Helping people with computers... one answer at a time.
Can someone who's sent a mail to my Hotmail address tell what IP address I actually read it on?
Or, to put it another way, if you're not careful, absolutely. And they might even be able to tell when. And it's not just Hotmail.
I know this seems like it contradicts what I've said elsewhere: email cannot be traced. Let me explain.
First, here's how it happens, if you're not careful:
If the email is in HTML format, and
If the sender, in that email, references images from a server that the sender controls, and
If you, the recipient, allow images to be shown in the mail you read
then the sender can see what IP address you were at when you viewed the email, and at what time you viewed the email. Of course they cannot tell whether you actually read it, only that the message was displayed.
Let me take each of those in order.
HTML formatted email is a very common way to display formatted messages. If a message has different fonts in it, uses bold and italics, color and so on, then it's probably an HTML formatted message. HTML is the technology behind web pages, but because it's become so ubiquitous, it's now being used for email messages.
One of the things you can do with HTML is embed a picture in your web page, or in your HTML formatted email. For example, this is a picture of a Hotmail warning:
Regardless of where or how you view this page - in email or on the web - that image is encoded in the HTML such that it will be fetched from my server. If you were viewing this as an email message, using my server logs, I can see what IP downloaded that image, and when - effectively I can see when and from where you read your email.
Now, note the warning message shown in that example image: "Hotmail has disabled some of the content of this message for your protection". What Hotmail and most other mail programs do by default is prevent remote images from being fetched. That means that if I've encoded an image into an HTML mail, the mail programs won't even try to get it by default. If they don't actually get the image, then you won't see it, of course, but I also wouldn't be able to see anything about your having viewed that email.
Of course as soon as you say "show images" (or "enable all content" or whatever terminology your mail program uses), it'll go fetch the image from my server.
It's important to note that the image may not actually be visible, even if you do show it. So called "web bugs" are typically 1 by 1 pixel transparent images - essentially invisible. But they are images, and can be referenced remotely in email. Once fetched, the person who encoded the email can then see whether or not the email was opened, when, and by what IP address. It's a common tool email publishers use to track aggregate delivery and open rates for mailing lists.
So let's run down that list again:
If the email is in HTML format: none of this applies to plain text email - only rich text such as HTML formatted email has this issue.
If the sender's email references remote images: It's not enough to be rich or HTML email, the email must make some kind of a remote reference in order to be tracked, and an image or "web bug" is the simplest.
If you allow images to be shown: most mail programs will default to not showing pictures, so unless you turn images on, you're not giving away any information.
then the sender can see the IP address and when the mail was viewed. Which, really doesn't tell them very much either. It's extremely difficult to track down an IP address to a specific person or machine. However spammers will often use this to 'tag' you ... they won't know specifically who you are, but they will know, for example, that "hey, that email address opened up my email! We got us a live one! Let's send more spam! LOTS MORE!"
In general, as long as you're careful to only display images in email you receive from known, trusted, sources, you're in good shape. And any good email program won't display images until or unless you tell it it's ok to do so.
So if all this tracing is possible, why do I say that tracing doesn't work?
Even though it's possible, if you're a sender of email, you simply cannot count on it working, and the information isn't all that useful for specific tracing if it does.
As we've seen, email programs don't display remote images by default. That means as a sender, you get nothing - unless the recipient decides you're trustworthy and enables your images.
And even if you do get the IP address, as I've discussed in several different articles here, the IP address is almost useless in determining exactly who read the mail, or where they might have been at the time.
So as a sender, actually trying to trace a specific piece of email is so unreliable as to be effectively useless.
A word about receipts.
Many email programs allow you to configure a "Read Receipt Request" or a "Delivery Receipt Request" with an outgoing message. The intent is that when the recipient of that email reads the mail, another email message is generated automatically back to the sender indicating that the mail has been read.
For all practical purposes it does not work. Much like displaying images, most email programs either ignore these requests, or at a minimum, ask first before sending any automated reply. Most people should, and do, say "no".
If, by some chance, you allow a read receipt to be sent, then yes, you are allowing your IP address to be discovered, along with the time at which you opened the email.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.