Black Friday spam felt brutal this year. Turns out it’s worse than you thought.

A new report from Proton, an encrypted email service, reveals that 80% of major retailers embed hidden tracking pixels into their marketing emails. These trackers monitor whether you opened the message, what device you used, and which links you clicked. Plus, every interaction feeds their data machine and triggers more spam.

The findings raise uncomfortable questions about consumer privacy. Your inbox isn’t just cluttered. It’s actively spying on you.

The Study That Exposed Email Surveillance

Proton created a dedicated inbox to capture marketing emails between November 4 and December 1. This window covered the entire Black Friday and Cyber Monday frenzy.

Before displaying each email, Proton’s servers scanned the message code against a database of known tracking domains and pixel signatures. They examined 50 of the largest US retailers with both online and physical stores. Each email was analyzed for timestamp, sender, subject line, and whether it contained embedded tracking links or pixels.

The researchers combined this data with loyalty program membership counts, market share figures, and email frequency patterns from similar retailers. Then they ranked companies into four categories based on how aggressively they tracked and spammed customers.

The Worst Offenders Bombard You Daily

CB2, Anthropologie, Victoria’s Secret, VS Pink and Crate & Barrel topped the “worst of the worst” list. These brands sent the highest daily email frequency across the entire study period.

Hidden tracking pixels embedded in marketing emails monitor customer behavior

“These brands represent the highest daily frequency across the full study window — the ones constantly vying for attention,” the study noted. So they’re not just tracking you. They’re doing it relentlessly, multiple times per day.

Meanwhile, some retailers actually showed restraint. Nike, Bass Pro Shops, H&M, New Balance and Burlington earned spots in the “most respectful” group. They sent zero emails with tracking pixels during the monitoring period.

That’s the standard other retailers could meet. But most choose not to.

What These Trackers Actually Collect

Hidden pixels and tracking links reveal more than you’d expect. They tell retailers exactly when you opened the email, often down to the minute. They identify your device type, operating system, and email client. They track which specific links you clicked and how long you spent reading.

This data builds a detailed profile of your behavior. Retailers use it to determine which subject lines work, what time of day you’re most likely to engage, and which products grab your attention. Then they optimize future campaigns to exploit those patterns.

“The Spam Watch findings confirm a harsh reality: The inbox has become a high-volume, high-noise channel where brands battle for attention while silently gathering data on every open,” said Anant Vijay Singh, head of product at Proton Mail. “This is not accidental — it is an engineered assault on your attention and your privacy.”

Opening a tracked email doesn’t just give them data. It signals that you’re an active target worth bombarding with more messages.

Black Friday Made Everything Worse

The period surrounding Black Friday and Cyber Monday saw spam volumes spike dramatically. Retailers knew shoppers were actively looking for deals. So they cranked up both email frequency and tracking intensity.

Retailers ranked from worst offenders to most respectful email practices

Most companies sent multiple emails per day during this window. Some sent more than five daily messages. Each one contained tracking pixels designed to monitor your engagement.

The combination creates a feedback loop. You open one email about a sale. The retailer notes your interest and sends more emails. You open those too, confirming you’re responsive. Soon you’re getting ten emails per day from the same brand.

This isn’t accidental spam. It’s calculated surveillance.

How to Stop Retailers From Tracking You

You have several options to reduce tracking and spam. None are perfect, but they all help.

First, use email protection services. DuckDuckGo offers a free email protection feature that strips tracking pixels from messages before they reach your inbox. Proton Mail includes similar protection built into its encrypted email service. Both work by routing emails through their servers, which remove tracking code automatically.

Second, iPhone users with iCloud Plus can enable Hide My Email. This feature generates random email addresses that forward to your real inbox. When retailers inevitably sell your data or spam you excessively, you can disable that specific forwarded address without changing your actual email.

Third, consider data removal services like Optery. These services scan data broker databases and request removal of your personal information. While they can’t stop retailers from tracking your email opens, they limit how much additional data circulates about you online.

Finally, unsubscribe aggressively. Yes, it’s tedious. But every marketing email you eliminate is one less tracking opportunity for retailers. Most companies are legally required to honor unsubscribe requests within 10 business days.

Tracking data builds detailed profiles to optimize future campaigns

The Privacy Problem Nobody’s Fixing

Email tracking has become standard practice because it works and because there’s minimal regulation stopping it. Retailers argue they need these metrics to improve customer experience. But that’s corporate spin for “we want to manipulate you more effectively.”

The real issue? Most consumers have no idea this tracking exists. When you open an email, you don’t see the hidden pixel loading. You don’t know the retailer just logged your device type and location. The surveillance happens silently.

Moreover, retailers share and sell this data. Your email engagement patterns might be used by third-party advertisers, data brokers, or analytics companies you’ve never heard of. That Black Friday email from Anthropologie could feed a profile that follows you across the internet.

European privacy regulations like GDPR require explicit consent for this kind of tracking. But US consumers enjoy no such protections. So retailers track freely and face no consequences.

The Real Cost of “Free” Marketing Emails

Marketing emails aren’t free. You pay with your privacy and attention. Every tracked message trains algorithms to manipulate you better. Every data point feeds profiles that follow you across devices and platforms.

Retailers have turned your inbox into a surveillance tool. They’ve normalized constant monitoring under the guise of “personalized shopping experiences.” Meanwhile, they flood you with dozens of daily messages designed to maximize their revenue, not your satisfaction.

The solution isn’t complicated. Demand better from companies. Use privacy tools that block tracking. Support regulations that limit corporate data collection. Your inbox shouldn’t be a battleground where retailers fight for attention while harvesting your information.

Until consumer pressure forces change, this will only get worse. So protect yourself now. Because retailers certainly won’t do it for you.