How to disable email tracking pixels in Superhuman

Chad Loder
Jun 28 · 4 min read

I love the Superhuman email app. But there is an important privacy issue with using Superhuman that I don’t love:

Superhuman automatically embeds a “Read receipt” tracking pixel with every email you send.

What is a tracking pixel?

A tracking pixel is a small GIF (usually 1x1 pixels in size) that can be embedded into emails with a unique code that allows the individual recipient to be identified.

When the recipient opens an email with a tracking pixel embedded in it, their web browser or email client remotely loads the pixel from the tracking server, which allows the sender to track when (and how many times) the recipient opened the email.

Tracking pixels are a common technique in marketing automation platforms such as HubSpot, Marketo, and YesWare.

It’s unusual to see this functionality in an email client such as Superhuman — and Superhuman goes beyond simply tracking email opens by also revealing the location (down to the state/province level) of the recipient when they opened the email.

Mike Davidson (the former VP of Design at Twitter) recently published a scathing blog post titled “Superhuman is Spying on You”, in which he took Superhuman to task for their normalization of this tracking feature.

Protect yourself from email tracking pixels

Rather than reiterate Mike’s critique here, I thought I’d show you how to protect yourself from common email pixel trackers, including Superhuman’s tracker.

GMail: Disable external images in email

If you’re a GMail user, the best way to disable pixel tracking is to disable the loading of external images in email.

WARNING: This will change how some of your emails display.

  1. In GMail, click on the gear icon ⚙️ and click Settings.
  2. Under the General tab, scroll down to Images. Select “Ask before displaying external images”.
  3. Scroll to the bottom of the Settings page and click Save changes.

Superhuman: Use uBlock Origin

Superhuman does not currently provide a way to disable remote image loading in emails. Here’s how to block known tracking pixels using the uBlock Origin ad-blocker extension for Chrome and Firefox.

WARNING: While this seems to work for me, it could break the Superhuman experience for you. This also does not have any effect when using the Superhuman iOS app to read emails.

