340 comments

[ 1.4 ms ] story [ 319 ms ] thread
(comment deleted)
Who the fuck views images in email?
many office workers.

lots of executives.

(comment deleted)
The people that don't pack them inside PowerPoint and Word attachments.
I can't think of any email clients that automatically download external images by default. The article seems to be over-blowing the issue a bit.
I think at one point Gmail was wanting to do that then didn’t do that.
Gmail does. This is great for privacy because it destroys the usefulness of the tracking pixel to the marketer.
Eh... Not really... It's pretty easy to generate a unique image url per customer and use that to determine whether a customer opened the mail or not and it's about the same cost as a traditional tracking pixel, complexity-wise.
Indeed, the three email tracking services I'm familiar with (HubSpot, Yesware, and Outreach) all generate unique URLs per recipient. The only information you don't get for Gmail clients is location, but you get the most valuable info which is if/when/how many times the email is opened.
I remember reading that gmail caches these images, rendering the how-many-times useless.
GMail absolutely caches images. The cache is primarily for performant delivery of data over mobile networks though and reduced load of repeat same-day viewing, and less for privacy.

While their cache is large, it's not infinite. If what you're interested in is whether a customer engages with an email multiple times over a few days, you'll likely get the pixel hits to confirm it over that time period. Of course, as you imply, you wouldn't be able to collect how many times an hour a single customer has viewed an email sent to them.

I have tested this and the cache expires pretty quickly. From memory 10min -30. I thought that was fine because its around about one hit per session.

You get enough good information. The IP address would be even better however.

Does Gmail download by default, whether you open the email or not?
Gmail caches by default.

The catch is that Gmail caches all the same images from the same servers, so email marketers get around it by serving tracking pixels with obscure, unique URLs per individual.

Geotargeting fails because it loads on GMail servers.

Yes, I understand the caching part. If Gmail proactively loads/cache the unique pixel before users open the email, then the email reporting is garbage. If they wait for the person to open the email, it is very interesting (even if repeat are not tracked).
I was confused on this, but it looks like the email has to be opened once for Google to cache the image.
How?

     https://jioegijogeijesgioegeg.tracking.example.com/niowefioe.png?sdgsdbuegiu=rojpopwmrmwk
has four places to store unique information.

Does Gooogle's proxy remove all of them?

Download via a proxy and cache the image when you receive the e-mail.

It's processed in the queue and opened. Was it the user? Did it hit Inbox? Where did it got opened? When it's opened? How many times it opened?

All these information's reliability got out of the window with a single optimization. You can't know how this mail was processed and it's fate. So, your tracking pixel and URL returned something useless to you.

My mistake. It looks like google still waits for an initial email view to cache the image. Kind of wish they would load images for unviewed emails too.
GMail displays them. It uses a proxy for downloading, but I don't think that matters unless they're preloading all images unconditionally upon server-side receipt of the message.

Apple's macOS Mail.app client displays external images by default, as does their iOS app.

on iOS: turn that off with Settings > Mail > Load remote images
recently i am seeing certain images still loaded, whereas in the past none loaded. i haven’t investigated what is different about these images yet, though. anyone else observe similar?
You can embed the image inside the actual multi-part message, and it will be shown without accessing network. It is usually used for logos, signatures and the such and, afaik, can't be used for tracking mail opening.
Could be images with image data included in the email, that don't need to load remotely.
I'm somewhat disappointed that Apple doesn't offer better default privacy for Mail.

Perhaps they can't figure out a good solution to differentiate between benign images and tracking images; it does seem like it would be nearly impossible to do so, but I wouldn't mind a) blocking external images by default, b) per-sender/recipient settings, and c) clearly displaying "invisible" images and warning about them.

Perhaps someone has some better ideas on how to fight this scourge?

I tend to think that the only practical solution is to block them entirely, but then malicious senders will send URLs that say "click here to view message."

Maybe HTML email wasn't such a great idea.

I think images stored as attachment aren't really a problem. If you really need to have images and care about the privacy of your users, just do that.
The problem is that it's easy to serve a company logo at example.com/images/${unique_tracking_id}.png that also logs the tracking ID.

How do you tell a unique tracking ID from PR-IMG20190312-023045-logo-MARKETING-COPY(5).png?

Yes, HTML e-mail is dumb. But even instant messaging assumes the ability to load/preview images from the web at this point, so probably no real options at this point.

macOS Mail.app -> Preferences -> Viewing -> Uncheck "Load remote content in messages"

Privacy defaults come down to usability vs. privacy; Apple making this so easy to toggle is fine by me as I care about privacy and tracking.

Now, it would be great if every macOS application walked you through privacy settings right after installation in the same way that I am offered a tour of the new features. Since there is no such "privacy tour", the community has discussed ways in which macOS can be hardened [1], [2].

1. https://github.com/drduh/macOS-Security-and-Privacy-Guide

2. https://news.ycombinator.com/item?id=18099835

Maybe the proxy removes metadata such as useragent, but often the pic urls contain uniquely identifiable information, eg a number that is unique to that email that received the email. That way you still leak that it is opened, how often, etc (unless they cache, I don't know).
Isnt the proxy downloading and caching the image before the user opens the email? If so doesnt that prevent tracking if/when the user actually opens the email?
It does not. That's how it should work, but it does not work that way. It downloads them on demand if and when the user views an email. So it protectes the users IP address from the spammer/marketter, but not the fact that the message was viewed nor when it was viewed.
The amount of email that is sent and not opened would probably destroy the origins - might be ok. But it would waste a huge, huge amount of bandwidth and CPU to download them which would open up an attack vector (DoS) on any email service that did this. Images can be legitimately very big...
I'm not convinced that this would be as big a problem as you're suggesting. If somebody is sending thousands of emails with html containing embedded images, the receiving system of those emails only needs to download each of those images once, and cache them.

Unless they're using different URLs for each image for tracking purposes. Which would become pointless if the images were downloaded immediately.

They could probably get away with applying size limits to images too, and simply have placeholder/broken images if the images are unreasonably large.

It would even work for people using normal IMAP clients if they attached the images to the email directly and switched out the href in the img tags to point at the attachment instead.

This whole thing could be a user setting which can be toggled. Defaulting to the most privacy friendly option.

> They could probably get away with applying size limits to images too, and simply have placeholder/broken images if the images are unreasonably large.

Or only allow inline images.

Unless I'm mistaken, Gmail's setting "Ask before displaying external images." should address this issue.
It does indeed, however it really ought be enabled by default rather than having to hunt it down in the settings, something most users won't do.
You can disable, showing images.

And then you get button to show images if you need it.

I prefer to use gmail this way, since most of the images are usually tacky signatures, or legal disclaimers or something else I don't need.

And if there are pictures you need there is show images button.

Last I checked some years back, in GMail an e-mail with a "footer.jpg?user@gmail.com" img tag will only load that URL when the user views the e-mail.
It's optional in gmail. I've had it disabled for years.
Are you sure that the iOS mail app loads these images by default?
Yes it does. It's one of the first things I disable when setting up a new phone.
You can disable the displaying in GMail.

Settings > Images > Ask before displaying external images

(comment deleted)
iOS mail, alas.

I just found it turned on. I forgot to disable it again after my annual OPSEC-cosplay device-wipe.

I've seen this expression here a few times and I don't mean to single you out, but arghhh!

The cos in cosplay stands for costume. Roleplay! Unless you are putting on a literal white hat I suppose, that would be cool.

It's figurative? The point is that they're pretending to be something they're not.
That would be larping. Not cosplaying. I disavow both.
And to elaborate on this

Larp = live action role playing. Where you act as your character, as opposed to table-top role playing, where you say what your character does.

Many third-party mobile email clients I've used in the past never gave you the option of disabling image loading, though some of them finally added the feature after many years (e.g. Outlook).
(comment deleted)
(comment deleted)
Apple mail will load them if you forward an email, even if you have remote images turned off. (last I checked)
Can Little Snitch and similar software be used to stop images, pixels, from loading and from being sent on a reply or forward?
yes, but although little snitch has managed to survive on macos, on ios you have no thing to verify or protect you.
Not only that, but the way the article came about seems to be a bit strange. Apparently the BBC asked Hey to some analysis on their emails, and have written what appears to be a publicity piece for them on the result.

