Skip to content
Back to Blog
Jul 09, 2026

Email Tracking Pixel: How It Works, Why Opens Lie, and How to Block One

A tracking pixel for email is a 1x1 transparent image with a URL unique to you. When your mail client loads it, the sender logs an open. That mechanism has not changed in twenty years, but who loads the image has, and it broke the metric.

An email tracking pixel is a 1x1 transparent image embedded in an email at a URL unique to each recipient. When the mail client renders the message, it requests that image, and the sending server logs the request as an open. The mechanism records a request to a server, not a human reading a message. Since Apple Mail Privacy Protection began pre-loading remote images on delivery in September 2021, roughly half of all tracked opens are generated by proxies and security scanners rather than people, which is why reply rate has replaced open rate as the metric serious senders act on. See what this means for your stack in our guide to email tracking tools.

Open rate is the most quoted and least trustworthy number in email. It comes from a piece of technology so simple you could build it in an afternoon, and so thoroughly broken by the last five years of privacy engineering that the number it produces now describes infrastructure rather than people. Here is what the pixel is, what it can and cannot see, and what to do about it from either side of the message.

What is an email tracking pixel?

A tracking pixel is a single transparent image, one pixel wide and one pixel tall, embedded in the HTML of an email. It is invisible: transparent, and smaller than the period at the end of this sentence. Its only job is to be fetched.

The important part is not the image. It is the URL. Every recipient of a campaign gets the same pixel at a different address, something like track.example.com/o/8fa31c9e.gif, where the string identifies the recipient and the campaign. The image itself is identical for everyone and carries no information at all. The address carries all of it.

How do tracking pixels work?

When your mail client displays an HTML email, it treats it much like a web page. It parses the markup, finds the image tags, and issues an HTTP GET request for each one. That request goes to the sender's tracking server, which writes a row to a database and returns the transparent image.

That row contains more than the fact of the open. The server sees the request's timestamp, the requesting IP address, and the user-agent string identifying the mail client and operating system. Because the URL encodes the recipient, the sender now knows that a particular person's mail client fetched a particular message at a particular moment from a particular network. Repeated fetches read as repeated opens. Click tracking is the same trick applied to links: each link is rewritten to point at the tracking domain, which logs the visit and then redirects to the real destination.

Nothing in that chain verifies that a human was present. The server logged a request. Everything else is inference, and for two decades the inference was good enough. It no longer is.

Why roughly half of tracked opens are not people

Three separate systems now fetch tracking pixels on the recipient's behalf, and none of them involve anyone reading anything.

What fetches the pixelWhat it does to your dataHow to spot it
Apple Mail Privacy ProtectionPre-loads every remote image on delivery, whether or not the message is opened. Masks the recipient's real IP behind Apple proxies.Opens arriving at delivery time, geolocating to Apple infrastructure. Near-100 percent open rates on Apple-heavy segments.
Corporate security gatewaysFetch every image and visit every link to scan for threats before the message reaches the mailbox. Fires false opens and false clicks.Opens under about 60 seconds after send. Clicks with no reply, arriving in tight bursts, often on every link at once.
Gmail's image proxyServes and caches remote images through googleusercontent.com, so device, IP, and location describe Google, not the reader.Uniform user-agent and location across all Gmail recipients. A cached image may never be re-fetched, hiding repeat opens.
A person actually readingThe thing you wanted to measure.Indistinguishable from the rows above, after the fact, with certainty.

Apple shipped Mail Privacy Protection with iOS 15 in September 2021. Apple Mail is the most-used email client in the world, and vendor measurements of MPP's share of tracked opens cluster around half, varying with list composition. No figure comes from Apple, so treat "roughly half" as the honest resolution rather than a precise statistic.

The distortion runs in both directions, which is what makes it unfixable rather than merely large. Proxies inflate opens by fetching pixels nobody looked at. Image blocking deflates them by hiding readers who did look. A single reported open rate blends both errors, and there is no arithmetic that separates them afterward.

Do tracking pixels work if images are blocked?

