Can someone who’s sent a mail to my Hotmail address tell what IP address I
actually read it on?
Or, to put it another way, if you’re not careful, absolutely. And they might
even be able to tell when. And it’s not just Hotmail.
I know this seems like it contradicts what I’ve said elsewhere: email cannot
be traced. Let me explain.
Become a Patron of Ask Leo! and go ad-free!
First, here’s how it happens, if you’re not careful:
If the email is in HTML format, and
If the sender, in that email, references images from a
server that the sender controls, and
If you, the recipient, allow images to be shown in the mail
then the sender can see what IP address you were at when
you viewed the email, and at what time you viewed the email. Of course they
cannot tell whether you actually read it, only that the message was
Let me take each of those in order.
HTML formatted email is a very common way to display formatted messages. If
a message has different fonts in it, uses bold and italics, color and so on,
then it’s probably an HTML formatted message. HTML is the technology behind web
pages, but because it’s become so ubiquitous, it’s now being used for email
One of the things you can do with HTML is embed a picture in your web page,
or in your HTML formatted email. For example, this is a picture of a Hotmail
Regardless of where or how you view this page – in email or on the web –
that image is encoded in the HTML such that it will be fetched from my server.
If you were viewing this as an email message, using my server logs, I can see
what IP downloaded that image, and when – effectively I can see when and from
where you read your email.
Now, note the warning message shown in that example image: “Hotmail has
disabled some of the content of this message for your protection”. What Hotmail
and most other mail programs do by default is prevent remote images
from being fetched. That means that if I’ve encoded an image into an HTML mail,
the mail programs won’t even try to get it by default. If they don’t
actually get the image, then you won’t see it, of course, but I also wouldn’t
be able to see anything about your having viewed that email.
Of course as soon as you say “show images” (or “enable all content” or
whatever terminology your mail program uses), it’ll go fetch the image from my
It’s important to note that the image may not actually be visible, even if
you do show it. So called “web bugs” are typically 1 by 1 pixel transparent
images – essentially invisible. But they are images, and can be referenced
remotely in email. Once fetched, the person who encoded the email can then see
whether or not the email was opened, when, and by what IP address. It’s a
common tool email publishers use to track aggregate delivery and open rates for
So let’s run down that list again:
If the email is in HTML format: none of this applies to plain text
email – only rich text such as HTML formatted email has this issue.
If the sender’s email references remote images: It’s not enough to
be rich or HTML email, the email must make some kind of a remote reference in
order to be tracked, and an image or “web bug” is the simplest.
If you allow images to be shown: most mail programs will default to
not showing pictures, so unless you turn images on, you’re not giving
away any information.
“In general, as long as you’re careful to only display images in email
you receive from known, trusted, sources, you’re in good shape.”
then the sender can see the IP address and when the mail was
viewed. Which, really doesn’t tell them very much either. It’s
extremely difficult to track down an IP address to a specific person
or machine. However spammers will often use this to ‘tag’ you … they won’t
know specifically who you are, but they will know, for example, that “hey, that
email address opened up my email! We got us a live one! Let’s send more spam!
In general, as long as you’re careful to only display images in email
you receive from known, trusted, sources, you’re in good shape. And any good
email program won’t display images until or unless you tell it it’s ok to do
So if all this tracing is possible, why do I say that tracing doesn’t
Even though it’s possible, if you’re a sender of email, you simply cannot
count on it working, and the information isn’t all that useful for specific
tracing if it does.
As we’ve seen, email programs don’t display remote images by default. That
means as a sender, you get nothing – unless the recipient decides you’re
trustworthy and enables your images.
And even if you do get the IP address, as I’ve discussed in several
different articles here, the IP address is almost useless in determining
exactly who read the mail, or where they might have been at the time.
So as a sender, actually trying to trace a specific piece of email is so
unreliable as to be effectively useless.
A word about receipts.
Many email programs allow you to configure a “Read Receipt Request” or a
“Delivery Receipt Request” with an outgoing message. The intent is that when
the recipient of that email reads the mail, another email message is generated
automatically back to the sender indicating that the mail has been read.
For all practical purposes it does not work. Much like displaying images,
most email programs either ignore these requests, or at a minimum, ask first
before sending any automated reply. Most people should, and do, say “no”.
If, by some chance, you allow a read receipt to be sent, then yes, you are
allowing your IP address to be discovered, along with the time at which you
opened the email.