Why are emails to me being opened in Tokyo?
October 10, 2014 8:26 AM   Subscribe

A friend of mine uses the SIDEKICK app (through g-mail ) to let her know when and where her outgoing g-mails get opened. She has told me that in the last few days all her emails to me (I have Yahoo, she has G-mail) show they were opened multiple times in Tokyo Japan. I changed my yahoo password immediately, but she continued to see my emails were being opened in Tokyo even after i changed my password.

I subsequently had another friend install either the same (sidekick) or similar program that tracks where his g-mails are opened and his program reports that my emails are being opened in my accurate location as WELL AS in Muenster, Indiana (but not Tokyo). Is this a blip in the Sidekick software, a function of how Yahoo routes emails, or is my email account compromised? Alternatively, could this also indicate that my friend's email account is compromised since the emails being opened in Japan are ones she sent? I cannot track where my sent emails get opened because the Sidekick program does not track emails sent out from Yahoo. Thanks, hive!
posted by Lylo to Technology (10 answers total)
Its how email gets routed across the internet...
posted by Mac-Expert at 8:54 AM on October 10, 2014

And it immediately raises the question about how to avoid being tracked by "services" like sidekick:

posted by Mac-Expert at 8:56 AM on October 10, 2014

Response by poster: thanks Mac-Expert. I failed to mention that she saw her initial email got opened 7 times in Tokyo at times when I was sleeping soundly and not accessing email. why would that happen? I appreciate the link!
posted by Lylo at 9:03 AM on October 10, 2014

Perhaps you could create a gmail account and send yourself emails with tracking images via Sidekick and also other services, to determine whether or not this only happens with your friend's emails or only when an email is tracked via Sidekick.

I haven't played around with this sort of email tracking much but at first glance someone else accessing your emails does seem to be the more likely explanation compared to all the other scenarios I can think of.
posted by XMLicious at 9:32 AM on October 10, 2014

Also, if Sidekick is telling your friend a particular IP address, you might be able to determine if it's an IP address used by Google or Yahoo, to try to rule out things they might be doing... like some kind of system testing or something involving spam filtering? But it seems weird to me that the images in emails would get loaded in the course of either of those measures.
posted by XMLicious at 9:41 AM on October 10, 2014

The way I'd naively build this service would be to include some kind of tracker GIF in the email and record downloads of that URL from reasonable looking browsers as "opened the email". This method has obvious potential for false positives whenever something else fetches that URL. It might be a virus scanner or spam detector (yours or your mail provider's), a helpful email program trying to download the link for offline viewing or any number of fun and interesting pieces of technology between sender and recipient. I consider one of those or a simple failure in the tracking software much more likely than an account compromise in the absence of other symptoms.
posted by themel at 9:57 AM on October 10, 2014

@themel -- that's how it works, yes. I would not expect a virus scanner or spam detector to pre-fetch tracking GIFs, but I suppose it's possible.

@Lylo - You could ask Signals support what they think is going on? They are likely to know if gmail virus scanners are hitting their tracking GIFs. I don't see anything about this in their support site, which makes me think this is not usual.
posted by richb at 10:26 AM on October 10, 2014

Actually, maybe this is Gmail pre-fetching tracking images. See Gmail blows up e-mail marketing by caching all images on Google servers and Gmail re-hosting / caching image URLs. I'm still surprised this isn't covered on Signals' FAQ pages.

The whole tracking image in an email approach is a bit creepy IMO. People don't expect to be tracked when they receive an email from you.
posted by richb at 10:29 AM on October 10, 2014 [1 favorite]

From the "how to block tracking" link they state that they're doing it via an invisible image. If I were operating gmail/yahoo, and I wanted to display images (which I turn off now that it's been made available) when an image was displayed, I'd download and cache the image, to scan for any malware (and to protect the user's ip). That opening/scanning system could be any system in my network - if it comes in during business hours, autralias' computers might have some idle time. Also, having a system either further away from the user, or just simple all global users get opened via one location, makes it that much less useful for invading a user's privacy.

What I wouldn't do, is by default pass an img tag with the original destination to the user.

That still doesn't answer why it would be opened multiple times; maybe they're trying to mess with the mailchimp (or sidekick, or whoever's) data.

Just like spammers try to abuse the email system, these tracking systems are working to abuse the mailsystem. Yes, it's much less bad than typical spammers, but if the mail providers are trying to protect the end users's privacy, that is going to mean giving poor/bad data to the trackers.

I really find it sad that mailchimp / email trackers are able to get as much data as they can; people should have their mail clients set up reasonably. And expecting live loading of outside elements is a horrible expectation.

TLDR: sidekick can't actually give good data; email is self-contained so unless the client does something stupid they can't know when/where a message is openedr. They're doing a hack that sometimes gets them good data for poorly setup clients. Email providers might decide to abuse that hack to poison their data in the name of protecting their users' privacy.
posted by nobeagle at 10:39 AM on October 10, 2014 [1 favorite]

My email is text only and I am sitting behind a NAT on a VPN where I randomly choose different servers...
Need to test some more to make sure its 99% tight.
posted by Mac-Expert at 5:35 PM on October 10, 2014

« Older Help me help my 11 year old brother grow up into...   |   I have all-clad discount paranoia Newer »
This thread is closed to new comments.