Did you know that Hey allows you to block tracking pixels for the low price of $99/year? Now you do!

Not the kind of thing I'd expect to see from the publicly funded BBC.

The BBC has form on this. They periodically publish news articles reporting that a person's life was saved by the app What3Words, without mentioning the existence of similar proprietary and open systems.

See for example:

=> https://www.bbc.co.uk/news/uk-england-stoke-staffordshire-55... 2021-02-03 What3words: Stafford women rescued from flooded river after using app

=> https://www.bbc.co.uk/news/technology-49754820 2019-09-20 What3words: 'Life-saving app' divides opinion

=> https://www.bbc.co.uk/news/uk-england-49319760 2019-08-15 What3words: The app that can save your life

(Yes, that's the headline they used.)

=> https://www.bbc.co.uk/news/technology-47705912 2019-03-26 Three-unique-words 'map' used to rescue mother and child

=> https://www.bbc.co.uk/news/technology-40935774 2017-08-30 TEDGlobal: Three words that give people an address

=> https://www.bbc.co.uk/news/business-32444811 2015-04-29 Giving everyone in the world an address

They're even using the company's marketing materials for the images in the articles.

If I had the time or energy, I'd complain about all of the above.

(comment deleted)
My email client doesn't even have the capability to display images or download anything...

(It's mutt.)

ALL of the top 10 email clients download external images by default.
My Thunderbird doesn't. Is it no longer in the top 10? (Was it ever in the top 10?)
Hard to say since the data I'm aware of on email client usage comes from... loading images.

But Apple Mail, iOS Mail, Gmail, and Outlook alone are probably 80% to 90% of recipients.

https://mailtrack.io/en/

yeah. webmails open images by default so companies like these are charging top dollar for the priveldge

Roundcube doesn't.
good. i have recently switched to MIAB and the legacy has to be continued in parallel for some time but this is one of the benefits. nice
Anyone knows if pihole blocks those addresses?
Thanks for replying to the question i meant to ask! I will check those blocklist!
These lists seem great but aren’t in a pihole-compatible adlist format. Did you mean that one could take these and create pi-hole lists?
Hey.com is a good solution for automatically stopping emails that do this
Lol at the downvotes. I don't work for them!
If I were to guess, the downvotes stem from the suggestion that changing one's email provider to a specific other one is supposed to be a reasonable way to combat tracking pixels.

It's kinda like suggesting moving to fix a leaky pipe.

What's the history behind allowing external images in emails? Was it a size limitation?

HTML emails already use only a subset of HTML, so I don't understand why it wasn't trimmed down more to only allow images as data URLs or encoded in Base64.

Consider how many HTML emails the average person receives. Now add 2MB+ [0] for all the images that are attached to each of those emails. Then add the 33% overhead for Base64 encoding them. It adds up quickly. Before Gmail came along and drastically increased mailbox sizes, having images attached to every HTML email would quickly overwhelm typical mailboxes.

[0] https://www.litmus.com/blog/qa-with-mailcharts-on-email-file...

I suspect partly size but mostly tracking.

Images in email have been around since 1992 (RFC341 Multipurpose Internet Mail Extensions https://tools.ietf.org/html/rfc1341 ) and I don't remember when downloadable images got added to "text/richtext" but the concept of downloadable content is already there in section 7.

For legitimate email marketers these pixels are important to have because:

1. Helps to prune users who never open emails thus giving you a smaller more engaged list.

2. Helps to see if the content they are sending to users is leading to engagement so they can send better emails next time.

Yes, yes I know. Why even send emails in the first place.

All email marketing is not evil.

But legitimate marketers have businesses to run in the real world and without these little pixels they would be sending un-targeted and mostly useless marketing messages to legitimate subscribers.

The attitude you have that it's your right to know whether someone opened an email is the problem.

How you casually mention spying in to someone else's home and watching their actions as if it's perfectly normal is really creepy.

There's nothing 'legitimate' about those marketers, they're exactly the problem.

"engagement" is a proxy for "wasting their time". That's not something your recipients benefit from.
All of that is irrelevant. Someone wants to send me a message. That message may or may not be legitimate. There is nothing in the contract of messaging someone by email that says that I have to reply in any way, be it with an answer or with tracking information. There is in particular nothing that says that my email-reading software should go behind my back and send information back to the sender of the message. If it did that, I'd be furious.

What you are suggesting does not fit in the medium of email, independent of the legitimacy or intentions of the sender.

Add buttons in your email - "I want to know more" - "It's too expensive" - "Leave me alone"

All open rate tells you is that your subject line was click-baity but the user have no interest in your content

The same tracking functionality can be attached to logos in the email without raising any suspicion.
Who blocks (attempts to block) tracking pixels but allows other remote images? How many clients even offer that?
I think I can allow images from the same domain as the email, while blocking other images. If not, I think that could be a useful feature to have.
Thunderbird lets you select by image domain, which can be telling. However it is still guesswork.
It can be attached to any remotely accessed image.

IIRC, Facebook were using audio tags at one point for email tracking.

This goes beyond nefarious marketing purposes - I know lots of people who have started to use open trackers in their personal emails!

In a certain way, for people who are now very accustomed to read receipts, it's a way of adding a modern feature to a legacy product.

Read receipts are generally something the recipient agrees to and are visible to both parties or none. A tracking pixel is secretive and the recipient gets no benefit or choice. Very different implementations.
Is it a privacy concern if somebody sent me an email with my consent and wants to know whether I read it or is it just creepy if they start telling me That they saw I read the email?
If you're running a mail newsletter, this tracking is pretty important. You're supposed to stop sending emails to someone who's not interacting with them, or you get an extra point towards being flagged as spam. Since people are already weary of clicking the unsubscribe link and instead casually mark everything as spam, every little bit towards keeping your reputation counts. It's a damned if you do, damned if you don't situation.

This is the reason why I had to implement a tracking pixel on https://hndigest.com

Tangentially related anecdote: I also had to implement redirects instead of direct linking to the stories: At one point a URL with the .tk TLD was at the top of HN, and as soon as I sent out the first email with that story in it, my email sending service immediately flagged my account as a spammer and blocked all my sending, because the .tk domain was such a red flag. Since then I redirect all stories through my own domain, to avoid any other TLD red-flags from crippling the service.

It's difficult running a legit DIY newsletter, every party involved is super suspicious and one wrong move or mistake can end it all.

Edit: A lot of people are wondering about why I think people press the spam button instead of unsubscribe, so let me elaborate a little more. HNDigest uses double opt-in (you receive a confirmation email which you need to click on before you're subscribed), listens to all feedback loops, has an instant unsubscribe button. We never spam or send emails that weren't requested by the user. By all accounts, it's a legit newsletter and I try to be as above board as possible.

Yet 30% of all unsubscribes happen because someone has marked the email as spam. I know this because this generates a notification on the feedback loop, and then I immediately stop sending of course. These are the facts. So, assuming HNdigest is not actually spamming (which is something I do believe), 1 out of 3 people click the spam button either by accident, or to unsubscribe.

Does this mean I’ll be automatically unsubscribed from a mailing list if my mail client doesn’t load the tracking pixel? How long does this take to happen?
Yes, if that newsletter is using best practices. The recommended period is 90 days I believe, but you can get send an email asking if you're still interested (and in that email, there will be a link you should click if you want to stay subscribed).

You may have had this happen before and probably thought that was just a scammy way to get you to click a link, but in fact it's completely legit.

> Yes, if that newsletter is using best practices.

Clearly that would be worst possible practices.

(comment deleted)
Don’t understand the downvotes. I block all the images by default so I assume I’ve been a victim of such a “best practice”. Also with hey.com auto blocking spy pixels I just don’t see how this is still a best practice
I don't load tracking pixels and I've never had it happen to me that I got unsubscribed because of that. I would be quite upset and would not consider it "best practise" - quite the contrary!
I would not consider it "best practices" to automatically unsubscribe someone who legitimately subscribed. Have a double opt-in, and then assume they're interested until they explicitly unsubscribe.

I'm subscribed to some mailinglist that I don't actually read but would be upset if they auto-unsubscribed me, because if I'm ever interested, I want it to be there.