No. If the client never requests the image, the server never logs anything, and the recipient is recorded as not having opened. This is why open rate has always undercounted, long before Apple got involved. Outlook has historically blocked remote images by default in many configurations. Plenty of people read mail in the preview pane with remote content off, or in a plain-text client, and Proton Mail strips known trackers as a default.

The consequence is worth sitting with: a contact whose open count is zero may have read every message you sent. Occasionally one of them replies, and you get to watch a dashboard insist that a person who just answered your email never opened it.

How do I know if an email has a tracking pixel?

View the message source. In Gmail, open the message, click the three-dot menu, and choose Show original. Search the HTML for an <img> tag with width and height of 1, or a src pointing at a domain that is not the sender's normal website, often something like track., links., email., or click. followed by a long random-looking string. That string is your identifier.

Browser extensions such as PixelBlock or Gblock do this automatically inside Gmail, blocking the fetch and marking the message with an icon so you can see who is tracking you. They are the simplest option for anyone who wants to know without reading source code every morning.

How do I block tracking pixels?

Turn off automatic image loading. In Gmail, Settings, General, Images, choose "Ask before displaying external images." In Outlook and Apple Mail, the equivalent setting sits under privacy or reading preferences. This blocks the pixel and every other remote image, so newsletters will look broken until you click to load them, which is the trade.

Apple Mail users can enable Mail Privacy Protection, which takes a different approach. Rather than blocking the pixel, it fetches every pixel for every message through Apple's proxy, so the sender learns nothing from the fact of an open and cannot see your IP. Poisoning the data turns out to be more effective than withholding it.

Are email tracking pixels legal?

In the United States, at the federal level, yes. CAN-SPAM governs deception, accurate headers, an opt-out honored within ten business days, and a valid physical postal address. It has nothing to say about tracking pixels. Sending a tracked commercial email to a US business contact is lawful, and our guide to whether cold email is legal under CAN-SPAM covers the obligations that do bind you.

Two qualifications. A wave of wiretap-style class actions has been filed in the US over email pixels, with mixed and genuinely unsettled outcomes, so the ground is less quiet than it was. And in the European Union, regulators generally treat a tracking pixel as requiring prior consent under ePrivacy rules, on the reasoning that a legitimate-interest basis for sending the message does not extend to the tracking layer on top of it. If you email into the EU, ask a lawyer. Nothing here is legal advice.

Do tracking pixels hurt cold email deliverability?

They can, and for cold email this is the argument that actually decides the question. A pixel adds a remote image to a message. Click tracking rewrites your links through a tracking domain. Spam filters examine both, and a tracking domain shared with hundreds of other senders means you inherit their reputation on every link you send.

If you keep tracking on, use a custom tracking domain rather than a shared one, never send an image-only email, and keep links sparse in the first message of a sequence. But the calculation for cold outreach has shifted, and experienced senders increasingly turn open tracking off entirely. You are giving up a number that is roughly half fiction in exchange for one less remote fetch a filter can hold against you. That is not a difficult trade. Keep click tracking if the links matter, keep reply tracking always, and let the open rate go. Our guide to improving email deliverability puts this in order against the levers that matter more.

Can you track if an email was opened without a pixel?

Not reliably, and that is the correct answer rather than a disappointing one. Read receipts exist in Outlook and require the recipient to agree to send one, which in cold outreach they will not. Some teams infer engagement from link clicks alone, which is a stronger signal because a visit takes intent, though security scanners visit links too.

The metric that survives all of this is the reply. A reply requires a person to read the message, form an opinion, and choose to type. No proxy generates one, no scanner fakes one, no cache hides one. It is slower to accumulate than opens and it needs a larger sample to test against, and it is the only number in the dashboard that means what it says.

Set your targets, your reporting, and your A/B tests against reply rate. Use open rate as a coarse alarm only: if opens collapse across a sending domain overnight, something in your sender reputation or authentication broke, and that is worth knowing even from a broken instrument. Then go read the 2026 benchmarks so you know what a real reply rate looks like before you judge your own.

Start sending

Put this into practice with ColdMailer

Bring your own SMTP, let AI personalize every message, and land in the inbox, not spam. Free to start.

Start Free