This is puzzling me.<p>Even if there are multiple receivers, `to`, `cc`, `bcc` there are some companies that in their client tell you exactly who opened it.<p>How is it implemented? I always assume these trackers use some hidden pixel image when sending emails - but how can they trace the exact person who opened the email?
In the good old days when one could telnet to SMTP servers, you could input several RCPT TO commands to define multiple recipients. I would guess all of the recipients would receive the exact same email.<p>This reference also shows <a href="https://www.samlogic.net/articles/smtp-commands-reference.htm" rel="nofollow">https://www.samlogic.net/articles/smtp-commands-reference.ht...</a> that you can define a "To:" header field, so even though the client shows "This email was sent to the following people" (by parsing the "To:" header), there's technically nothing stopping the mail client to lie in the header about who the mail was sent to. Or that 2 recipient could get 2 different versions of the e-mail.<p>I guess the mail client crafts a unique email (with a unique tracking pixel URL) and addresses it (via RCPT TO) to a unique recipient, but in the "To:" header it will specify all the recipients, claiming "Each of the following people got an exact copy of the e-mail".
Embed some piece of HTML that calls back to the URL of an external server. Each recipient gets a slightly different URL. So when the email client parses <img src="server<dot>com/emailtracker.php?id=abcd"/> it connects to server<dot>com/emailtracker.php and passes your ID (<i>abcd</i>) to the emailtracker.php page.<p>Then some code in emailtracker.php finds your ID in a table of ID's issued by sent emails and records your IP and browser fingerprint alongisde the ID they issued you when they sent the email.
> I always assume these trackers use some hidden pixel image when sending emails - but how can they trace the exact person who opened the email?<p>Apparently they use a hidden pixel, i.e. a separate tracking code, for each recipient. There was a discussion about this feature in Super Human: <a href="https://blog.superhuman.com/read-statuses-bdf0cc34b6a5" rel="nofollow">https://blog.superhuman.com/read-statuses-bdf0cc34b6a5</a>
Easiest way is a 1x1 tracking pixel that basically sends an ACK back to the sender when it loads. It can also resolve information about the recipient of the email from databases the mailer has from previous campaigns along with people intelligence search engines like Sparkpeople and Pipl.<p>However, that requires the client having HTML email enabled, which most of them do (since most don't care about that sort of stuff).<p>The other way is by using a BCC, since MTAs will route the email to them but do not display it back to the client. However, some email servers can filter based on bcc's, and I'm guessing that this is illegal.