TL;DR: Many emails contain an invisible one-pixel image that reports back when, where, and on what device you opened them. Block remote images to stop most of it, and open untrusted mail in a burner inbox.
The one-pixel image you never see
That newsletter you opened this morning probably told on you. Inside the message, alongside the logo and the product photos, sat a transparent image one pixel wide and one pixel tall. You couldn't see it - That's the point. But when your mail app displayed the message, it fetched that tiny image from the sender's server, and the fetch itself was the report: this exact person opened this exact email.
The trick works because the image's web address is unique to you. Ten thousand people get the same newsletter, but each copy requests a different invisible pixel. When pixel number 4,382 gets loaded, the sender knows recipient 4,382 opened up. No reply needed, no link clicked, no button pressed - Reading the message was enough. Marketers politely call this an "open rate." It's tracking, and it ships with most commercial email by default.
What one open tells them
A single loaded pixel carries more than "opened." The request reaches the sender's server with details attached:
- When you opened the email, down to the second - And every re-open after that
- Roughly where you were, based on your network address
- What device you used - Phone or computer, and often which mail app
- How engaged you are, once your opens are tracked across weeks of messages
Stack those signals over months and the sender holds a small behavioral file on you: the hour you check mail, the city you're usually in, whether you open on the first ping or three days later. You never filled in a survey. Your mail app filled it in for you.
Why opens invite more spam
Here's the part that loops back to your junk folder. Mailing lists get graded, and an address that opens messages is a live, human-attended address. Those are the valuable ones. Openers get promoted to the "engaged" segment, mailed more often, and - On the shady end of the industry - Sold at a premium, because the buyer knows a person is actually reading.
That's why opening spam, even without clicking anything, tends to bring more spam. The pixel converts your curiosity into a quality signal on someone else's spreadsheet. Deleting junk unopened isn't just tidiness; it keeps your address graded as cold, and cold addresses eventually get pruned from lists because mailing them costs money for nothing.
How to shut pixels down
You don't need special software to fight back. Work through these settings:
- Turn off automatic remote images in your mail app. This is the big one - A pixel that never loads never reports. Look for "load remote content" or "display external images" in settings.
- Load images per message, only for senders you trust. Most apps show a "display images" button at the top of each email.
- Prefer apps that proxy or pre-fetch images, which muddies the sender's location and timing data.
- Read suspicious mail as plain text when your app allows it. No rendering, no tracking.
None of these break your email. Messages still arrive; they just stop phoning home the moment you glance at them.
More inbox-hardening settings like these live in our security tips.
The burner inbox move
There's one more defense, and it's the bluntest: don't let trackable mail reach your identity at all. When a sender is unproven - A new store, a gated download, a "free guide" - Give them a temporary email address and read their messages inside the throwaway inbox. The pixel may fire, but what does it learn? That an address with no name, no history, and ten minutes to live opened an email once. The profile it starts building gets deleted along with the inbox.
Your real address only receives mail from senders who've earned it, which shrinks your tracking surface to a handful of companies you actually chose. Where do the unproven senders find you instead? Nowhere - And if you're wondering how they got your address in the first place, the spam list pipeline explains it. Then see why your main address deserves master-key treatment.