What I described is literally listed under "best practices for bulk senders" by Gmail. These are hoops I'm not fond of jumping through either, obviously, but if Gmail marks all my email as spam I lose 4000 subscribers overnight so I do what big G asks me to do.
I checked and found this: https://support.google.com/mail/answer/81126?hl=en

It doesn't mention pixels anywhere, though.

It does contain the line:

> "Consider unsubscribing users who don’t read your messages."

But that's only after lots of mention of opt-in and unsubscribe options. And ultimately, you can't really know whether users read your messages or not.

I'm glad you agree that it is indeed considered a best practice to automatically unsubscribe someone who legitimately subscribed, when they don't read your emails.
I guess blindly assuming that I agree fits the pattern here. I was actually pointing out that you cannot know whether they read your emails or not. Unsubscribing them before they don't load remote images is not the same thing, and is making a lot of assumptions that will be false for a lot of people.
What else do you think Gmail means, when they give those recommendations?

Using a tracking pixel isn't perfect, but like what peter said in another comment somewhere here, it's the best we've got. If you want to implement Gmail's (and other ISPs) best practices, then you need to do tracking of engagement. Just because you don't like it, does not mean that is not considered best practice. Just because it won't be 100% perfect, does not mean it's not considered best practice.

You may disagree that it should happen, but you cannot factually say it is not a best practice.

Tracking pixels are the closest we have to determining whether somebody opens (& hopefully reads) the email. Click rate is the next best thing but unless you are an incredible marketer it will be far below open rate, possibly 1/4 or less. What Google is implying there is to use tracking images and automatically unsubscribe users that don't load them after several messages.
Google is not explicitly saying to use tracking images. That might be the only possible implementation of this advice, but they're not explicitly telling you to do this. Also, consider their use of the word "consider". It's not a hard rule to them.

And personally, I still think it's a bad idea to automatically unsubscribe people who are interested in your newsletter merely because they're not loading images. At the very least, make it very explicit that you're going to do this, and maybe give them the option to turn the auto-unsubscribe off.

But email clients let you set “do not load remote images”. I set it for the Mac app. How can a best practice be one that conflicts with easily toggled options and not weird settings.
Feel free to complain to Google, Yahoo et al about this. I'm just the messenger and engineer who needs to cater to their rules or risk getting kicked out.
One of the reasons I get weary of going through the unsubscribe route is that it's always a gray-on-white link incredibly hidden at the bottom of the email, like every single time. It's a miracle it's there at all. It'd be much simpler to have it at the top and actually visible by eyes instead, if you just want to keep engaged users on your list.
There should be an unsubscribe email header for newsletters. Then it could even be a feature for mail clients.
There is and some e-mail clients use it when it's present.
(comment deleted)
There is, just many email marketing people leave it out to cut down on the unsubscribe rate. Subscribing has to be easy and in-the-face (like those 'helpful' popups on websites), unsubscribing has to be almost impossible. Not totally impossible, mind you, because otherwise courts get angry.

Better email clients know to use the header, and e.g. gmail even asks about properly unsubscribing when marking a newsletter with that header as spam iirc.

IMHO if you don't use the header that makes it easy for people to unsubscribe then you don't get to complain about people Marking Spam instead.
Gmail has this, it's in one of the dropdown menus. If you mark something with the right email header as spam, it even ask if you wish to unsubscribe instead.

Spam companies often use this to check if the email address they've targeted is real because they get callbacks from legitimate users. I've only seen one or two legitimate uses of the header as far as I can remember.

in one of the dropdown menus

As if gmail ui wasn’t already obscure af. They could make “don’t want this anymore” button that uses unsubscribe header first and if it doesn’t work, mark it as spam automatically. Many shady practices would disappear at that same moment, but who cares when making six figures a year.

If only email could work as a modern instant messenger - no spam, reacting to explicit and well-defined user intents, allowing file transfer without limitations that render that function useless, and delivering messages in less than a second.

This isn't exactly what you proposed, but if a sender did include the list-unsubscribe header and you click "Report Spam" instead, Gmail will ask you if you want to unsubscribe as well.
I think it used to be more prominent on gmail. Now it's a little link next to the name of the sender at the very top when the email is opened. But not all list messages have it, and for some, gmail even hides the unsubscribe link below a [Message clipped] link to the full email.
I’ve seen something like this on Apple Mail.
I can't tell if it's sarcasm. Just in case it is not: there is already such a standard header, it's List-Unsubscribe and it's a used by all mailing lists and "legit" ads I can think of. (And may of the "high quality" spam too.) https://tools.ietf.org/html/rfc8058

It is unfortunately not implemented by most email clients.

Maybe email clients should show that unsubscribe button then. And also, when someone reports something as spam that has a legitimate unsubscribe link, offer to unsubscribe instead.
The macOS mail client shows an unsubscribe button.
The iOS default Mail app too.

AFAIK, Gmail does as well.

I'm not sure why people would be wary of clicking the unsubscribe link on something they explicitly subscribed to in the first place. I mean, they trusted you enough to give you their email address to subscribe in the first place, right?

The only scenario I can think of is when people didn't intentionally subscribe or were coerced into subscribing and those newsletters can go to hell and fully deserve to be marked as spam.

I think the original commenter really did mean weary and not wary. It's just a pain to be constantly unsubscribing from things, most of which you probably didn't intentionally subscribe to in the first place.
I did indeed mean weary.
People often forget what they signed up for, especially if the newsletter is relatively infrequent. This is to be expected, given the large volume of newsletters and spam.
Is it really a big problem then? People who care about reading the content would counteract the problem even if it does get flagged as spam. Ultimately if your content is of any value then people will find a way to read it and the spam filters will learn from that.
> The only scenario I can think of is when people didn't intentionally subscribe or were coerced into subscribing and those newsletters can go to hell and fully deserve to be marked as spam.

Yeah that's the better part of 95% of them for me.

It seems like a non-problem, ie the system working as designed, and the GP is just misled by "best practices" peddled by email marketing scum?

If you're running a legit newsletter that people want I can't imagine enough people would be marking it as spam for it to actually affect your reputation.

> Yeah that's the better part of 95% of them for me.

100% of them for me because i don't want any stupid newsletters. Yes, all of them go into the spam folder.

For some business that I otherwise am a customer off i also forward their shit spam to their support and tell them to unsubscribe me, even if they have a link. For the simple reason that if they feel like they can waste my time with their shit, i'm gonna waste theirs too.

I've unsubscribed before only to find myself subscribed to a bunch of similar things instead. Clicking a link confirms your address reaches a person and is therefore worth spamming. Plus the risk of phishing. Plus the dark patterns in the unsubscribe UI.
> Clicking a link confirms your address reaches a person and is therefore worth spamming

I think this is received wisdom that might have been true 20 years ago, but doesn’t stand up to scrutiny.

I use unique email addresses for everything, so I know where emails come from. More than once in the last two years I have unsubscribed from lists using the unsubscribe link, only then to have that email address received emails from new sources.

So for me, it does stand up to scrutiny, it still happens.

I don’t think you’ve proved implication here though; as plausible an explanation is simply that the original source has sold your information on regardless?
It's the timing that makes it suspicious. It's exactly for this reason that I usually don't click the "unsubscribe" link for the first few emails I get. After all, if it's a one-off, why bother?

But I have scripts that count them, and when they get to five I then make the decision. Again, sometimes I continue simply to bin them, but sometimes I click the unsubscribe link. Mostly then they stop and there's no additional problem, but more than once that address has been used on other spam emails, and only after the unsubscribe.

Do you have actual evidence that it doesn't happen? You might, as others have, be arguing that it's not worth the spammers' effort. But setting up a script triggered by an unsubscribe is pretty trivial, and emails can then be sold at a premium, accompanied by a certificate of sorts that the address is valid.

So maybe it is worth their while.

I run https://www.emailprivacytester.com - People will visit my site, enter their email address, receive an email from me, click the "confirm" link in that email, then once confirmed that they control the email address, go to another section of the website and send themselves a test email.

Then they will go into their email client and click the spam button on both of the emails that I sent them. The confirmation email, and also the test email.

Even though they requested these emails. Even though both emails have an unsubscribe header and link which takes them to a place where they can opt-out in perpetuity from receiving any further email from me.

I know this, because I get feedback loop emails when people do it.

This happens regularly.

