The Life and Death of Email Read Tracking
Update: Now blocking read receipts from other servicesMissive now auto blocks read trackers and 1x1 images to prevent senders from spying on what you do with their email.
This week we sunsetted read receipts from Missive. This will cost us a lot, so here is why we did it.
Read tracking is magical. You know instantly when your recipients open your sent emails. This brings incredible power and can be beneficial in many legitimate business scenarios. It’s really popular.
Behind the scenes however, there is an uglier untold story. For us, the technologists who built and offered support around it, it kept getting more controversial over time. In the most extreme cases, we saw first hand how it was misused and weaponized to abuse people. And on the more innocuous and potentially useful scenarios, how unreliable it could be, which could in the end give a false sense of control to our users. A technology that works 70% of the time is a bad one.
Missive is a team communication app. From day one, we believed that in order to succeed we had to offer an unparalleled email experience. Email is the most important channel in most business communication stacks.
For instance, sales people live and die in their email clients. One really useful feature for them is read tracking. You send an email to a prospect, that person quickly follows up saying they are not interested, but 3 months later, they reopen that same email, you get a live read notification, you instantly take your phone and follow up. You win.
After we launched Missive in 2015, requests for a read tracking feature quickly started to pile up.
We built it.
When you advertise read tracking ability, the majority of users don't think about the intrinsic aspect of it, how it works and how unreliable it can be. They expect it to work all the time.
Behind the scenes, read tracking works by checking if an image in the sent email has been requested on a server. Each recipient receives a different version of the email with a unique transparent image. Each time one of those images is requested, the server matches it to a recipient and notifies the sender.
But… false positives and false negatives are very common:
The recipient may read an email without triggering a read receipt if the images were blocked/not downloaded. Many email clients have built counter-measures to block them by default, rendering them less and less accurate.
The recipient may not read the email and still trigger a read receipt if the email server downloaded and cached the image in advance. A lot of web-based email clients will do this.
When a user expects read tracking to be a source of truth, those false positives/negatives can cause weird situations.
There is no way to make this more reliable. All apps offering read tracking ability without explicitly mentioning to their users that it sucks, are doing false advertisement.
Now, a lot of educated users know the pitfalls of the technology, and use it with a grain of salt. From our support experience however, those are the minority.
With a minimal amount of creativity, it’s easy to come up with scenarios where people can misuse read tracking.
Let’s say you received a love letter (email) from a colleague, you are quite moved and touched by it, but feel it’s inappropriate and decide to not reply. But the words haunt you and you go back and read them again and again.
Now, if the love letter author inserted a pixel tracker, they can know every single time you did go back to that email, and read it again and again. Not cool.
This scenario is fantasy, I just came up with it. But for us, no need to be to creative, people would write us messages like:
Argh… no! Please, don’t do that with our product, please.
The legal landscape
We are no legal experts, but for us, it seems clear offering read tracking ability made us ride on the grey side of privacy laws like GDPR.
[... referring to email tracking … ] The data processing is secretly performed, i.e. no information about the data processing is provided to the email recipients from whom the data is retrieved. Furthermore, email recipients are not given the possibility to accept or refuse the retrieval of the information described above. In sum, differently from classical acknowledgement email systems, with these new products, the recipient of emails has no possibility to accept or refuse the acknowledgment information processing towards the software user.
The Working Party 29 expresses the strongest opposition to this processing because personal data about addressees’ behaviour are recorded and transmitted without an unambiguous consent of a relevant addressee. This processing, performed secretly, is contradictory to the data protection principles requiring loyalty and transparency in the collection of personal data, provided by Article 10 of the Data Protection Directive.
You can do mental gymnastics, but read tracking is a predatory feature, privacy wise. Is it legal for a provider like Missive to offer email tracking capacity? Is the burden of using it all on our customers’ shoulders?
This is all debatable, and a lot of our users, when preemptively announced we would retire read tracking, argued that many other apps (CRM, email clients, etc) still offered it.
For instance, Superhuman when faced with controversy for offering read tracking made it opt-in instead of opt-out, probably for that exact reason.
The major difference between us and them is size. Being legally challenged in court or fined would most certainly be a death blow for a small bootstrapped company. Not a risk we are willing to take.
Our competitor funded with hundreds of millions of dollars from Silicon Valley can certainly foot the legal bills, not us.
To summarize, read tracking doesn’t really work, can be weaponized, is most certainly illegal in many places and is potentially deadly to our business. Pulling the plug seemed obvious to the four of us.
This will affect our bottom line, some of our users will leave for competitors*. But today, we took a stance and it feels good.
And to end this post on a high note. We want to officially announce that we're actively working on a full-fledged calendar in Missive! You will be able to accept invites, add events and alerts, share calendars, and more! We estimate that it will be ready in under two months.
* If you are one of those users who cancel their Missive account, we offer to refund your last payment. Just contact us by email by October 15th, 2020.