Due to the way that Google caches images in GMail, many users of that service believe their location is protected from the prying eyes of spymail senders. While this is true as long as you check you email in Gmail's web or mobile clients, it is not true for other email clients including Outlook for desktop, Outlook mobile, apple mail, android mail, and others. To show you this in action I conducted a vulnerability test with MailControl, and sent myself three emails to the same Gsuite address. The first email I opened from the Gmail web client. As you can see, the IP address and location are Google's:
Top: Spymail #1. Bottom: Infor revealed when opened in GMail web client
The second email I opened in Outlook. Here you can see my IP address, location, and device information were all exposed:
Top: Spymail #2. Bottom: Info revealed when opened in Outlook (IP Address blurred)
The final email I opened on the default mail app on my Samsung Galaxy. Here again you can see that my IP address, location, and device info were all compromised:
Top: Spymail #3. Bottom: Info revealed when opened in Android mail (IP Address blurred)
Thus, it is the Gmail client - and not the Gmail service - that protects your IP address, location, and device info. MailControl EPS, on the other hand, rips out the tracking before the email ever reaches your mailbox so that you are protected regardless of the email client you use.
Chad Gilles manages customer strategy and legal affairs for MailControl. Chad came to MailControl from a law firm where he spent 9+ years working with startups and intellectual property. Prior to that he worked as an electrical engineer for a startup and a multinational corporation.