They do that because they have no guarantee that a site will respect an “unsubscribe” request, and it wouldn’t drag them through a shady multi-step “but why” dialog, and it wouldn’t send them another email with “Dear sucker, we see your request and sadly have to react, but you know how these servers work, right? Wait for a week or twelve before all our systems are aware that you wanted to unsubscribe from one of our many non-enumerable spam channels. And if they don’t, feel free to repeat, best regards”. Fair players like you are so rare these days, and to them you are yet another nobody who gets rich on ads and spam.
I think you're missing the point. They opted in to receiving my email. They handed over their email address to me and requested that I send them an email.

They then told their email provider that the email they requested was spam.

I've considered putting up a page with a list of these peoples email addresses, but I feel like it would end up causing me more problems than it's worth.

[edit] There should be a system where I can prove to an email provider that I was in fact given permission to send to an address (for a period of time, and/or for a specific quantity of messages). If there was a standard email header where you could stick a callback URL like:

  Request-Permission: url=https://www.example.com/callback period=1D count=10
Then when e.g Google receives this message, they could have some sort of UI to say "The sender of this email wants permission to send you up to 10 emails for the next 24 hours". The user when then click yes or no. If yes, Google would fire off a request to my callback URL, so both me and Google knows I have permission. Google could then skip/reduce spam filtering for those emails then too.
They opted in to receiving my email. They handed over their email address to me and requested that I send them an email.

Yes. It’s clear that you have no intention to reach them afterwards. But to them it is not so clear, and they mark these innocent letters as spam preventively, out of habit, cause other sites committed abuse in the past and they don’t want to test yet another service’s good nature. Much easier to ban you forever and forget about that, even before you did something unexpected. I know it’s unfair, and I don’t act like that, but they can and some of them do. No time on their hands to differentiate. Modern email culture is rotten to the core and popular email services only cultivate that.

Maybe a “click here to receive future emails” button in gmail that basically added your sending address to their spam filter allow list, and sent you a feedback loop email.

Once pressed, it would replace the “spam” UI element with “unsubscribe”.

Yes, I do it then, but also I get stuff where I've never had anything to do with the company at all even, not just ordered something and not agreed to receive marketing emails.

Sometimes the spam/phishing line is hard to draw (especially without clicking a link and seeing what they try to make me do) and the 'unsubscribe' link is clearly just part of it, too.

Does anyone know what 'report phishing' actually does in Fastmail? I've had to use it a lot recently, and could easily create a rule for when I've been doing it, if only 'report phishing' was an available action. That it isn't makes me wonder if there's manual review or something so they don't want so much bulk? (And in that case probably also don't/want need my tens of ~duplicates a day.)

I believe it's because even though most newsletters are acting 100% legit (it would be pretty hard to keep going if not), there's always a few that would act like jerks and not actually unsubscribe you, or make you jump through extra hoops. Even if that's only 5% of the newsletters, those are the times that you as the reader would remember happening. A smooth unsubscribe experience is not memorable.

It's worse because the next time you receive a post from a newsletter you unsubscribed from, which may be weeks after you unsubscribed, you may actually start doubting if you did unsubscribe from them. There's no way to know, and this seeds some doubt in your mind.

So the next time you want to unsubscribe from a newsletter, legit or not, you're just going to press the spam button because there's no downside to you as the reader, but there is the upside that your mail client will from now on keep out the newsletter posts no matter if the newsletter would actually have unsubscribed you or not. Basically the "mark as spam" button is a 100%-unsubscribe button, while the unsubscribe button is a 95%-unsubscribe button.

I don't believe the situation of malicious actors in newsletters is actually as bad as some HN comments make it appear. Most legit use double opt-in and have good unsubscribe policies. As usual it's the few bad ones that ruin it for everyone.

And then there are services that require you to log in to unsubscribe...
I've only run into that once personally. It was a major US business that I signed up with. It violated the CAN-SPAM law, so I marked it as spam.

I'm not sorry if I threw anyone's metrics off, they broke the law, they spammed me, it's on them.

I encountered one where trying to unsubscribe required me to not just log in, but, if I wanted to change my email settings, also enter a password. However, this site used single sign on, so... there was no password to enter.

I've given up on unsubscribing the 'right' way. Too much bs most of the time. It's now just mark as spam and move on.

> the unsubscribe button is a 95%-unsubscribe button.

I wish I had a 95% success rate when trying to unsubscribe...

I keep a pretty tidy inbox by studiously unsubscribing from advertorial mail as soon as I receive it. I make no exceptions. Consequentially, it's fairly easy to notice when an unsubscribe action didn't work.

I've noticed a few times that a company I have unsubscribed from years ago will suddenly start sending me mail again. Usually I'll just re-unsubscribe and they'll go away again.

I've also had it several times that I clicked on an Unsubscribe link and the resultant page indicated I had been removed from the list but I continued to receive mail noticeably past the date indicated ("it may take up to a week for your name to be removed, as some mail is queued in advance"). Conveniently, when I followed the link with my ad blocker disabled the request succeeded (without any change in appearance), but I actually stopped receiving their spam.

I can't say anything about email newsletters, because I don't subscribe to them.

The resending emails after a few years after I unsubscribed happened to me once. I marked it as spam, and it still shows up in my spam folder. It seems like a noble company, but as far as I can tell, they broke US law while spamming me, so I will not lose any sleep over it.
>I'm not sure why people would be wary of clicking the unsubscribe link on something they explicitly subscribed to in the first place. I mean, they trusted you enough to give you their email address to subscribe in the first place, right?

You're assuming that they willingly signed up for it and weren't added to the list because of someone selling their data to another marketer, a dark UX pattern tricking them into signing up for the newsletter when they made a purchase, etc.

> those newsletters can go to hell and fully deserve to be marked as spam.

I tend to agree. Also, newsletter that try to track me with invisible pixels can go to hell, too.

(comment deleted)
And also because of this, if you're blocking tracking pixels in a privacy conscious way you often get removed from the mailing list without any notice, which is very frustrating.

Or you get one of those mail saying "We are removing you from the list because you don't read our newsletter", often without offering any other confirmation signal. Basically they says "Let us track you or you are out of this list".

And this is also the result of marketing people who look at ways to increase the "good numbers", more likely to show to their bosses. They don't actually care if you read or enjoy their content, you are either one of the users who increase their opening and click rates, or you're a useless burden to them.

> you often get removed from the mailing list without any notice

Seems like nothing of value would be lost?

> They don't actually care if you read or enjoy their content, you are either one of the users who increase their opening and click rates, or you're a useless burden to them.

Confirms that indeed nothing of value would be lost. It seems like a win-win situation, spam-letters you wouldn't want to read anyway eventually remove you off their spam list because they can't stalk you.

I, and I imagine many more people, block all external resources by default, which has gotten me removed from a mailing list I was interested in.

Although I will give you that the vast majority of auto-removals have been beneficial for me.

Obviously true and it's sad that newsletter spammers would down vote you. Who else would even find your comment controversial.
> Seems like nothing of value would be lost?

That would depend on the newsletter. Some newsletter provide lots of value for those wanting to keep up to date with minimum effort.

It could also be a newsletter you need to monitor for work purposes.

> They don't actually care if you read or enjoy their content, you are either one of the users who increase their opening and click rates, or you're a useless burden to them.

No they care more that you don't reduce their deliverability rate and that is affected by email service providers deciding if you're not opening the email you're not interested, not reading and enjoying the content and therefore and don't want the content.

>Seems like nothing of value would be lost?

A lot of value could be lost. There are one or two newsletters I get by email which I read frequently and may contain extremely valuable information (i.e. could result in a significant sale). It could easily be a pretty significant loss to the company (and me) if they stopped sending them.

Counter-anecdote: I’ve heard of people saying this, but never experienced it, except for the Daily UI mailing list that I once signed up for and received one email, but no more—until over a year later I tried loading remote images on that first email, then it switched to the daily progression.
Terrible. Just send a verification email that says explicitly that you need to either respond to it, click a button or load the images on that email to receive further mails.

Leaving people in the dark about this sort of requirement should be considered an anti-pattern.

People hate that as well, as can be clearly seen in the comments on this story. It's basically impossible to do right for everyone.
Honesty is always the best solution in my opinion. Send a verification email when someone subscribes. In the verification email, put a "yeah, I want this" link, and explicit "unsubscribe" link. If you also want to consider loading remote images to be valid verification, then say so explicitly in the verification email, and explain they may get unsubscribed if they don't either click the link or load the images. Explicitly unsubscribing will always override the other options.

