A return receipt notifies the sender of an email when the recipient opens it, but it can be blocked. Email clients have controls for requesting and accepting or rejecting return receipts. Some people consider them an invasion of privacy, and they can be overwhelming. Web bugs can bypass disabled receipts by generating an acknowledgment of receipt via an invisible image carrier. Purists tend to use plain text email, while others block embedded images to prevent malicious scripts.
A return receipt, as far as computers are concerned, refers to the ability for the sender of an email to be notified with a date and time of when the recipient opened the mail. A sender might naturally want a return receipt to be sure all email actually reaches its destination, or some might opt for service only when the mail is related to legal or professional matters that require a forensic record. In any case, the recipient can block the generation of a return receipt, intentionally or accidentally.
Today’s email clients have a control for requesting return receipts for sent mail and a separate control for accepting or rejecting requested receipts. First, let’s consider requesting a return receipt.
While it might seem useful to know when people open your mail, there are a couple of things to consider. First, some people consider return receipts an invasion of their privacy. They prefer to read and reply to mail without a “ticking of the return receipt clock.” Second, if you send out a lot of emails you may end up with return receipts bombarding your inbox. This can be overwhelming, although some email clients handle receipts better than others, allowing notifications to be automatically archived with the original mail.
In any case, just because a return receipt is requested does not mean it will be granted. This brings us to the second control mechanism: the ability to accept or deny return receipt requests.
If your email client is configured to accept acknowledgment of receipt requests, opening an email may generate a popup requesting your permission to send the notification. Clicking “OK” will automatically generate the timestamped mail without further involvement. Some people, however, are so used to closing pop-up ads that they may automatically click “No” or “Close” without even reading the window, thereby accidentally denying receipt.
In other email clients, if return receipt checking is left enabled, the program will generate receipts silently in the background without any user interaction. In many cases, this check is enabled by default and people are unaware that their email client is sending return receipts.
If your mail client is configured to deny return receipt requests, they will not be generated. However, they could still be delivered more clandestinely, through the use of web bugs built into HTML-enabled email interfaces.
What is an HTML-enabled email interface? HTML is the markup language used on the web. While email was originally designed to be plain text, email clients today can operate in two modes: plain text or HTML. Many people choose the HTML-enabled interface because it’s more flashy and allows you to view web pages, sounds, and images embedded within email messages. It’s basically the same as browsing the web from within your email client.
Since it is known that many people choose to disable return receipts, but use HTML-enabled email interfaces, some companies offer a service to bypass disabled receipts. This method requires the recipient to be using HTML-style mail and to have an open connection to the Internet at the time the mail is opened. If both of these conditions are met, the acknowledgment of receipt is generated via a web bug.
A web bug is embedded in the email as a tiny invisible image carrier. When the mail is opened by the recipient, the image holder prompts the e-mail program to contact the website to download the image. Assuming the computer is online, the website is contacted and the invisible image is downloaded. The image itself consists of a few transparent pixels, unnoticeable to the reader, but the process triggers the acknowledgment function on the website hosting the web bug. An automated script generates a timestamp of when the image was requested and send a return receipt email to the customer. If all goes as planned, the reader will never realize that they have just triggered a process that has generated an acknowledgment of receipt.
Purists tend to configure their email clients to use plain text, as it is more secure than HTML-enabled email. Others opt for HTML mail but configure their email client to block embedded images to prevent the arbitrary download of web bugs, viruses, or other malicious scripts. However, this also means blocking legitimate images in many cases. People who use web-based email (websites that offer email services) may not have a choice, although some services offer the option to block web bugs.
Protect your devices with Threat Protection by NordVPN
