Did you know that many of the emails you receive from organizations contain tiny spy pixels?
Dave Smyth, Designer, and Developer at Scruples Studio joins the Marketing Unf*cked podcast to discuss how organizations use ‘spy pixels’ to send your email data back to the original sender - and the steps you can take to protect your privacy.
The only actionable podcast to help you unfuck your marketing and run a business that gives a shit. Listen in on raw conversations with experts about ethics, privacy, and sustainability in marketing.
Siobhan: Welcome to the only podcast that will get you to unfuck your marketing with Siobhan. It’s Marketing Unf*ck. Today, we will speak with Dave Smyth all about emails and spy pixels. Let's do this.
So, Dave, how do we unfuck marketing?
Dave: Spy pixels, specifically in emails, I think. So, we all know that we get open rates and that's like a key marketing metric for lots of people when we're sending emails. We like to track or see the click-through rate on emails that we send as well. Almost all the time, that data is relayed back to us through spy pixels in emails that users don't consent to, and it reports all sorts of stuff that you probably don't want to be collected - both the users and the companies.
Siobhan: But why is this a problem now? We've been doing it for a while, right?
Dave: Yeah, it's always been a problem. But people haven't really known about it. I guess the problem is that users don't know that it's happening. So they might suspect that a company knows when they've opened an email, or if they've opened an email, they might suspect that. But what they almost certainly wouldn't expect is that a company who knows every time they open an email, what time what day and in many cases, they also know where they are when they when they open the emails.
So, when we send these emails, we're building up logs of a user's location history, basically. That happens every time they open the email and it probably happens even if a user unsubscribes from the mailing list. So, if they unsubscribe and then come back to an email they received and open it again, that data will be sent back. Now it might be the marketer can't see that, it depends on the platform.
Siobhan: So, how did you find out that we're doing this?
Dave: I think it was when Superhuman came out, which was an email provider that kind of sits on top of Gmail accounts. And there was a furor about their use of tracking and that was the first time I heard about the location stuff happening and being reported in emails. It's kind of a funny one because I think a lot of people do this without realizing the privacy implications of it.
I read a piece by Joe McKeith recently, who's a really well-respected internet person, and he was talking about tracking and blocking tracking and things. And Chris Coyier, who runs CSS-Tricks and CodePen, which are two quite big sites, responded and said that he didn't even realize that in his mailing email provider, he could see this data. And that's somebody who understands marketing. He knows about the open rates and he's like, super smart, he knows everything about technology. He didn't even realize that he could do this. He said he didn't realize that all he had to do was click through to an individual subscriber and see every time they've clicked a link, and when they clicked it and that sort of thing.
Siobhan: Couldn't it be helpful for us to understand how often someone clicks on a link? Maybe that helps us understand if the messaging is correct in the email. I'm not talking about the location element of things. But you know, how often people are opening an email might help a marketer understand if that email is a successful email? Is that still an issue in terms of tracking in your opinion?
Dave: I wonder how useful that information actually is. I would guess that for most marketers, maybe they think open rates are useful. But there are problems with open rates that we can talk about in a second. But probably the most useful thing that they can know is whether somebody clicks on a link in an email, and you don't have to do it this way. You can use like UTMs and that's a privacy-focused way of doing it. You don't have to rely on the spy pixels.
The big problem with spy pixels is that it's such a fundamental, basic technology. It's just sending a little image in the email, you can't pick and choose what data gets sent back. So, it basically all gets sent back. Even if your intentions are good. In fact, some mailing list providers will let you take these out, but they still contain the tracking pixel and they just don't feed you that data. So yeah, it's super common.
Siobhan: Okay, let's discuss that for a second. So, you're saying the spy pixel has a bunch of information in it and instead we could be using UTMs and essentially just tagging the information that we want related to that button being fed back to us when they get to the website.
Dave: Exactly. The data is incredibly dodgy. So, users can block pixels often through their email app. Some email providers will do this as well. There are two ways that this this works. One way is that the email app opens the email for the user and then it takes the pixel out. To the sender, that looks like the user has opened it the second email has been sent. If you've ever looked through that, and you've seen that somebody has opened the email immediately, that means that their email provider is opening that pixel to protect the user.
The other way this can work is that, and this is probably more people are probably more familiar with, is that the app will show a message like images blocked to protect your privacy. When that happens, it will seem to the sender that the email has never been opened. That's where you get all of these issues where people get people get unsubscribed from mailing lists because they think that these users aren't reading the emails, when actually they are just blocking the pixels. That’s a bit of a different thing.
Siobhan: Is there any way we can get accurate open rates? Or is that just not possible anymore?
Dave: I don't think it's possible. Because you've got some users who aren't doing anything about it. So, you might have a reasonably accurate measure of those. But you've got some users who will appear like false positives, and you've got other users who are false negatives.
On top of that, Apple's mail privacy protection rolled out, I think, in iOS 15. I read an email industry article that predicted that that would affect the open rates of roughly 30 to 40% of any given list. So, if the data wasn't dodgy before, it's incredibly dodgy now. That affects anybody who uses the mail app, it's not even iCloud addresses. They’ve been protected by Apple.
Siobhan: But then we can't track open rates, or at least not accurately. You're suggesting that the spy pixel is not a good way or not a fair way for us to be tracking the user's location, click through rates, etc and that we use UTM’s instead.
What else can a marketer do to be able to optimize their email marketing? Because, you know, like you said, it's spy pixels as the default and we're assuming that email marketers are using this information. Other than UTM, is there another way around this?
