Privacy Watch: New Services That Peep Into Your Inbox

"You sent me an e-mail? My spam filter must have zapped it."

Lots of us have used this line, and chances are that a few times, like when the message was a bunch of lame jokes from Uncle Morty, it wasn't the absolute truth. But the excuse won't work anymore if Uncle Morty starts using one of the new services that track whether you got an e-mail and what you did with it.

These services, from MsgTag ($20 with a free trial) and DidTheyReadIt ($50 per year, with a free trial), insert a small piece of HTML code into outgoing messages. When the recipient opens the message in an HTML-compatible e-mail client such as Outlook or Outlook Express, or with a Web-based mail service like Hotmail, either service can track the message.

Both MsgTag and DidTheyReadIt can tell senders when the message was received and when it was opened. DidTheyReadIt goes a few steps further, allowing the sender to find out how long the message window was left open and whether a message was forwarded.

The purveyors of these services argue that there's a real need (beyond simple nosiness) for them. A certain percentage of legitimate messages do get caught in spam filters, and using return receipts won't always ensure that your missive gets through. "Most system [administrators] will turn off all return receipts by default, and some e-mail services, like Hotmail and Yahoo, don't allow return receipts at all," says Alex Rampell, CEO of Rampell Software, which sells the DidTheyReadIt service.

But does that concern justify empowering people to snoop into your e-mail reading habits? In some circumstances, these services could be downright dangerous. DidTheyReadIt grabs the IP address of the computer you use to open an e-mail message, and then uses that address to determine your location, right down to the city you're in. The service "gives you the location [of the recipient] and a link to MapQuest," Rampell says. Imagine how helpful this would be to a predatory adult who's in e-mail communication with a child.

If you want to protect your privacy, both services are fairly easy to defeat. The easiest solution is to disable the display of HTML content or of embedded graphics in your messages. Doing this will also prevent the majority of phishing e-mail messages from displaying properly; so in general, it's a sensible thing to do. The downside is that you won't be able to see any other images--including ones you might want to see--that are embedded in the body of messages. (Image files sent as e-mail attachments will still get through, however.)

For people who use Outlook (versions 2000 through 2003) and don't want to turn off HTML in mail messages, former Netscape programmer Mike Belshe has created a free program called NoSpyMail that can detect and block Web bug elements in messages without requiring you to turn off HTML in your e-mail client software.

To my mind, your inbox should be your own personal domain. Let's do what we can to keep it that way.

Andrew Brandt

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon