Jun 21, 2026 · 7 min read
Is Instantly.ai Tracking Your Email? How to Block It
Instantly.ai is one of the fastest-growing cold email platforms on the market — and every message it sends silently records when you opened it, what device you used, and roughly where you were located. You never asked for any of that.
You did not sign up for Instantly.ai. You did not opt into its tracking. But the moment you opened that cold sales email, Instantly.ai email tracking logged your IP address, your email client, your device type, and the exact timestamp — all routed back to the sender's dashboard in real time. The sender now knows you are a real person who reads email at 9:43 AM on a Tuesday from what appears to be London.
Instantly.ai powers outreach for over 40,000 businesses worldwide, making it one of the most common sources of tracked cold email in most professionals' inboxes. This article explains exactly how the tracking works, what telltale signs appear in Gmail, what the law says about it, and how to make it stop.
Key Takeaways
- Instantly.ai is used by more than 40,000 businesses to automate cold email outreach, making it one of the most common sources of tracked unsolicited email in professional inboxes.
- Every Instantly.ai tracked email embeds a 1×1 transparent pixel that captures your IP address, device type, email client, and the precise timestamp of each open.
- Instantly.ai allows senders to configure custom tracking domains — meaning the
inst.lioritrackly.comfingerprints may be replaced by an arbitrary sender-owned subdomain. - France's CNIL published its first formal recommendation on email tracking pixels in April 2026, establishing that individual open tracking of EU recipients without prior consent is unlawful under GDPR.
- Gblock automatically blocks Instantly.ai tracking pixels and click redirects in Gmail, including those served from custom sender domains.
What Is Instantly.ai?
Instantly.ai is a cold email automation platform built for B2B sales teams, growth agencies, and solo founders running outbound campaigns. Its core feature set covers multi-inbox sequencing (sending campaigns from dozens of email accounts simultaneously), AI-driven email warm-up to build sender reputation, and a built-in lead database for prospecting. Over 40,000 customers use the platform globally, ranging from solo consultants to enterprise SDR teams.
It competes directly with Lemlist, Reply.io, and Woodpecker — all platforms that share the same fundamental tracking architecture. The business model depends on showing senders who opened what, when, and how many times, because that engagement data drives the automated follow-up logic. The tracking is not a feature bolted on the side. It is the core feedback loop the product is built around.
For comparison, see how the sister platforms work: Is Reply.io tracking your email and Is Lemlist tracking your email.
How Does Instantly.ai Track Email Opens?
Instantly.ai open tracking works through a 1×1 transparent GIF or PNG embedded in the HTML body of each outgoing email. The pixel is invisible — it has no visual presence in the rendered message. But when your email client loads the image, it sends an HTTP GET request to Instantly.ai's tracking server, carrying your IP address, the User-Agent string identifying your email client and operating system, and the exact time of the request.
Instantly.ai's default tracking infrastructure routes these pixel requests through domains including inst.li and, for some configurations, subdomains of itrackly.com — the platform Instantly uses for its custom tracking domain CNAME setup. Senders who configure a Custom Tracking Domain replace these with a subdomain they control, such as track.their-company.com, making the Instantly.ai origin invisible at the domain level.
Gmail's image proxy partially obscures this: when Gmail loads images on your behalf, Instantly.ai's server sees Google's proxy IP rather than your device's IP. This softens location precision but does not eliminate it — the platform still logs your email client, your open time, and the campaign identifier tied to your specific email address. Click tracking bypasses the proxy entirely.
What Data Does Instantly.ai Collect?
When an Instantly.ai tracked email is opened and a link is clicked, the platform logs the following for each recipient individually:
- Timestamp of each open, with millisecond precision
- IP address at time of open (your device IP, or Google's proxy IP if Gmail's image loading is active)
- Approximate geographic location derived from IP geolocation
- Email client and version (Gmail, Outlook, Apple Mail, etc.)
- Device type (desktop vs. mobile) and operating system
- Number of times the email was opened (reopen count)
- Which specific links were clicked and when
This data populates the sender's campaign analytics dashboard in real time, and it feeds the automated sequence logic — the platform uses engagement signals to determine whether to send the next follow-up, pause the sequence, or route the contact to a different message variant. Your opens do not just get recorded. They actively control how and when you are contacted next.
How to Spot an Instantly.ai Email in Gmail
You cannot identify an Instantly.ai email just by looking at it — that is the point. But the email source reveals the tracking infrastructure. In Gmail, open any suspected cold email and click the three-dot menu → "Show original" to view the raw message source.
Look for these signatures:
inst.liappearing in any image URL or link href — this is Instantly.ai's default short-link and pixel domainitrackly.comin any URL — the backend infrastructure Instantly.ai's custom domain setup points to- A redirect link structure where hovering over a text link in Gmail shows it routes through a third-party subdomain before reaching the stated destination
- The header
X-Mailer: Instantlyor sending infrastructure routed through Instantly.ai's delivery partners
When senders configure a Custom Tracking Domain, none of these signatures appear. The pixel and redirect links use the sender's own subdomain — indistinguishable from a first-party link unless you trace the DNS CNAME chain back to prox.itrackly.com. This is by design. Instantly.ai markets custom domains partly as a deliverability improvement, but the privacy consequence is that recipients have no simple way to identify which cold emails are being tracked by the platform.
