like you recommend. We add a flag to our embedded links to understand how many are engaging. Not necessarily who is engaging. No spy pixels here.

    If you are smart about it, you can collect a remarkable amount of helpful information without infringing on a person’s privacy.

    We also built our own tool to send marketing emails since we didn’t want to pay someone just to host our email list (:-( Mailchimp). Maybe its time to open source our tool.

    1. Please do! I run a non-profit and we would love to cut out Mailchimp from our expenses and use a simple open source tool to send via something like Amazon SES instead.

    2. Mautic ( is another one already in opensource and is more of a full suite marketing tool. It has an SES integration. Sendy is awesome also. As soon as ours is cleaned up a bit, I’ll post here.

    3. You can also easily turnoff email tracking in MailJet ( And if you are managing a small list of subscribers, it’s much cheaper (free) than Mailchimp. 😉 [No association to company; just a user]

Comments are closed.