Unspoken assumptions are always going to be wrong for some people.

For subscribing, you just described double opt-in and that already happens.

When unsubscribing, users are very sensitive to any subsequent emails (just read the other comments in this thread). Sending an email to confirm their unsubscription might annoy a lot of the users, or will make them doubt that you're above board ("legit" newsletters boast about not sending any emails after unsubscribing, so this is a little red flag) - they will then flag that email as spam, and then we're back at square one.

They also get annoyed when you ask them to confirm that they still want to read the emails.

And Gmail will flag you if you keep sending the emails when they're not opening the emails.

I think there really is no good solution here.

There is no perfect solution but I think annoying some users by sending them an additional email to confirm what you are doing is preferable to annoying some other users by taking actions without informing them. Honesty really is the best policy.
The problem is that doesn't stay contained for those few users. If a certain number of users mark your confirmation email as spam, your reputation suffers and there's a higher likelihood that suddenly your emails get sent to spam for all other users, because of that reputation hit.
If sender reputation is tracked that way, maybe reporter reputation should be tracked the same way. If someone reports a legitimate confirmation mail that they signed up for, as spam, then it's the spam report that shouldn't be taken seriously.

Overeagerly classifying legitimate email that someone subscribed to as spam is no better than classifying spam as legitimate. Especially on a system like GMail where one person's incorrect classification would lead to other people not receiving their subscriptions in their normal mailbox.

Certainly.

But that is not how it currently works.

I’m continuously surprised to learn about all the little ways Google makes my internet experience worse, even though I don’t use their services.

Is there a reliable way to tell if an account is forwarding to Gmail? That way, you could reserve your spammer tools (not judging you for using them) for gmail users, and treat the rest of your subscribers with the respect you clearly intended.

Part of the problem is that so many of the 'actions' people take with email are invisible to the sender: If the recipient marks you as spam, filters you to junk, blocks you as a sender or their client/provider auto-files you away somewhere, you as the sender get no indication of that. People won't click links in emails they've never opened, let alone read. 'Verification' tends to decay over time - even if I clicked that "yes, I definitely want this" link 6 months ago, it doesn't mean I haven't junked you since.

The reason "You haven't loaded images for n months" is used as a signal is that there's a cost in sending unwanted email to people, and there's often no other way to know if you're wanted or not.

What I do with the email is invisible to the sender and it's ok. It's actually the way it should be.

I clearly expressed interest in your newsletter by confirming the double opt-in.

It's also ok if I open your newsletter only once in a while, I may be busy, or I only want to read your content when its title click something in me.

The most successful newsletters respect this and did so for so many years. They never messed up with my subscription. I will never mark them as spam because I trust them. And there is a clear unsubscribe link in every one of them that I can click if I change my mind.

This is nothing new, Permission Marketing from Seth Godin is what, more than 20 years old now?

Instead, automation looks always fun and clever, until your growth-hack goes wrong.

> Instead, automation looks always fun and clever, until your growth-hack goes wrong.

"We found we can increase the number of people subbing for the newsletter by skipping double opt in"

"Why are we getting so many spam flags?"

Because the increase you gained was all the people who didn't want it, cosmic brain. The people who wanted it already had it.

This is a bit of confirmation bias, I think - successful newsletters have enough reputation that the reputation loss from low open rate or higher spam flag rate is offset.

Newer newsletters don't have that reputation, so they are more heavily penalized for low open rate or higher spam flag rate. Thus, they need to react more quickly to users invisible actions or risk damaging their reputation. I don't think this is a growth hack, I think this is a necessary action as a new entrant in a very unforgiving space - see some stories upthread from legitimate newsletters.

While your actions are invisible to the sender, they are _not_ invisible to your email provider, and ultimately they are the ones who make reputation decisions that can destroy a newsletter.

But it's much worse for the operator of the list to take actions which are invisible to the user. That's why I agree with mcv's point here. There is no perfect solution, someone will always be unhappy, but I think it's preferable to send an additional email to your user explaining "if you don't do X, then we will do Y".

They may well consider this email to be an annoyance, but I think that's better than making an assumption, taking an action and leaving users in the dark. Some will prefer that, but some will be confused about why your service isn't working for them.

This is exactly what we do on our newsletters, but to be fair "not loading images due to privacy concerns" is an edge case and I could understand a lot of mailers not thinking about it or not caring about it.
It is literally the default in Thunderbird and probably configured in a bunch of outlook settings. It is not the default in gmail, but it is not rare.
Thunderbird is the only one with that default and it has a <1% market share.
Hell, my credit card company reverts to sending me paper statements if I haven't viewed their web bug in a long enough time. Doesn't matter that I use this advanced tool called a calendar to download the statement every month from their website.

So my reward for protecting my electronic privacy is to have my privacy violated through the USPS.

>So my reward for protecting my electronic privacy is to have my privacy violated through the USPS.

You think the USPS is reading your credit card statements?

I have one mailing list I'm on where I get this all the dang time, and have to respond and tell them I'm reading, just not displaying tracking pixels.
That explains few thing, but I guess it means no more newsletters for me.

It's not just tracking. I generally feel email is more useful with html on and pictures off. You automatically skip most colorful signatures , headers, legal whatever's ..., while still getting nice formatting

Thunderbird’s "Simple HTML" view is really nice for this. It’s basically Firefox Reader Mode.
This wouldn't work at all for me although I'm probably a minority. I never load any images unless I need to see them for some reason, which is extremely rare. I'd get unsubscribed from your digest but bad actors don't do this and would just keep sending me crap.

(Edit: I just read both Thunderbird and Protonmail do this by default, so maybe I'm not too much of a minority?)

(comment deleted)
It’s super annoying that other people’s spam habits hit you.

For a while I couldn’t receive email notifications from Facebook because so many other gmail users marked them as spam, so no matter how many I unmarked, I was screaming in the wind.

Fair enough that other people don’t wanna deal with that crap, but it should still be my prerogative to receive them.

I first gave up, and later decided I didn’t care. But for a while I thought it was clever to have an immutable archive of Facebook interactions (those notifications used to include full text of posts you were tagged in or that was written on your wall as well as new messages)

You can create a filter to ensure that address is never marked as spam.
Depends on where you get your e-mail. I use outlook.com for one of my email accounts and there are things that it has decided are spam no matter how many times I mark as not spam and “add to safe senders.”
Honestly, if people get what they want and a lot of tracking is stopped they'll probably find the quality of their internet experience reduced. There are lot of things companies do that privacy people dislike but is only there to improve user experience.
Tracking is already stopped for lots of people through plugins, containers etc., and we like it. It doesn't actually change the user experience, except maybe to stop some of the creepier features working, and speed things up in general.
But you haven't actually felt the effects because they're able to do enough of it to improve UX. And this thread is full of people complaining that once they stopped tracking in emails they were getting unsubscribed from newsletters they were reading. So, not everyone is enjoying it.
And this is an example of worsening the user experience, where the previous comment is claiming that tracking improves it. There is absolutely no benefit to the user experience with the tracking here, only downsides; it is a punishment for disabling tracking. The only actual reason to track mail opens is pay-per-view advertising, everything to do with monetization and nothing to do with improving the UX.
No, I said things that people consider privacy breaching actually improved UX.

And this is an example of stopping tracking worsening the user experience because the tracking improved user experience by removing people who aren't interested in the list.

> And this is an example of worsening the user experience, where the previous comment is claiming that tracking improves it. There is absolutely no benefit to the user experience with the tracking here, only downsides; it is a punishment for disabling tracking. The only actual reason to track mail opens is pay-per-view advertising, everything to do with monetization and nothing to do with improving the UX.

No it's not it's all about deliverability. Literally, they get penalties in their deliverability if they keep emailing you stuff you're not interested in.

It's not a penalty if you choose to go againist the grain and suffer the negative effects. Stop blaming others for the negative effects of your choices.

> Since people are already weary of clicking the unsubscribe link

Can you please elaborate on this? Do you mean people intentionally avoid this because it leads to the advertisers marking that as "read" and therefore a live user?

Asking because I recently purged my old emails which had thousands of emails, they obviously never stopped sending even with zero interaction.

