Is HubSpot Tracking Your Email? How to Block It

Every time a salesperson sends you a tracked email through HubSpot, an invisible 1×1 pixel fires a request back to HubSpot's servers the moment you open it. No notification. No consent banner. Just a quiet log entry recording your timestamp, approximate location, device, and email client — delivered instantly to the sender's CRM. With 288,706 paying HubSpot customers as of December 2025, this is one of the most widespread forms of surveillance in everyday email, and most recipients have no idea it is happening.

Key Takeaways

• HubSpot embeds a 1×1 transparent pixel hosted on t.sidekickopen.com into every tracked email sent through Gmail or Outlook.
• When you open a tracked email, HubSpot logs your timestamp, IP address (approximate location), device type, and email client in real time.
• HubSpot click tracking rewrites every link in the email to route through t.sidekickopen.com first — bypassing Gmail's image proxy entirely.
• Gmail's image proxy shields your IP from pixel fires but offers zero protection against click tracking, where your location and identity are fully exposed.
• Gblock, a Gmail extension, blocks HubSpot tracking pixels and prevents the pixel from firing before your inbox even loads the email.

What Does HubSpot's Tracking Pixel Actually Do?

HubSpot's tracking pixel is an HTML <img> tag — exactly one pixel wide, one pixel tall — injected into the email's HTML with style="display:none" so it renders invisibly. The src attribute points to t.sidekickopen.com, a HubSpot owned domain that acts as the tracking server. When your email client loads the image (which happens automatically when you open the email), it sends an HTTP GET request to that server. HubSpot intercepts the request, records the event, and pushes a real time desktop notification to the sender.

The data collected in that single request includes:

• Timestamp — exact date and time you opened the email
• IP address — used to infer your city, region, and country
• Device type — whether you are on mobile or desktop
• Email client — Gmail, Outlook, Apple Mail, etc.

All of this lands in the sender's HubSpot CRM contact record, attached to your profile, before you have finished reading the subject line.

How Does Click Tracking Work — and Why Is It More Dangerous?

Click tracking is more invasive than open tracking because it cannot be blocked by disabling images. HubSpot rewrites every hyperlink in the tracked email so it routes through t.sidekickopen.com before redirecting to the intended destination. The rewritten URL looks like:

http://t.sidekickopen.com/e1t/c/[encoded-data]/[your-email-url]

When you click any link — an article, a calendar invite, a product page — your browser first hits t.sidekickopen.com, which logs the click event with your IP and a contact identifier tied to your email address, then redirects you to the actual destination. This happens in milliseconds, invisible to most users.

This is significant because Gmail's image proxy (discussed below) only protects against pixel fires during email open. Click events bypass the proxy entirely. Even if you have disabled remote images in Gmail, every link you click in a HubSpot tracked email is still fully logged.

Does Gmail's Image Proxy Protect You?

Gmail's image proxy partially protects you — but only for open tracking, not click tracking. Google introduced its image proxy in 2013, routing all image loads through Google's own servers. When HubSpot's pixel fires, the request arrives from a Google IP address, not yours. This masks your real IP and prevents HubSpot from knowing your exact location or device from the open event alone.

However, the proxy has real limits. The proxy also pre-fetches images at delivery time, which can trigger ghost opens — HubSpot sees an open even if you never actually read the email. More critically: the proxy does nothing for clicks. The moment you click any link in a HubSpot email, your real IP hits t.sidekickopen.com directly.

For a deeper breakdown of what Gmail's proxy does and does not block, see Email Tracking Has Outgrown the Pixel (2026).

How Can You Tell If an Email Is HubSpot Tracked?

You can spot HubSpot tracking by inspecting the raw HTML source of a message. In Gmail, open the email, click the three dot menu in the top right of the message, and select "Show original." Search for sidekickopen or t.sidekickopen.com. If either string appears, the email is tracked.

