What this scanner checks for
- โHidden 1x1 tracking pixels. Invisible images whose only job is to report that you opened the email, when you opened it, and roughly where you were.
- โKnown email tracking domains. Every image and link is matched against a curated list of dozens of tracking services, including Mailchimp, HubSpot, Litmus, and Mailtrack.
- โRedirect-based click trackers. Links that pass through a logging server first, so the sender records your click before you reach the real destination.
- โCampaign tracking parameters. utm_ tags and similar markers that tie your click to a specific marketing campaign.
- โSuspicious hidden images. Images styled to be invisible with zero size, zero opacity, or display none, even when they come from a source the tracker list does not recognize.
What is a spy pixel?
A spy pixel (also called a tracking pixel or web beacon) is a tiny, invisible image embedded in an email, usually just 1x1 pixels and often fully transparent. The image itself is nothing. What matters is that it lives on the sender's server. When your email app downloads that image, the senderโs server logs the request. That can reveal that you opened the email, when you opened it, your rough location based on IP address, and often the device you used.
The term โspy pixelโ went mainstream after a 2021 BBC investigation reported that the technique had become widespread in everyday email. According to analysis from email service HEY, roughly two-thirds of the emails its users received contained a tracking pixel. If you subscribe to newsletters or receive marketing emails, thereโs a good chance youโre being tracked this way right now.
How email tracking works
Open tracking
The hidden pixel described above. Each recipient gets a unique image URL, so the sender knows exactly who opened the email, not just that someone did. Repeat opens, forwards, and the times of day you check your inbox all become data points.
Click tracking
The links in a tracked email usually don't point where they claim. They point at the sender's tracking server, which logs your click and then redirects you to the real destination in a fraction of a second. That is how senders know which links you clicked, not just whether you opened the message.
Analytics tags
Links often also carry campaign parameters (utm_source, utm_campaign and friends). These are less invasive, but they connect your click to a specific campaign and feed your activity into the sender's analytics.
How to stop email tracking
1. Turn off remote images. Most email apps let you stop images from loading automatically. This defeats open pixels at the cost of clicking "load images" on emails you trust. Gmail users can also rely on Google's image proxy, which hides your IP address and location, though it can still confirm an open in some setups.
2. Use a tracker-blocking client or extension. Some email apps and browser extensions block known tracking pixels automatically. They work from tracker lists much like the one this scanner uses.
3. Don't give out your real address. Blocking trackers helps, but prevention starts earlier: avoid giving your real email address to every signup form. For downloads, trials, coupons, and newsletters you may not keep, use a free temporary email address instead. The tracking data attaches to a throwaway inbox, not to you, and the follow-up emails never reach your real one.
Frequently asked questions
What is a spy pixel?
A spy pixel, also called a tracking pixel or web beacon, is a tiny invisible image, usually 1x1 pixels, embedded in an email. When your email app loads the image, it silently tells the sender that you opened the email, along with details like the time, your rough location based on IP address, and the device you used.
How can I tell if an email is tracking me?
Copy the email's raw source from your email app, paste it into the Spy Pixel Scanner above, and scan it. The scanner checks the email against a list of known tracking services and also flags hidden 1x1 images and tracking-style redirect links. The whole check happens in your browser.
Is email tracking legal?
In most places, yes, though rules vary. Privacy laws like GDPR in Europe require consent for some kinds of tracking, and enforcement is evolving. Most bulk senders disclose tracking somewhere in their privacy policy. This is general information, not legal advice.
How do I block tracking pixels?
Three practical steps: turn off automatic remote image loading in your email settings, use an email client or extension that blocks known trackers, and avoid handing out your real address in the first place by using a temporary email address for sign-ups and newsletters.
Is my email uploaded when I scan it?
No. The scan runs entirely in your browser using JavaScript. Nothing you paste is sent to our servers or anyone else's. You can verify this by loading the page, disconnecting from the internet, and running a scan. It still works.
How accurate is the Spy Pixel Scanner?
Detection is heuristic. It reliably identifies dozens of well-known tracking services and flags hidden 1x1 images and tracking-style links, but no scanner can catch every tracker, and a clean result is not a guarantee. We keep the tracker list updated.
What is the difference between open tracking and click tracking?
Open tracking uses a hidden image to report when and where you opened an email. Click tracking rewrites the links in an email so they pass through the sender's server first, logging exactly which links you click before redirecting you to the real destination.