But my method was to click the unsubscribe link which I was afraid might give them more information about them and doing the opposite of what I wanted. I know some didn't even respect the unsubscribe, I took note of which ones I explicitly clicked and they're still sending spam to me.

I don't think anyone should be scared of pressing the unsubscribe button in 2021. This was a common belief back in 1999, but I don't believe that should be anymore: spammers (legit spammers) don't care that there's an actual person on the other side. If the email address did not exist, the legit ISP's would have sent a notification on the feedback loop to the newsletter already, saying that this address does not exist. I think there's nowadays very little gain if any for bad actors to be had by letting them know you exist by clicking a link.

My belief about people being weary of the unsubscribe button are elaborated on here: https://news.ycombinator.com/item?id=26164450

If I know who the email is coming from, then yes, I use the unsubscribe button.

But I definitely don't click on unsubscribe buttons in unsolicited mail when I don't really know who it's from. It could be an attempt to identify a valid mailbox (and spam me more), or it could link to malware.

I will tell you about my scam anecdote. I had been receiving an email once every few months for several years about the possibility to create an account on the website of my electricity provider. All of these emails were suspicious because of the very diverse and weird emails used by the sender, usually a slightly different one for each email. After a few years, I thought that these might be legit and clicked on the link provided in the email. I did not put in any personal information, and did not end up creating an account on their website. The week after, I received phone-text messages about some debt payment for electricity bills. I even received phone calls about it. Unless it is a coincidence, the people on the other side of this well-elaborate scam had to know my email and my phone number, and started the phone scam after they noticed I fell through the email scam. They tried to get me to pay their fake debt, which had always the same ID number, but a different amount of money to pay each time (sometimes lower than before). And they did not know my name: I know this for a fact thanks to the brief amount of time I spent on the phone with one of them. They thought I was someone else. They kept spamming my phone with text messages and phone calls around 8 a.m. or noon, once or twice per week. After ~9 months of them being blocked by me (I could only block the phone calls, the text message still went through, because they went through some kind of public advertising proxy with 5-6 digits), they completely stopped.

So yeah, rule number 1 of email protection should be: do not tell the scammer/spammer that you actually use this email address. In case of a doubt, click the "spam" button, block the address, but do not click "unsubscribe." Only click "unsubscribe" if you trust the sender, because once you have done it, your email address is suddenly worth a lot more, especially to bad actors.

> You're supposed to stop sending emails to someone who's not interacting with them, or you get an extra point towards being flagged as spam.

It's a bit more complicated than that. There are many reasons why a pixel may not fire but the email is still read, and there are many ways pixels can record false positives.

Relying on email opens is really not a good measure of engagement.

Sadly, inbox placement is almost impossible to measure without email open tracking as feedback loops from gmail/hotmail/etc are just not good enough.

Relying on email opens is really not a good measure of engagement.

It's not, but it's what we have. It's a bit like how counting podcast listeners based off of downloads is a terrible system too but it's all they have to go on (I'm subbed to hundreds and don't listen to 99% of episodes).

Redirecting through your own domain sounds like a good solution - not sure how I would do that with my Netlify/Nuxt based site though.
you'd have to control the domain DNS MX records. most registrars allow this unless you have an email package attached. i doubt these template sites allow for such control if your site is just a subdomain of theirs
Yeah, I use GSuite so have email too. Netlify is a host not really a template.
> Since people are already weary of clicking the unsubscribe link and instead casually mark everything as spam, every little bit towards keeping your reputation counts.

I'm always looking for the super hidden unsubscribe button. I don't move to spam. But sometimes I get mails without even subscribing, and that is far worse.

I totally agree! I completely understand why one would start pressing spam instead of unsubscribe, for this reason.
I can confirm this.

I was frustrated at some points when I was on my early day with my news letter and AWS SES. I don't know why people spend time to register for my news letter, after reading through the archive. Yet, they chooese to mark email as spam even though we explicitly have an unsubscribe link and require double opt-in.

For AWS SES, you have to maintain spam rate at <0.1%. And AWS has their own way to pick sample set of emails.

So yeah, it's really important to manually unsubscribe people that won't read email. Don't even attempt to make a final email to ask them if they want to be remove because you risks another "mark as spam" click.

Wait, does this mean that if I legitimately subscribe to a mailinglist I want, but I use a mailreader that doesn't load these tracker pixels, I will get kicked off the mailinglist? That is terrible.

I'm surprised that people still press spam for a double opt-in mailinglist. Double opt-in is the right way to subscribe, click unsubscribe is the right way to unsubscribe.

People reporting that as spam should probably have their spam reports ranked as illegitimate.

However, plenty of mailinglists are spam. Sometimes I get newsletters in a language I don't even know. Maybe someone entered a wrong email somewhere and the list never verified that it's correct. Sometimes you subscribe to a bunch of spam if you forget to uncheck a checkbox somewhere. That stuff is not something the user explicitly asked for, and the user may have a hard time distinguishing it from spam or phishing, so I can understand reporting that as spam.

> You're supposed to stop sending emails to someone who's not interacting with them, or you get an extra point towards being flagged as spam

Can you give a source/reference for this? I'd like to understand it more.

I don't allow any remote content when I read emails, and I get quite a lot of regular newsletters. Why am I not being unsubscribed?

Here for example is Gmail's explanation:

https://support.google.com/mail/answer/81126?hl=en

CTRL-F "Send email to engaged users"

Some choice quotes:

- "Consider unsubscribing users who don’t read your messages."

- "Periodically send a confirmation message to users to make sure they still want to get your messages."

I would note here that "consider" is not "supposed to". It's a suggestion that might help clean your lists, not a requirement.

Also, as someone whose mail client doesn't load external resources for privacy reasons, I'd be annoyed if you unsubscribed me because you weren't tracking my reading. However, an occasional confirmation (say, once or twice a year) as they suggest would be just fine. You could even restrict those to just those subscribers who do not trigger the tracker.

Avoiding being marked as spam, even if you're legitimate, is much a "dark art". At any one point your reputation could take a hit because you did something, and no one will tell you what you did wrong. An ISP can just start redirecting your mails to /dev/null and you'd never find out about it until a user asks you why they haven't received a mail from you in 2 weeks. Malicious actors can also try and get you flagged as spam by artificially generating spam reports on you. There is no rule set you can follow that guarantees you're safe from ever being blackholed, it's all very fuzzy.

Once you're hit with a ban, it's very hard if not impossible to recover.

If you've been at HN for a while, you must have noticed that every now and then there are stories from Google users being mistakenly banned from their account for violating some rule that they don't even explain to them. These events happen to mailing lists as well, but there's even less of a recourse for mailers when this happens. Considering all this, I'd rather err on the side of caution and implement most of recommendations by Google, than increase my risk of being marked a spammer, and risk losing the whole project.

> However, an occasional confirmation (say, once or twice a year) as they suggest would be just fine. You could even restrict those to just those subscribers who do not trigger the tracker.

What is fine to you, is annoying to others. Just read the other comments on this story, where people commonly complain about receiving an email asking to reconfirm their subscription.

Something doesn't feel right here. Why would you send anything to someone with a potential to be marked as spam? That sounds like obtaining a user consent with unclear scope and then spamming them?
So, you are saying that a blind person has to enable images that he can not see, but that can mess with his screen reader, in order to continue receiving your newsletter. There ought to be a law against such discrimination!
> Since people are already weary of clicking the unsubscribe link and instead casually mark everything as spam, every little bit towards keeping your reputation counts.

These slackers are the worst. Not only they cause trouble to legit email newsletters, they also affect the subscribers who want to read the email. Every time I check my gmail spam folder, I'll find at least 2-3 legit newsletters classified as spam because "It is similar to messages that were identified as spam in the past." At least gmail makes it easy to tell them apart from email marked as spam because they were deemed malicious.

(comment deleted)
you can blame email spam from the past for this; it used to be that clicking "unsubscribe" indicated to the spammer that they had reached a valid email, and that they should sell it on to everyone else to use.

Personally, I end up clicking spam on a lot of stuff - they get one chance at unsubscribe. If I get asked to log in, or it redirects to anything other than a confirmation page, then I mark it as spam and forget about it. I get too many misdirected emails to give it any more time than that (my email address is my name, many other people share that name, and a lot of them seem to think that they have that email address too).

