Do not load external images in your email.

Your email client has a setting for "display external images". It should be disabled by default.

Text vs. HTML Email

A long time ago, emails were just text. You sent an email as a self-contained sequence of letters and numbers. You received the email whole.

From: To: Subject: Hello Hi.

At some point, we decided we wanted colors and typeface and images... enter HTML Email. Emails now have typefaces and colors and images.

From: To: Subject: Hello <h1>Hi.</h1> <p>Look at this cat.</p> <img src="">

Just like the webpage you're viewing, I send you a plain text document containing HTML. When web browser sees an

<img src="">

it conveniently grabs the image its referring to and shows it to you.

Read Receipts

Unfortunately, corporations, marketing teams, or over-eager recruiters can exploit this to determine not only if you've read something they've sent, but where and when you opened it.


They'll hide an image, in an email they send to me.

From: To: Subject: Hello <p>Do you want a JOB?</p> <img src="">

When I open this email, my email client encounters the <img>, and goes to their doug's malicious Recruiting Genius website to fetch it. The image's address was created unique to me, so these DOUG can see I've opened the email (AND my IP address. AND information about my device.).

What can I do?

Always disable the "Display external images" in your email account. This leaves you an option to selectively display images in only the emails you wish to see. When I receive, for example, an email with a barcode that I must see, I simply click the "Display Images in this Message"-- who cares if Amazon sees you've opened their email.

But Doug from RecruitingGenius... I SEE YOU.

NOTE: This is especially important with spam email. Spammers pay attention to who actually opens their junk mail. If they see you loading their images, they can be certain that your email address is a good one to keep bothering.

Back to posts

Copyright © Kevin Katz 2023.