Google yesterday announced that it will automatically display the embedded images in emails by default, which was previously disabled by Google.
By enabling this feature, Google made a mistake, now sender is able to track whether the user have opened the mail or not.
An attacker with a unique image link (eg:www.breakthesecurity.com/123456.jpg) can easily determine when the recipient opened the mail.
"Turning those images on means we’ll be more accurate when tracking unique opens."MailChimp, a bulk Mail service, said in their blog post.
"GMail's new image caching doesn't occur until the user views the message, still provides read tracking." HD Moore, security researcher commented about this new feature in his tweet.
You can disable this feature by choosing the option "Ask before showing" in the "image" section under the General tab in settings. However, it is still in question how many of users going to disable it, most of them don't bother.