Email Privacy Tester
Email Privacy Tester Icon

Quick tool, that enables you to test whether your mail client "reads" your emails before you've opened them, and also checks what analytics, read-receipts or other tracking data your mail client allows to be sent back to the sender. The system is open source (on GitLab), developed by Mike Cardwell and trusted, but if you do not want to use your real email, creating a second account with the same provider, should yield identical results.

Open Source

Email Privacy Tester Source Code




The Email Privacy Tester




03 May 12

Last Updated

25 Jul 23

Primary Language


83 KB







Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • Mike Cardwell (20 Feb 16)

    Project moved to gitlab

  • Mike Cardwell (03 Aug 15)

    Full path to imports in less

  • Mike Cardwell (03 Aug 15)

    Client IP being doesn't mean there is definitely a proxy in front of Node

  • Mike Cardwell (03 Aug 15)

    Be more specific about dependency versions

  • Mike Cardwell (03 Aug 15)

    Fix typo in SQL

  • Mike Cardwell (14 Oct 13)

    Add engines

  • Mike Cardwell (14 Oct 13)

    Add index to email table. Large performance improvement

  • Mike Cardwell (14 Oct 13)

    New test: img srcset

  • Mike Cardwell (14 Oct 13)

    Use pre-compiled css when it exists

  • Mike Cardwell (23 Aug 13)

    Updated to use new MySQL connection creation API

  • Mike Cardwell (16 Dec 12)

    Obfuscate the XSS alert in the file name as people are seeing the filename and assuming it applies to them

  • Mike Cardwell (03 Aug 12)

    Replaced some deprecated pre-v3 Express functions with their new ones

  • Mike Cardwell (03 Aug 12)

    Works with Express v3 now. No longer works with older versions

  • Mike Cardwell (21 Jun 12)

    Change content type of "XSS in filename" attachment from js to png. Spam filters don't like js attachments

  • Mike Cardwell (20 Jun 12)

    JavaScript payload in attachment filename

  • Mike Cardwell (20 Jun 12)

    Set the correct content type on the svg and css attachments

  • Mike Cardwell (24 May 12)

    The "js" test should output some javascript as well as the script_in_script test

  • Mike Cardwell (17 May 12)

    Unique description meta tags for each page

  • Mike Cardwell (17 May 12)

    Add a link to my tech blog on the results pages

  • Mike Cardwell (16 May 12)

    Display an informative message on the callback page when an email client honours the meta refresh tag

  • Mike Cardwell (16 May 12)

    Display information about missing results if somebody tries to view an old result set

  • Mike Cardwell (16 May 12)

    Escaped the apostrophe properly so the XSS payload in the script_in_script test actually works

  • Mike Cardwell (08 May 12)

    Remove leading and trailing whitespace from submitted email addresses

  • Mike Cardwell (08 May 12)

    Detect the client IP ASAP as it becomes impossible if the client disconnects first

  • Mike Cardwell (06 May 12)

    Add XSS payload to the script_in_script test response

  • Mike Cardwell (06 May 12)

    Added RSS and Atom links

  • Mike Cardwell (06 May 12)

    Added a bitcoin donate link

  • Mike Cardwell (06 May 12)

    Added some authorship information and links to the footer of each page

  • Mike Cardwell (06 May 12)

    Added a Flattr badge to the top right hand corned of each page

  • Mike Cardwell (06 May 12)

    Route test callbacks which contain additional path elements. The applet test seems to add an additional /applet.class to the end.

Email Privacy Tester Website



Does not redirect

Security Checks

3 security checks failed (63 passed)

  • Empty Page Title
  • Domain Recently Created
  • Domain Very Recently Created

Server Details

  • IP Address
  • Hostname
  • Location Hong Kong, Hong Kong, Hong Kong, AS
  • ISP Contabo GmbH
  • ASN AS51167

Associated Countries

  • LT
  • HK

Saftey Score

Website marked as safe


Blacklist Check was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Email Privacy Tester Reviews

More Email Security Tools

About the Data: Email Privacy Tester


You can access Email Privacy Tester's data programmatically via our API. Simply make a GET request to:

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Email Privacy Tester

Help your friends compare Email Security Tools, and pick privacy-respecting software and services.
Share Email Privacy Tester and Awesome Privacy with your network!

View Email Security Tools (3)