How has this changed? Clicking unsubscribe stop spamming me remains some of the strongest signal a marketer can get that it's an email that's regularly read.
I open every single email I receive. How would one not? Would you have a permanent unread counter instead or would you delete them without opening or what?
In my case, permanent unread counter.
I've got a system where a visitor to a web page can request to have product information emailed to them. That is the only way anyone would ever get an email from this system, and I don't even store the email address so I couldn't spam them if I wanted to. And yet, I still get a number of spam complaints every day.

I don't get it.

... what if someone inputs a random email address?
I mean, they could. I don't see the point of that though. All of the product information is available directly on the page where they can email themselves, it's not like one of those "give us your email before you can see the info" things. It's more just to give the user something to reference.
Unintended recipients don't know it will only be a single, one-time email. To them, it looks exactly like spam. Don't look at it from your perspective, look at it from a random stranger's perspective.
A trivial point, but I don't see that anyone's made it yet: one reason it's easier to report spam than to unsubscribe is that the UX for reporting spam is a lot better in Gmail.

If I want to politely unsubscribe from a newsletter I have to: switch from the keyboard to the mouse, hunt for the link in the email and click it, switch contexts to the browser tab it opens, hunt for the primary action on the page, figure out whether that action will confirm the unsubscribe, or whether clicking the button will sneakily re-subscribe me, and then close the tab.

On the other hand, if I report it as spam, I just press "!" one time and (in theory) I'll never see its ilk again.

Reporting something as spam is such a clean experience that I'm trained to use it for things it wasn't meant for, like unsubscribing from a legitimate newsletter. I suspect that this is true for other users as well!

If the newsletter uses a List-Unsubscribe header gmail will add a little unsubscribe button at the top of the email. It shows up in maybe 25% of the newsletters I receive.
Same for the various versions of Apple Mail. No idea whether there is a keyboard shortcut though.
CAN-SPAM should be extended to make it required for commercial mail to add this header.
I'm not so sure I agree. What happens when something better comes along? I don't trust Congress to know what's happening in technology today, let alone to keep legislation up-to-date with technical innovation.
Yeah, the big part of this for me is how awful lots of mailers make unsubscribing. After going to conference I usually need to unsubscribe from a bunch of new mail lists, and so many just redirect me to a vague page where I can modify the type of mail I get, clicking an unsubcribe link should just unsubscribe me, not make me hunt around on their site.
One online service (I think it was Ubisoft) wanted me to login at my unused account to unsubscribe from their newsletter. After a few cases like that you bet I'll take a shortcut if available.
That might be a CAN-SPAM violation you could report to the FTC
I'm honestly curious: are you talking about unsubscribing from a newsletter you explicitly subscribed to?

The vast majority of "newsletters" I get today are from companies that assume that I want to keep hearing from them just because I once did a one-time transaction with them. And no, it's not because I forgot to uncheck the "I want to receive blah blah blah" checkbox. I'm careful to opt out whenever there's an option for that.

I don't know about other people, but I call that stuff spam. Just because it isn't an e-mail from someone who got my address from a dump and decided to cold-mail me with their crap (or phishing or other scams), doesn't mean it's not unsolicited e-mail, i.e. spam.

Maybe things have changed over the years and I just wasn't paying attention, but I've trained myself not to press "unsubscribe" on something I didn't explicitly opt in to receive.

This is roughly what I do. Unsubscribe is for things I was interested in, but am not anymore (out of the hobby, getting too many emails to manage, etc).

Spam is for any kind of email I haven't opted in to receiving. That includes mail from organizations I have never requested contact with, as well as any emails I get as a result of UX dark patterns. I try to opt out, but some of them sneak past, and I don't feel bad dinging it as spam. That's the risk you take with opt-out mailing lists.

A use case for manually unsubscribing is if you have an account on some site (say, an online retailer), and you don't want to run the risk that everything from them gets caught as spam, for example receipts or password resets that you do want to see.

Another is if you get signed up for multiple different streams of messages ("What's New!", "Tips to Get the Most out of X", "Company Communications", "Coupons", etc.) just by signing up for an account (and, as you point out, not actually opting in for any of them explicitly). Since Gmail does not always flag all of these different things as spam, it can be more efficient to go to the "unsubscribe" page and uncheck each of these streams yourself.

Gmail has the mis-feature where other users can mess up your mail delivery by marking things as spam. Are there others? Or is this just another example of how Gmail isn't so great?
> You're supposed to stop sending emails to someone who's not interacting with them

The only way that this justification makes sense to me is if you mail people that didn't explicitly subscribe to your newsletter in the first place. If that's the case, I think that the problem lies elsewhere.

An email is meant to be read, that's it. Any other interaction a user will have with it that is still under your concern is if they follow any links - I personally object even to that. Assuming to track anything besides people visiting your website from a newsletter link is an infringement of the unspoken contract between you and your subscribers.

That may be how you want it to be, but it doesn't reflect reality. If you consistently have extremely low open rates (e.g. you send to a lot of people who aren't opening) your risk of being marked as spam increases. The only way to avoid this is to periodically cull your list of people who haven't opened in some amount of time.
I can understand that, but I see a couple of suggestions in the thread that are more considerate than tracking pixels. Tracking external clicks, double confirmation, etc.

I consume most of my email in plain text format. Like me there are others. Your solution is not working for us.

Spend enough money with Google or MS to convince them that your opinion as an email consumer matters, then make our lives as senders a bit easier. I promise, we will appreciate it.
I'm not familiar with this area. Can you explain the mechanism for this? What thing is imposing the "risk of being marked as spam", and how does it make its determination? Specifically, how does it have any idea about whether the end user has "opened" the mail?
Gmail can do their own tracking on what emails a user opens. If they find that a user is leaving a lot of mail from a domain unread, they might decide to start shifting that mail into the spam box to provide a better UX.

As a sender, it's impossible to get any specifics from Google as to when it happens. You can get a generalized spam report rate from them but that's about it.

"If you're running a mail newsletter, this tracking is pretty important. You're supposed to stop sending emails to someone who's not interacting with them, or you get an extra point towards being flagged as spam."

How about measuring interaction as the user doing something like logging into your site, buying a product, posting a comment on your site, sending you an e-mail -- those are actual interactions. By not counting simply opening the e-mail as interaction, you can satisfy your worries about bothering people without spying on them. You can use the lack of logins or e-mails from the user as an indication of disinterest.

The profit incentive that's built-in via collection of user data makes any "it's for the user's best interest" argument questionable.

The product of parent is literally the newsletter.
The nature of an email newsletter which aggregates third party content is that the only target goal is something opening your email and then enjoying the content enough to click to read more about it.

I don't necessarily like the model, but if this is your business model, then there's nothing else that can be measured to monitor ongoing success apart from:

- how many new users signed up

- how many existing users unsubscribed (or marked as spam)

It's a tough ask getting sponsors based on those two metrics alone.

It is quite common to measure all of those.
>If you're running a mail newsletter, this tracking is pretty important.

Then it's exactly your job to figure out how to accomplish this in a less user hostile way.

Calling what HNDigest does user hostile is pretty far-fetched, but if you have an alternative idea that wouldn't make the experience worse for most of the subscribers I'm all ears.
Any email tracking is user hostile. You don't need to know when or if I've opened an email for exactly the same reason nobody gets to know when or if I open traditional paper mail. It's a fundamental privacy issue and it is user hostile regardless of your noble intentions. It's not my job to make your job easier in this regard.
>If you're running a mail newsletter, this tracking is pretty important. You're supposed to stop sending emails to someone who's not interacting with them

In my experience, that's not what happens. My most recent experience with this was when I had gotten about half way through filling out my info for a service, I was sent an email with a price list, I opened it, looked at the email and decided to wait and compare prices with another provider.

Then the emails started.

'Oh hey we noticed you never finished your registration. I assure you our prices are the lowest anywhere'

Had opened the email but never answered it.

Get another email.

'Hey this is so and so, company president or whatever...if you need any more information, about blah blah blah, don't hesitate to send an email'

So I did...I told them I don't appreciate being spammed because I hadn't finished filling out a web form and i'd like them to stop.

Surprisingly, I got an email back from president dude or whatever apologizing and promising to remove me from the email list.

Yeah...right..

