Tips for Protecting End Users’ Privacy
The risks from malicious and poorly secured email tracking can be mitigated through security awareness training about good email hygiene practices, as well as software tools. Consider teaching your end users about the following security measures (which are useful both at work and within personal email accounts):
Blocking Image/Resource Downloading
Email clients can be configured to prevent images from loading when a message is opened. “Blocking third-party resources limits the ability of email senders to track when you read or open emails,” suggests the EFF. “If you need to view images in a particular email, you can selectively turn on this feature for that particular email, but be aware that this allows email-open trackers to work.”
Turning off HTML Email
A more extreme tactic is to opt for plain-text emails only, an approach that prevents tracking codes from being hidden in HTML. This change could result in a less usable and aesthetically appealing email experience for the average user, but some experts claim the security gains are worth it.
As computer science researchers Sergey Bratus and Anna Shubina wrote in The Conversation, “Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government’s top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email.”
Avoiding Clicking Links
Best practices for avoiding phishing links also help to curb link tracking. URL wrapping technology that helps detect and block malicious links is very beneficial in the workplace, but personal accounts are also targeted. Users who are security aware should be taught to hover over (or “mouse over”) a URL to examine the actual destination address, which can help reveal a hidden redirect and/or tracking code. For the best security, advise users to take a manual approach by keying in known, trusted addresses into their web browsers rather than clicking links within emails.
Using Anti-Tracking Software
Although these tools are not foolproof, both the EFF article and Wired suggest using some of the many services designed to block tracking pixels in email and disable third-party cookies in browsers. We suggest taking a proactive stance; review some of the options out there and offer your advice to users about the best option(s) available to them.
Though we utilize tracking on our external email communications (like most others do), we follow best practices to protect recipients’ privacy, including the use of HTTPS, inclusion of unmasked links, and adherence to all email regulations (such as CASL, GDPR, and anti-spam laws).