Dave: UTM’s are probably the best way. If you don't want to use UTM’s,you can use specific URLs or landing pages for emails, which might function in the same way that a UTM does. But UTM’s are a great place to start because it can give you some information. If you wanted to, in your email, you could label every single call-to-action differently in the UTM if you want to get hyper granular. You can do that in a way that totally respects the user's privacy. You don't need to know who that person is, or how many times they’ve opened the email.
Going back to what you asked earlier, I don't see the value in knowing like how many times somebody opens an email, surely the most important thing is did they click it? If they did, it's good. If they opened it three times, and then clicked it, you've got the same result. They’re either going to click it or they're not.
Siobhan: So then, how do we get rid of the spy pixel? Because you've mentioned now most providers just have it there. How can we address that side – meaning, if I'm a marketer who now wants to do the right thing, and unfuck my email marketing, how do I do that?
Dave: Well, lots of lots of providers will let you do it. And if it's not an option in the Control Panel, I've spoken to lots of people who've emailed their email provider, and they've taken it out for them. You can often either do it through the control panel, or a provider can do it.
Siobhan: Okay, and then we would still be able to see the click-through rates if we had the UTM, correct?
Dave: Yeah, exactly.
Siobhan: Then let's go to the other side of the coin. If I'm a user, how do I know I'm being tracked?
Dave: It depends. that so. Last year, Basecamp released, Hey, which kind of kicked off this whole ‘being aware of spy pixels’ thing. In their email interface, they tell you on every single email, if there's a spy pixel in it, and then they tell you which services are using it. I would tell you like MailChimp or something like that.
So, Hey users will already know that they can do that. There are a few others that have come out that have started to do that. Like, there's Big Mail and something called Simplifying and they're both for Gmail. This is becoming more and more common that the apps are starting to highlight this.
Siobhan: But then if they highlight it, is there something we can do about it? Meaning, you know, like you said, I didn't give my consent - and I'm sure that's a tricky way to find your way around giving consent for something like this. It's an email. And then I become aware as a user, how can I address that? Can I ask them to stop tracking me? If I'm not, let's say, on a mail app?
Dave: Yeah you can but the only the only way that you'll get them to do that is if you report them to a Data Protection Authority. I mean, it all depends, like where your location and the data with the Data Protection Authority you have. Over here in the in the UK, and the ICO, which is the Data Protection Authority here, around the time of Hey release, they did some research and it showed up in between 30 and 50%, of all users emails.
At the time the ICO said, “if anybody's concerned about this, let us know.” So, I set up a little website notospypixels.com to help people do this. And basically, the steps are - you ask them to take out this by pixels, they'll tell you that it's covered in their privacy policy, which the ICO specifically say isn't good enough. Since my first complaint, they've changed their guidance on their websites to highlight that.
Siobhan: So, you have a complaint?
Dave: Yeah. I'm that guy.
Siobhan: Tell us about it.
Dave: I put in one with my bank. They referred it all the way through their data people and basically said, we're not gonna do a thing. But I sent that to the ICO because they'd made that offer that they would look into stuff. A few months later, I got an email back to say that the bank were taking the spy pixels out of the emails.
Siobhan: That's a great result. But the bank is a bigger business. How would you address this with, let's say, a smaller business, where they might not have those resources, you know, privacy policies are pretty general, they don't have a DPO or anything like this?
Dave: I actually think that the big businesses are actually the better target. Because of that, I think if it's a smaller company, you have to give them a bit more leeway (particularly if it's like a one-person business or something like that), they're spinning a lot of plates. You can't expect them to be privacy experts. But if you notice it and you don't like it, you could raise it with them in a friendly way and say, Look, you may not even realise this, but you're inadvertently building a location log of all your customers, which you may not want to do.
The thing with small businesses as well is that when you're starting out, so much of the marketing techniques you use are things that you're told to do or recommended to do through books or recommendations from other people. As I said, people are like spinning plates, you can't expect them to be experts in this stuff, or to necessarily to know about or have considered how that is collected. Going back to the example of Chris Coyier, somebody who's been in this business for a very long time. He's super smart. He knows marketing and technology and even he didn't realise the implications of this.
Siobhan: So, if you are that a super smart email marketer, how can you address this other than trying to get in touch with your email provider? Is there a list of providers that are better than others? I'm not asking you to name them now, I can add them into the resources. But is there preferred software that you can use for your email marketing that's going to be more focused towards no spy pixels, but still being able to give valuable information to the email marketer?
Dave: Yeah. I know that for instance, with MailChimp right now you can. If you're on a pay plan, you can take it out but if you're not on a pay plan, I don't think you can take it out. If you're not on a pay plan, you know, apparently everything spam. I know with ConvertKit, I don't think it's in their control panel. But I know from people who have told me that they've emailed them and had the pixels have been taken out, which is super cool.
There are providers like Buttondown that let you just do out of the box. I think possibly MailerLite do and there's a new service coming out soon called Send Stack that's specifically privacy-focused. And in fact, even Revue, which is the service that Twitter acquired, the mark-up who were like an investigative journalist, online newspaper, they use that, and they specifically use it because they can take the pixels out. But when I contacted Revue, I was told that that was only for big customers. I don't know if that's been rolled out to smaller plans.
I think the thing to do is if you find a service that you think might be a good fit, and it's not clear, just email them. Lots of these platforms are trying to sell the benefits of the specific analytics that they offer or how they present the analytics. That's what they try to sell to people rather than the privacy aspects.
Siobhan: Well, thank you Dave, and thank you for bringing this to our attention.
Dave: You're welcome. Thanks for having me.