See mailshade.org

How email tracking works

Email tracking works by hiding a 1x1 transparent image — a tracking pixel — inside the HTML of a message. The pixel's source is a URL on the sender's tracking server, with a unique identifier for you and that specific email. When your client loads the message and fetches that image, the request hits the server, which records that the email was opened, your IP address, your device and user-agent, and the timestamp. Some senders go further and route every link through a redirect URL, so clicking also reports back before sending you to the real destination. None of this requires your consent or shows you anything. To stop it you have to prevent the pixel request from firing — which is what Mailshade does via Chrome's declarativeNetRequest, cancelling known tracker requests at the network layer across Gmail, Outlook, Office 365, Superhuman, Yahoo Mail and ProtonMail.

The tracking pixel

A 1x1 image is embedded with a unique URL. Loading it is the open event. Because it is one transparent pixel, you never see it, but the request to the sender's server is what leaks the open.

What the sender learns

  • That the email was opened, and how many times.
  • Your IP address — and from it, approximate location.
  • Your device and email client, from the user-agent.
  • The exact timestamp of each open.

Click tracking

Links are often rewritten to pass through the sender's server first. The redirect logs the click and which link, then forwards you on. This is separate from the open pixel.

How blocking stops it

A network-level blocker uses declarativeNetRequest to cancel the request to known tracker domains before it leaves the browser. With no request, there is no open event. Mailshade also unwraps click-tracking redirects so a click does not phone home, and logs each blocked sender locally.

FAQ

What is a tracking pixel?

A tracking pixel is a 1x1 transparent image embedded in an email with a unique URL. When your client loads it, the request tells the sender you opened the message, along with your IP, device and the time.

What is declarativeNetRequest?

It is the Chrome MV3 API that lets an extension declare rules to block or modify network requests. Mailshade uses it to cancel requests to known tracker domains before they fire, which is how it blocks the open pixel.

Can a sender track me without a pixel?

Open-tracking relies on the pixel request, so blocking it stops the open signal. Click-tracking uses redirect links instead; Mailshade unwraps those so a click does not report back either.

Does email tracking work if I never load images?

Open-tracking needs the image to load, so blocking remote images stops it — but that also breaks legitimate images. Mailshade blocks only tracker domains, so opens are stopped while normal images still load.

Is there a free way to block tracking pixels?

Some open-source tools are free but Gmail-only or warning-only. Mailshade is paid, from $3.99 per month or $19 one-time, and blocks across six clients; its source is open under AGPL-3.0 to audit.