Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Detect Web Beacons in Email?

Question: Hi, Leo, I’m following up on an entry that you wrote about blocking images from being downloaded when opening web email. I’ve since tried to find more information about those hidden web beacons (or web bugs) that can track an email recipient if the images are not blocked. Going a step further, would you kindly be able to explain how to detect the URL of the aforementioned web beacons/bugs from an email’s source code?

Most of the beacons and bugs aren’t hidden at all. Email senders can tell from any image in an email (even a logo) if a message was opened and if so, from where.

Become a Patron of Ask Leo! and go ad-free!

Web beacons – for good or bad?

A web “beacon” or “bug” is simply something in an email that reports back to the sender that you’ve opened the mail. Such beacons are almost always images, and this is exactly why images are not shown by default by most email programs.

But perhaps most importantly, any image will do, and it certainly doesn’t have to be hidden.

For example, in my newsletter, I include the Ask Leo! site logo. That’s an image.

If you have images turned off in your email, you’ll actually see a line in its place that says “Please turn on images for the best experience.” That’s because there are often images elsewhere in the newsletter and you want to see those images along with what I wrote.

But that simple logo or any image, including my signature down at the bottom, can be used as a beacon. A “rich text” or HTML email that includes any image that needs to be fetched from a server on the internet in order to be displayed can use that image as a beacon – it’s the act of fetching it that tells the sender what they want to know. The only time you really need a secret or hidden beacon is if the email you’re sending didn’t have any images at all naturally. Then the beacon will be in the HTML of the message (view the message source or “original” to see that) and is often just an image reference like any other, though typically of a 1 pixel by 1 pixel image, or a transparent image.

BeaconIf the message has more than one image, things get  more complex. For some emails, there are going to be many images, and potentially from many different places.

Any one of them can be used as a web beacon. Heck, all of them could be. The point here is that you’re really kind of stuck. An email message can have images and displaying those images can be used for good (as I hope I do, to give you a better experience when you read my newsletter) or for not quite so good, because they can also be used to determine whether or not you’ve opened that email.

So unfortunately, I don’t think this really completely answers your question. Mostly because those bugs? They’re hiding in plain sight.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

4 comments on “How Do I Detect Web Beacons in Email?”

  1. Hello,

    Is there any way to stop the beacon, or disable it from fetching the logo or disrupt the signal before you open the email.?

    Or is there a program that you can download to disable the beacon?

    Reply
    • This is exactly what most email programs default to when they “don’t display images”. The beacon is an image, and by disabling images it’s not fetched.

      Reply
  2. There is a TSR called Proximitron that intercepts traffic over Port 80 and “disinfects” it of certain behavior. Development on Proxomitron has ended, but it is freely available. Highly recommend looking into it to improve your browsing experience. Installation is not trivial, but not difficult, either.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.