  1. Install the uBlock Origin browser plugin if you haven’t done so already.
  2. Right-click on the uBlock icon and select “Options
  3. Select the “My Filters” tab
  4. Enter the following lines of text into the filter box and hit “Apply
! Superhuman "read receipt" tracking pixel
||media.superhumanapp.com/images/_/*://r.superhuman.com/*.gif$image
||r.superhuman.com/*.gif$document
! hunter.io email tracking
! https://mailtracker.hunter.io/articles/how-does-email-tracking-work
||mltrk.io/pixel/*^$document
||media.superhumanapp.com/images/_/*://*.mltrk.io/pixel/*^$image
! SendGrid email tracking
||sendgrid.com/wf/open*^$document
||sendgrid.net/wf/open*^$document
||sendgrid.com/trk*^$document
||ct.sendgrid.net/mpss/o/*.gif^$document
||media.superhumanapp.com/images/_/*://*.sendgrid.com/wf/open*^$image
||media.superhumanapp.com/images/_/*://*.sendgrid.net/wf/open*^$image
||media.superhumanapp.com/images/_/*://*.sendgrid.com/trk*^$image
||media.superhumanapp.com/images/_/*://*.ct.sendgrid.net/mpss/o/*.gif^$image
! Litmus email tracking
||emltrk.com^
||media.superhumanapp.com/images/_/*://*.emltrk.com*^$image
! GMelius email tracking
||gml.email^
||media.superhumanapp.com/images/_/*://gml.email*^$image
! HubSpot email tracking
! https://knowledge.hubspot.com/articles/kcs_article/email-tracking/how-hubspot-email-open-tracking-works
! TODO: HubSpot can use custom domains which all seem to have a URL structure like:
! https://example.com/e2t/o/*<random stuff>
! https://example.com/e2t/c/*<random stuff>
||t.hubspotemail.net^
||media.superhumanapp.com/images/_/*://*.t.hubspotemail.net*^$image
||media.superhumanapp.com/images/_/*://*/e2t/o/*^$image
! DidTheyReadIt.com email tracking
! This is already blocked in Peter Lowe's list
||xpostmail.com^
||media.superhumanapp.com/images/_/*://*.xpostmail.com*^$image
! MixPanel email tracking
! https://help.mixpanel.com/hc/en-us/articles/115004690106-Track-Email-Open-Rates
||mixpanel.com/trk*^$document
||mixpanel.com/track*^$document
||media.superhumanapp.com/images/_/*://*.mixpanel.com/trk*^$image
||media.superhumanapp.com/images/_/*://*.mixpanel.com/track*^$image
! Intercom email tracking
||intercom-mail.com/q/*^$document
||media.superhumanapp.com/images/_/*://*.intercom-mail.com/q/*^$image
! YesWare email tracking
||yesware.com/trk*^$document
||yesware.com/t/*^$document
||media.superhumanapp.com/images/_/*://*.yesware.com/trk*^$image
||media.superhumanapp.com/images/_/*://*.yesware.com/t/*^$image
! FullContact email tracking
||fullcontact.com/wf/open*^$document
||media.superhumanapp.com/images/_/*://*.fullcontact.com/wf/open*^$image
! MailChimp email tracking
! e.g. https://media.superhumanapp.com/images/_/https://somehost.us12.list-manage.com/track/open.php?u=3404fd5d424e4db51a22d69b5&id=7412ec3feb&e=9622cfce7b
||list-manage.com/track*^$document
||media.superhumanapp.com/images/_/*://*.list-manage.com/track/*^$image
! Magento email tracking
||magento.com/trk*^$document
||magento.com/wf/open*^$document
||media.superhumanapp.com/images/_/*://*.magento.com/trk*^$image
||media.superhumanapp.com/images/_/*://*.magento.com/wf/open*^$image
! Marketo email tracking
! https://nation.marketo.com/docs/DOC-1190
||marketo.com/trk*^$document
||media.superhumanapp.com/images/_/*://*.marketo.com/trk*^$image
! Insightly email tracking
! https://support.insight.ly/hc/en-us/articles/360004027674-How-to-enable-or-disable-email-tracking
||insgly.net/api/trk*^$document
||media.superhumanapp.com/images/_/*://*.insgly.net/api/trk*^$image
! SalesLoft email tracking
! https://support.salesloft.com/hc/en-us/articles/360027259111-Email-FAQ#How_Are_Opens_Clicks_and_Replies_Tracked
||salesloft.com/email_trackers/*^$document
||media.superhumanapp.com/images/_/*://*.salesloft.com/email_trackers/*^$image
! MixMax email tracking
! https://mixmax.com/resources/track_email/
||mixmax.com/api/track/*^$document
||media.superhumanapp.com/images/_/*://*.mixmax.com/api/track/*^$image
! SalesHandy email tracking
! https://www.saleshandy.com/email-tracking/
||saleshandy.com/web/email/countopened/*^$document
||media.superhumanapp.com/images/_/*://*.saleshandy.com/web/email/countopened/*^$image
! PipeDrive "read receipt" tracking pixel
! https://support.pipedrive.com/hc/en-us/articles/115005541949-Email-Tracking
! PipeDrive sometimes uses Nylas API for open tracking
||api.nylas.com/open/*^$document
||media.superhumanapp.com/images/_/*://api.nylas.com/open/*^$image
! PipeDrive also seems to use sendgrid-style tracking
||email.pipedrive.com/wf/open*^$document
||media.superhumanapp.com/images/_/*://email.pipedrive.com/wf/open*^$image
! ConstantContact email tracking
||rs6.net/on.jsp*^$document
||media.superhumanapp.com/images/_/*://*.rs6.net/on.jsp*^$image
! MandrillApp open tracking
! https://mandrill.zendesk.com/hc/en-us/articles/205582907-How-does-open-tracking-work-
||mandrillapp.com/track/open.php*^$document
||mandrill.*/track/open.php*^$document
||media.superhumanapp.com/images/_/*://mandrillapp.com/track/open.php*^$image
||media.superhumanapp.com/images/_/*://mandrill.*/track/open.php*^$image
! Oracle Eloqua email tracking
! https://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/Emails/CalculatingEmailOpens.htm
! https://media.superhumanapp.com/images/_/https://s1259914507.t.en25.com/e/FooterImages/FooterImage1?elq=34089dc840e54f10ba9fb212d35f0cf2&siteid=1259914507
||en25.com/e/FooterImages/FooterImage1*^$document
||t.eloqua.com/e/FooterImages/FooterImage1*^$document
||media.superhumanapp.com/images/_/*://*.en25.com/e/FooterImages/FooterImage1*^$image
||media.superhumanapp.com/images/_/*://*.t.eloqua.com/e/FooterImages/FooterImage1*^$image
! A stronger Eloqua block would look like this, because hostname is unpredictable
!||media.superhumanapp.com/images/_/*://*/e/FooterImages/FooterImage1*^$image
! Google email marketing tracking pixel
||www.google.com/appserve/mkt/img/*.gif^$document
||media.superhumanapp.com/images/_/*://www.google.com/appserve/mkt/img/*.gif^$image
! Adobe audience manager (demdex)
! demdex.net is already blocked with Peter's list
||media.superhumanapp.com/images/_/*://*.demdex.net/*^$image
! DoubleClick tracker (already blocked in uBlock origin, now block Superhuman version)
||media.superhumanapp.com/images/_/https://ad.doubleclick.net/*^$image
! Not sure what this tracker is, but saw it in the wild
||is-tracking-pixel-api-prod.appspot.com/api/*^$document
||media.superhumanapp.com/images/_/https://is-tracking-pixel-api-prod.appspot.com/api/*^$image
! vtiger sales CRM tracking
||od2.vtiger.com/shorturl.php*^$document
||media.superhumanapp.com/images/_/https://*.od2.vtiger.com/shorturl.php*^$image
! Pete's list already blocks pstmrk.it
||media.superhumanapp.com/images/_/*://*.pstmrk.it/*^$image

Chad Loder

Written by

I talk about #AI and #security, and occasionally do something about it. Founder/CEO @Habitu8 • Founder,VP of Engineering @Rapid7 ($900M IPO)