For links, look at the raw source and check whether URLs begin with http://t.sidekickopen.com/e1t/ — that prefix is HubSpot's click tracking wrapper. Every link with that prefix logs your click back to the sender's CRM.

Doing this manually for every email is impractical. But it demonstrates how embedded the tracking is — it is not a separate attachment or a suspicious external image. It is woven into the email's structure by design. For a full manual inspection walkthrough, see how to tell if your email is being tracked.

Why Should Email Recipients Care?

Most people assume email is a one way channel: you receive it, you read it, nothing happens on the other end. HubSpot tracking flips that assumption. Opening an email becomes an act of data transmission. The sender knows when you read their message, from roughly where, and on what device. Sales teams use this information to time follow up calls — contacting you within minutes of an open is a documented sales tactic enabled directly by this data.

The click tracking dimension is worse. If a salesperson sends you an email with five links and you click one, they know exactly which link you clicked, at what time, and can correlate that with your CRM profile. Over a series of exchanges, this builds a behavioral log of your interests and reading habits — all without your knowledge.

HubSpot is not alone here. Yesware, Streak, and Mixmax all use the same pixel plus click redirect architecture. The technical implementation differs slightly (different tracking domains, different link encoding schemes) but the outcome is identical: recipients are profiled without consent. With nearly 300,000 paying HubSpot customers worldwide, tens of millions of tracked emails are sent daily.

How to Block HubSpot Email Tracking

There are three approaches, ordered by effectiveness:

1. Use Gblock (most effective)

Gblock is a Chrome extension built specifically to block tracking pixels in Gmail. It intercepts image load requests before they reach t.sidekickopen.com, so the pixel never fires — HubSpot never records an open, and the sender gets no notification. Gblock handles HubSpot tracking as well as pixels from Yesware, Streak, Mixmax, and dozens of other sales tools, all without you needing to inspect email source manually. For click tracking, Gblock alerts you to tracked links so you know before you click.

2. Disable remote images in Gmail

In Gmail settings, go to Settings → General → Images → "Ask before displaying external images." This prevents automatic pixel fires on open. The trade off: every email looks broken until you manually approve images, and it does nothing for click tracking.

3. Switch to plain text mode

Reading emails in plain text strips HTML entirely, eliminating pixel tracking. In Gmail, click the three dot menu in an email → "View as plain text." This is effective but strips formatting from every email, including legitimate ones.

Of these three options, only Gblock handles both open tracking and flags tracked links — without degrading your email experience. See also: Email Tracker Chrome Extensions (and How to Block Them).

What About HubSpot's Privacy Settings?

HubSpot does offer a data privacy setting that, when enabled, restricts tracking to contacts who have a documented legal basis for communication under GDPR. In theory, this means you would only be tracked if the sending organization has a legitimate lawful basis on file for your contact record.

In practice, most HubSpot customers do not enable this setting. It requires deliberate configuration and adds friction to sales workflows. There is no mechanism that forces senders to opt in before tracking is active — tracking is on by default, and the privacy setting is opt in for the sender's organization. As a recipient, you have no visibility into whether a given HubSpot customer has enabled it.

This is the structural problem with consent in email tracking: the burden falls entirely on the recipient to discover, investigate, and block, while the sender's default configuration does the opposite.

Block It Before It Fires

HubSpot's tracking is technically straightforward — a 1×1 pixel and rewritten links — but its reach is enormous. Nearly 300,000 paying HubSpot customers means tens of millions of tracked emails sent daily, each silently profiling recipients. Gmail's image proxy helps at the margins, but click tracking — the more revealing data point — bypasses it entirely.

The only reliable fix is blocking at the source, before the pixel fires. Gblock does exactly that, running silently in the background while you read email normally. No manual inspection. No broken images. No data sent to t.sidekickopen.com.

Sources: HubSpot Knowledge Base: Email open and click tracking | HubSpot Q4 2025 Earnings.