How does Google's cleardot.gif track email recipients with a generic URL?
Some people and companies embed hyperlinked images in their emails in order to keep track of which recipients read the emails, and when. When the recipient opens the email and their email client asks the server for the embedded image, the sender gets a log of that. Usually, the URL to the image is unique, that way the image server can tell exactly which email just got opened. However, in many cases the URL is not unique. I have seen the following line in several emails from at least two senders:
<img class="" src="https://mail.google.com/mail/u/0/images/cleardot.gif">
I have unencoded the string above into plain HTML. In the email, it is usually in quoted-printable format, so the = characters turn into =3D.
How does this hyperlinked image track recipients? It can obviously get your IP address and the time you opened it, but that doesn't seem very helpful. I don't understand why anyone would include this image without a unique URL.
The user identification (or tracking) does not need to be encoded in the GET URL. In some cases some information can be collected from the "Referer:" header URL. Though in many cases the information would come from cookies.
E-mail opened in a web browser
In my case when I open the URL
https://mail.google.com/mail/u/0/images/cleardot.gif
in Firefox, the browser sends 11 cookies! Most of them contain relatively long encoded or random strings. Here is the list --- URL the cookie lives with and the cookie names:
-
https://mail.google.com/mail
---GX
,GXSP
(contains just a single letter) -
*.google.com
---APISID
,HSID
,NID
,OGP
,OGPC
,PREF
,SID
-
https://*.google.com
---SAPISID
,SSID
This test was done with profile on which I use my Google accounts. I also tested a private browsing profile which did not have any cookies. I opened http://www.google.com/
and then the cleardot.gif
URL and my browser was happily sending two cookies: NID
and PREF
.
E-mail opened in a mail client
Most of mail clients with a GUI use an existing HTML rendering core. For example Thunderbird uses Gecko (the same core as in Firefox). When a resource has to be accessed over HTTP/HTTPS (e.g. an image) cookies are sent the same way as in a web browser.
I checked which cookies I have in Thunderbird and I have the following ones:
-
*.google.com
---NID
,PREF
Both cookies can be found in Firefox too and according to the description provided by Google they are being used for storing user preferences and advertisement related tracking. Both works for users which are not logged into a Google account.
Thunderbird and Firefox do not share the same set of cookies. Your login to Google account in Firefox cannot be simply related to displaying of e-mails in Thunderbird.
Summary
Google can use the embedded image to get the information as you suggested and something more by using the cookies:
- IP address and geographical location
- time of displaying of an e-mail
- type and platform of the client software
- assigning the events to users (by utilizing cookies)
- assigning the events to a Google user when the e-mail is displayed in a web browser or possibly when the user clicks a special link in the e-mail to open it in a web browser
It seems that the tracking image is being used for collecting statistical data, not for tracking behaviour of individual Google users.
Here is description of some of cookies used by Google, another description from a 3rd party: Main cookies used by Google.