I got an e-mail today from a third-party on behalf of a mutual customer. This person wanted to remind me that his e-mail to me the day before “was opened 22 mins 7 seconds after [he] sent it to [me]” and he was wondering if I had made any progress.
How did he know that? There was no message box advising me that the sender had requested a read receipt and asking if I wanted to send it. There was however a warning from my e-mail client (KMail) advising me that there were external references embedded in the HTML e-mail message. Like a fool, I disregarded this warning and clicked to display these references the first time around.
When I got his reminder I went back and examined the HTML content. At the end of the message was a link to an image on http://img.msgtag.com/. When this image is loaded, it notifies the sender that their mail has been opened along with the time elapsed from sending the mail to when it was eventually opened. MSGTAG is the company that provides this service in this instance.
I was annoyed about this. Damned annoyed. Someone e-mailing me had surreptitiously embedded an external image in an e-mail to for the express purpose of identifying when I opened his mail _without_ my permission and in violation of my privacy. It’s nobody’s damned business when or even if I have read their e-mails.
That information should be requested via the long established mechanism of requesting read receipts allowing the recipient to decide whether or not to notify the sender that their message has been read. In my case it’s not that hugh an issue – generally speaking I would not load external references. But what about the 90% or more of less informed users who would or whose clients wouldn’t even ask first?
With my somewhat limited knowledge of the Data Protection Act I am quite convinced that this is in breach of it. I’m not a lawyer and would love the opinion of one on this.