Remote Image Tracking in Email: What It Is and How Susmail Handles It
HTML email can include images loaded from a sender’s server. Some are ordinary logos and layout assets. Others are tiny transparent tracking pixels that tell the sender a message was opened. Blocking remote images is one of the simplest ways to reduce passive email-open tracking.
What remote images are
A remote image is not stored inside the email itself. Instead, the message contains a URL. When an email client renders the message, it asks that URL for the image. That request can reveal that the message was viewed and can include technical details such as time, IP address, user agent, and a unique path associated with the message or campaign.
Not every remote image is malicious. Many senders use hosted assets because they are easier to update and smaller to deliver. The privacy concern is that fetching the image gives the sender a signal even if you never click a link.
What tracking pixels do
A tracking pixel is usually a very small image, sometimes only one transparent pixel. It is loaded from a unique URL. When your email client fetches it, the sender can infer that a specific message was opened. Marketing systems use this for open-rate analytics. Attackers can also use similar techniques to confirm that an address is active.
Open tracking is imperfect because many clients block images or proxy image requests. Still, it is common enough that privacy-focused email workflows should assume remote images may act as tracking beacons.
How Susmail handles remote images
Susmail treats incoming HTML as untrusted. The primary reader emphasizes extracted codes, links, and text fallback. When an HTML preview is available, remote images are blocked by default. Users can choose to load images for a specific message if visual rendering matters, such as when a QA tester needs to inspect layout, but that action may contact sender-controlled servers.
This default is useful for verification emails because most OTP and confirmation workflows should still make sense without images. If a message cannot be understood without remote assets, that is a signal for senders and QA teams to improve plain text and accessible copy.
Remaining privacy limits
- Opening a confirmation link can still reveal information to the destination site.
- Embedded links may contain recipient, campaign, or redirect identifiers.
- Information typed into the external signup form is outside Susmail’s control.
- Loading remote images manually may expose an open event to the image host.
Blocking remote images is helpful, but it is not complete anonymity. Use Susmail for low-risk address separation and testing, not for accounts where long-term privacy, recovery, or identity protection requires a stronger tool.
What senders and QA teams should learn from this
If you send transactional email, your message should work without remote images. The user should understand the sender, action, code, expiration, and fallback URL from text alone. Logos and visual polish can help recognition, but they should not carry the only explanation of what the message is for. This is especially important for OTP and account-security emails, where clarity matters more than marketing layout.
QA teams can use Susmail’s blocked-image default as a quick test. If a verification email becomes confusing when images are blocked, improve the subject, heading, body copy, button text, and plain text fallback. A strong verification email should remain useful in privacy-focused readers, accessibility tools, corporate mail clients, and slow network conditions.