Tracking emails help sell, but privacy's lost


Kathryn Kure of Data Myna
In the marketing dust churned up by the disruptions of digital, particularly social media, some basic, and highly effective communication and sales channels have been ignored. 

The humble email, usually considered a customer retention exercise, is up to forty times more effective than both Twitter and Facebook combined when it comes to customer acquisition, according to data from the 2012 McKinsey iConsumer survey. McKinsey noted, however, that many companies were scaling back their email marketing in favour of social media; while the data told one story, the focus was on another, fed by the fear of missing out. But as Pew Research Centre stated in 2014:

"Despite a generation of threats and competitors, email ranks as the most important digital tool for workers who use the internet. Only 4% of these networked workers cite social media as very important on the job."

Part of the renewed interest in email comes from research initiated via Alexis C. Madrigal, which noted that a large amount of web traffic comes from sources such as  email, instant messages and forum posts. This traffic was recently quantified by Radium One  as representing over over two-thirds of sharing activity. Hence there is a renewed interest in such Dark Social activities, and email in particular.

Madrigal coined the term Dark Social to refer to the fact that web analytics were generally not tracking or not able to track such activities. However, companies, increasingly aware of the importance of email in the digital marketing mix, are now using tools provided by companies such as Yesware, Bananatag, and Streak - which has over 300 000 users - to track emails to consumers.

In fact, the concept is really simple. A lot of emails being send nowadays contain pictures that are not embedded in the email, but point to a URL, i.e., a web hyperlink,  as the source for the content. Since pictures are seen as mostly harmless content from a security perspective, most end users have their email clients set to automatically download external pictures, so that email signatures with company logos, for instance, display correctly. To download these pictures in the email, a GET request is sent to the server, asking it for the picture file to display in the email  Within this GET request, additional information can be embedded by the originator of the email, so when the server sees the GET request from the client, it can extract this additional information, store it in a server side database, and send the picture to the client (email viewer). Apart from this embedded information, the GET request will, by default, contain information on what application and/or operating system requested the picture, so the server can format it appropriately and the IP address of the requestor, so the server knows where to send the response to.

Together these bits of information can be used to track when, where based on the IP address and Global lookup databases for IP’s,  and on what device the email was opened and also how many times it was opened; furthermore, if you set a unique ID per customer, then this can be sent back and collated and used in your web analytics, by linking the email to which the original mail was send to the unique ID.

The actual image that is embedded is called a tracking pixel, which is simply code that asks for and returns a transparent 1x1 image, normally a GIF file, to keep the size very small. Now the call and return is not visible to the email recipient, in that the image is literally invisible.

That is, it acts just like a "read receipt" except that you may not be aware that you are actually sending back such a receipt. As people did when automatically switching off read receipts, so you can install software such as Ugly Mail which tells you when your emails are being tracked, or Pixel Block which blocks them altogether, but might block other useful pictures on the email as well. Of course, an even simpler way of not sending back information is simply never to download images, which then means the code cannot be activated. In fact, this is generally advocated given that while some uses may be benign, it can also be used for more malicious purposes, such as, for a would-be burglar, knowing when someone is not at home. 

As a marketer, such detailed information is powerful, however, even though email messaging should be opt-in, the fact that the pixel tracking is invisible to recipients cuts to the core of the issue of informed consent and it could be argued that consumers should given a chance to opt-out of such tracking. While tracking is technically easy, many email services advocate you do not automatically download images, so if some recipients refuse images but do read the email, they are not counted as having read the email, which means your web analytics have to be interpreted carefully, since while you can say those who sent the get request have read the email, you can’t say that those who did not did not read the email.

There is a fine balancing act between a company’s need for data and a consumer’s desire for privacy and, coupled with that, security. Companies in the US have reported a sharp increase in cyber-attacks, both in breadth and sophistication, and as cyber-security issues become more prominent, so will companies increasingly deactivate permissions by default and it will again become less and less easy to track consumers, particularly by location, unless there is explicit, informed consent.

An shortened version of this article first appeared on page 19 of the Saturday Star, 5 May 2015; this has been republished with permission. 
Saturday Star, 2 May 2015, page 19



Popular Posts