A day later...another email. So I blocked them as spam. I still get spam from them.

You made the fatal mistake of being human in a spam-filled world.
your problem is that you gave them your email address, not that they have tracking pixels in their emails
Yet i hadn't seen their prices until the email i received and i didn't receive the message assuring me their prices were the lowest until i'd actually opened the email. Like within a half hour of opening the email.
(comment deleted)
Really makes you think about the real reasons RSS was killed basically overnight.
I used to be under the impression that the Gmail proxy protects you from this, but then I learned (on a different HN thread) that this is only partially true. It protects you from the sender harvesting the user agent etc, but it still only fetches the images when you open the email, so still leaks information. This promoted me to disable automatic image loading in gmail.
Use plain text view by default.
For anyone's benefit: this is not what "endemic" means.
endemic (adjective): regularly found among particular people or in a certain area.

I'd say tracking pixels are regularly found in the area of email.

What irks me is when email newsletters that I'm willfully subscribed to (the Economist comes to mind) inform me that "since I haven't been interacting" my subscription will be terminated. I have too been "interacting" (or as I call it, "reading") but my email client, very sensibly, doesn't load external resources, like pictures, willy nilly.
It's quite the juxtaposition seeing your post right next to https://news.ycombinator.com/item?id=26163842
As someone with a daily email "newsletter" of my own [1], I am aware of (many of) the vagaries of spam filters. I use plain text only, though, so I couldn't use tracking pixels even if I wanted to. I do unsubscribe users if messages start bouncing but I have no way of knowing if they get silently dropped or spamfoldered.

As someone who subscribes to lots of newsletters, the "interact or we will auto-unsubscribe you" thing still annoys me.

[1]: https://www.aphorismsgalore.com/daily

> I do unsubscribe users if messages start bouncing but I have no way of knowing if they get silently dropped or spamfoldered.

IF you get spamfoldered by enough people the provider will just start sending to the spam folder for everyone. Your newsletter is now useless

And on top of that, some mail providers like Gmail won't even tell you this is happening. I understand why they don't but it's really difficult if you're a small time newsletter trying to get off the ground.
I think all sane email clients block external resources in emails. And if I ever get a time machine, I'm going back for the first guy to put HTML in emails, and then Hitler second.

Additionally, if I'm receiving a message from example.com, and links in the message are not targeted at example.com, but some bullshit like sendgrid with a query string that won't fit across a 4K monitor, I'm deleting it.

The other day I received an email from ft.dk, the danish Folketing. Our parliament. I mean legit dot gov stuff. It had email tracking through Sendgrid. I sent them a strongly worded email and asked them to cut American tracking companies out of our democratic process. And then I deleted the email.

All this tracking seems to have just become the new normal, and hardly anyone cares about it.

Your government should have a place where you can report phishing email. I would definitely report mails with these kind of suspicious links. If they see their legitimate emails getting recognised as phishing, hopefully they'll reconsider their bad practices.
> I think all sane email clients block external resources in emails.

Of the major email clients, I believe Thunderbird is the only one that does so by default.

I wish The Economist was so careful when emailing me. I frequently get spam from them about 'exclusive subscriber only events' with no unsubscribe link because 'This service email [sic] contains important information about your subscription.'
Reminds me of my bank. Whenever they change their terms of service or do anything that could affect my account they send an automated notification email that pretends to have been sent by an actual employee, and always with a subject line like "XYZ sent you an important message regarding your account".

As any UI designer knows, if everything is important nothing is important, and so I just treat those as the spam they are. Which lead to a legitimately important mail getting lost, but it only caused problems for them so ironically they shot themselves in the foot with their dark patterns.

The ACS (American Chemical Society) did that to me.

Odd thing was, I wasn't on any of their mailing lists.

Which would explain why they didn't register a tracking pixel for a long time.

Anti-spam technology forces newsletter publishers to do this. For example, gmail punishes senders who send too many messages that recipients don't interact with.
gmail presumably doesn't need to use a tracking pixel to determine if someone opened an email in the gmail interface...
But if I’m using IMAP I’m downloading all messages and potentially interacting with all, some or none of them.
But as a newsletter publisher they don't share that information with me. If I don't track it myself, eventually my engagement metrics will fall below a certain (undisclosed) level and everything goes to the spam folder.
That is surprising, and unfortunate. I believe this will ultimately have to change. The percentage of people blocking remote content will only go up. I block ALL remote content in my emails, and there is nothing that will convince me to stop doing that.
Can you imagine the comment threads if google was secretly sharing inbox engagement data with marketers?

Anyway, it's been like this for years and the overwhelming majority of email clients load images by default so everyone mostly works around it. I don't think it's changing any time soon.

All it would take is a single default configuration change by Apple, Microsoft, or Google. It is not crazy at all to think that Apple would change the default setting to block loading remote content.
Most people want images in their email to work
It's as easy as doing it the exact same way Hey does. "We blocked external trackers in this email, click here to learn more."
I'm curious how they're doing it. Without having used their product, I gather that they're blocking certain known trackers and/or checking for tracking pixels directly. But it's not hard to put a unique tracking link on any arbitrary image which is part of the email's content. The only full defense is turning off all images.

edit: apparently they automatically cache the images on delivery, which should work. This is really a change that needs to come from the mail providers so good on them. As long as they don't try and assume what the user is interested in like Gmail does, they can drop tracking all they want.

That is going to lead to it appearing that people have high email engagement which will cause them to be on more mailing lists and at higher frequency than they otherwise would be.
Inline images. Faster loading, and will still work when I look at the email years later when all the img links have rotted.
In a lot of instances you get penalized for large messages. Email marketing is a tough business.
They don't, but they also don't share that information with the sender. Gmail wants senders to be proactive and auto-unsubscribe disengaged recipients, which requires tracking open/click rates.
Curious to know how gmail does this. If I open an email without downloading external resources, surely gmail knows that I opened it and doesn't punish the newsletter publisher.
ProtonMail disables this by default. You have to click on "load" to enable remote content.
So does Thunderbird.
(comment deleted)
I wonder if these are even legal I'd er the GDPR. There's no opt-in for these tracking pixels yet they track user behaviour through a third party that knows personally identifiable information (an email address). The BBC article says this shouldn't be happening, but with the UK abandoning the EU I don't know how close to the GDPR the UK is willing to keep their laws.

I hope some data processing agency will look into these tracking companies. Without an optional opt-in at sign-up, emails should never include these pixels.

This is why (not the only why, but an important one) I only read email with mutt.
Hey [1] blocks tracking pixels but is smart enough to still show images.

https://hey.com

If it's allowing images it's allowing tracking, unfortunately.
Hey's solution is pretty smart. Their servers open the image and cache it as soon as the email goes through their servers. That way the pixel data is garbage. If you open the email multiple times it gets the images from Hey's cache.
Interestingly enough this is also what gmail does, however, then they notify the origin server on every email open even though they're serving the cached version, pure evil.
That seems like it's not going to be possible in the long run. You can turn the company logo into a tracking pixel.
A lot of comments here, that tracking pixels are needed to check if recipient is actually getting messages. But couldn't you do the same via click-tracking? After all, email marketing is almost always about getting clicks
Yes. Click tracking is generally considered acceptable even by people who are dead against open rate tracking (DHH comes to mind). If your email is of a nature where the occasional outward click is expected and you wanted to clean the list of anyone who fails to click whatsoever, click tracking is an option.
For anyone using pixels: Under the GPDR tracking pixels require explicit consent as they monitor user behaviour. This _cannot_ be covered with any implicit forms of consent like 'you subscribed to the newsletter'.
I wish we'd have lawers sending out cease-and-desist letters to companies that use tracking pixels – just like back in the 2000s there were thousands of lawers that sent us letters when we used KaZaA…
How many complaints have you filed with your local data protection authority about this?
(comment deleted)
I still read/triage my email with a text only client in a terminal. Much faster for me to consume when the font, spacing and layout is consistent. The bonus is that it also avoids sending good and bad telemetry back to other parties.
I'm using claws-mail in a way that defaults to plaintext email only. I can load the html mail, but rarely do so. When a mail does not show the content in plaintext I usually throw it away.

The reason is pragmatic, by the way. HTML mails take longer to read, and I really don't need some crappy graphics or web design when scanning through my inbox.