SendGrid appends a tracking pixel even when disabled
cappe.github.ioBTW, don't use SendGrid unless you intend to pay them lots of money for a dedicated IP. I've been using them for a couple of years now and it's extremely frustrating, because they are used by spammers and do not react quickly enough or simply do not care. Some of your E-mails will end up sent from IPs that landed in various anti-spam blackhole systems already and will never reach their destination.
This happens regularly and makes SendGrid totally useless for transactional E-mail (I prefer to send it myself) and problematic for things like product updates.
I complained to them about this problem many times and it is my impression that this is a way to force-upsell customers to higher plans with dedicated IPs.
I'm not sure this is limited to SendGrid. Are there comparable email services that don't use shared IPs or that have done a consistently good job of stopping spammers? I've had moderate-to-poor luck with Mailgun (Yahoo and Microsoft don't really like them much).
AWS SES doesn't seem to have a problem, but you have to describe your usage and verify the domain from which you will be sending.
They usually act within 24h to enable sending if you have set up everything.
Postmark is next on my list of services to try. They specifically say "It’s our job to provide you with great deliverability with or without dedicated IP addresses" and they allow you to separate transactional E-mails from the rest.
Thanks for the insight. It's the only mailer service I've used so far but seems like I gotta do some exploring.
I've been exploring lately, and the only two I've actually tried so far are SendGrid and Amazon SES. Both of them have a free tier that lets me play. Both of them have so far had pretty poor deliverability due to being in blacklists, though SendGrid has been better.
I'm just looking for something that doesn't cost an arm and a leg for the minimal email volume I send, and that has better deliverability than sending myself with a VPS, as there's usually at least one bad actor in any /24 your typical VPS will land in and that punishes your deilverability.
Postmark works well for transactional email. We've seen consistently good deliverability over time.
I used them at the previous company I worked. They were just launching their products.
They have the best support I ever encountered, we were having weird delivery issue on some specific clients and they help us debug the whole problem.
They have more than fair pricing and actually do a manual verification when you want to start using them (and not just testing with your own domain).
Their hobbyist tier is 100 mails per month. No credit card required.
Thanks! It was on my list to check out, I guess I'll do that now :)
Personally I stopped using SendGrid when they forced everyone to start using insecure 2FA (requiring a phone number instead of the normal OTP/TOTP that can be setup via any authentication app), presumably to force more people to use Twillio services or something.
I stopped using them because of their awful support. The shared IP address our emails were coming from must have gotten on to a blacklist because 35% of our emails started being rejected overnight (not even making it to spam!) and their response was "just wait a few weeks, email reputation improves with time" like you can run a business when there's a 1 in 3 chance of any communication with a customer disappearing?!
Moved to SES and been smooth sailing since (and a lot cheaper).
The support has gotten worse since Twilio took over. Even if you ignore delays, they struggle to understand problems quickly. We've had a couple of incidents where they are hitting our webhook over and over for days and prove unable to diagnose it properly.
The service at a technical level is pretty good. It does the job, the pricing is fine, and deliverability is good. I think their IP address space is considered a bad neighborhood by some spam filtering systems though, since we can't send email to systems protected by Mimecast (sorry Red Hat, Packt, Siemens, et al.) despite our own dedicated IPs having very solid reputation and histories.
Yeah, Twilio tried to force that on me as well. Couldn't enable 2FA auth without a phone number and since I'm a digital nomad phone numbers and sim cards are a pain point.
Opted just not to use Twilio.
It's bizarre because they own Authy so could have pushed more people towards that instead.
Their 2FA uses the twilio authenticator app now.
Heavy Sendgrid user here, and while the customer support agent quoted in the post does say this, I can confirm we are not experiencing the same issue with normal emails sent via the API. (Just for anyone who was worried.)
That's probably the only way with SendGrid to strip down all of the trackers. Single Send is simple to use but apparently dude's gotta write his own mailer script to send emails via the API.
I've taken a look and a lot of this single send/marketing stuff seems new (to me – it could well be a few years old!). I don't think it was in place when we started using Sendgrid several years ago. Sendgrid has only been an email "pipe" to us – no campaign or list management, email designing, etc. I think they've added that stuff on top of their traditional offering in recent years.
I suggest checking Tracking settings in your Sendgrid account. I found myself in a similar situation with a tracking pixel being embedded in my personal email notifications. After checking the settings page, turns out Open tracking and Click tracking were enabled, even though I always disable everything spyware-related in every account I create. I can only assume they were silently added and enabled at some point during the last couple of years.
As you can see from the blog post, those tracking settings are/were disabled. As a developer I know that it's easy to leave wrong default values on checkboxes so I went to first disable them (it was enabled by default) -> enable -> disable.
The tracking pixel was added in test emails as well as in the actual emails nevertheless.
I'm not arguing with the premise of the blog post. In my case, the emails were send as "single-send", not a part of a campaign, so disabling the options worked. But the blog post was very helpful nonetheless, as it lead me to discover the mysteriously enabled tracking options, which I would have never got around to checking myself.
Even better, I checked the actual HTML received from a few recent campaigns - no Sendgrid tracking either at link or image level, luckily! :-)
Anyone from Sendgrid here? Would love some clarification on this.
Also other tools like hotjar have an explicit option to override DNT (do not track). Feels like it should be illegal.
There's additionally a mail setting for list management that interacts with tracking. That one might need to be disabled as well. This is very poorly documented.
Thanks for helping out, I'll go through the settings one more time. The customer service just repeated the same mantra that the tracking pixel is always added, regardless of what the Open Tracking setting is.
Not an expert at all, but my basic understanding of GDPR is if you outsource a service to a 3rd party and they collect data or do any processing that they shouldn't, you are essentially responsible.
It makes sense. I'm the one selecting the tooling afterall so I should also be responsible for making sure to comply with whatever laws/directives there are.
This being said, it feels unfair when you try to comply but somebody fucks you over.