The Phantom Opens Problem
Here is a detail that cuts both ways. Instantly.ai users frequently report inflated open rates — sequences showing 60–70% open rates that cannot possibly reflect actual human engagement. The culprit is AI-powered mail security infrastructure: Google Workspace's Safe Links, Microsoft Defender for Office 365, and similar enterprise security tools pre-fetch all URLs and images in incoming messages before they reach the recipient's inbox.
When these scanners fire, they trigger the tracking pixel — logging a phantom open that Instantly.ai attributes to the human recipient. Instantly.ai acknowledges this problem, noting that Apple Mail Privacy Protection alone accounts for prefetched opens across roughly 49% of email client market share as of early 2025. Eksido research estimated that up to 75% of reported opens in some B2B segments may be artificial. Source: https://instantly.ai/blog/email-open-tracking-how-it-works-accuracy-rates-and-why-your-open-metrics-may-be-seen-as-wrong/
From a recipient's perspective, this matters: if you use Google Workspace with Safe Links enabled, there is a reasonable chance Instantly.ai has already logged your address as an "engaged" contact — before you ever personally opened the email. You may be receiving more follow-ups as a result of tracking data you did not generate.
Is Instantly.ai Email Tracking Legal?
In the United States, CAN-SPAM governs commercial email but imposes no consent requirement for tracking pixels. A US-based sender can legally embed an Instantly.ai tracking pixel in a cold email to a US recipient without any disclosure, and there is no legal mechanism forcing removal of your data from their analytics.
GDPR reaches a different conclusion when EU recipients are involved. France's CNIL issued its first formal recommendation specifically on email tracking pixels in April 2026, establishing that individually identifying when a specific person opened an email — and profiling their behavior based on that data — requires prior explicit consent. The CNIL's position, which is binding on companies processing data of French residents, makes the standard Instantly.ai model unlawful for EU-targeted cold outreach without prior consent. Source: https://www.uniconsent.com/blog/cnil-email-tracking-pixels-recommendation
Aggregate campaign statistics — "what percentage of recipients opened the email" without individual attribution — sit in a different category. But the data Instantly.ai collects is individually attributed by design: the platform shows senders which specific email address opened, when, how many times, and which links they clicked. That is the individualized profiling GDPR and the CNIL specifically target.
The implication chain extends further than most coverage acknowledges: if CNIL's pixel consent standard is adopted by other EU data protection authorities — which their coordination mechanism through the European Data Protection Board makes likely — then the entire model of cold email open tracking becomes legally precarious for any campaign touching EU inboxes, regardless of which platform sends it. Instantly.ai, Lemlist, Reply.io, and Woodpecker all face the same structural exposure.
Why Email Users Should Care
Cold email tracking is distinct from marketing email tracking in one critical way: you never opted in. Newsletter tracking, however invasive, at least involves a list you signed up for. Cold email tracking by platforms like Instantly.ai operates on contact lists scraped from LinkedIn, purchased databases, and lead enrichment tools — lists that contain your name and email address without any consent from you.
The data Instantly.ai collects from your opens feeds directly into the sequencing engine targeting you. Open at 9 AM on Monday? The system schedules follow-ups for Monday morning. Click a link about pricing? The next email in the sequence pivots to a sales conversation. Your behavioral data from a single unsolicited email creates a behavioral model that shapes every subsequent contact attempt — and you have no visibility into that model, no access to request deletion, and no mechanism to opt out of the tracking itself (as distinct from unsubscribing from the sequence).
Multiply this across the 40,000 businesses using Instantly.ai, each running multiple campaigns to lists of thousands, and the scale becomes significant. If you receive any volume of cold sales email in Gmail, Instantly.ai email tracking is almost certainly present in your inbox right now.
Instantly.ai vs Lemlist vs Reply.io: What Each Platform Tracks
All three platforms share the same fundamental architecture. The differences are in custom domain support and how aggressively the tracking data feeds AI automation:
| Feature | Instantly.ai | Lemlist | Reply.io |
|---|---|---|---|
| Open tracking pixel | Yes | Yes | Yes |
| Click redirect tracking | Yes | Yes | Yes |
| Custom tracking domain | Yes (via itrackly.com CNAME) | Yes | Yes (Branded URLs) |
| IP address logged | Yes | Yes | Yes |
| AI-driven follow-up sequencing | Yes | Partial | Yes |
| Default tracking domain | inst.li | lemlist.com subdomains | reply.io subdomains |
| Remove from list option | Unsubscribe link (stops sequence, not tracking) | Unsubscribe link | Unsubscribe link |
Note: clicking "unsubscribe" on any of these platforms removes you from the active sequence. It does not delete the tracking data already collected, and it does not prevent your address from being imported into a different campaign by the same or a different sender.
How to Block Instantly.ai Email Tracking in Gmail
Three options exist, with very different levels of effectiveness:
1. Disable automatic image loading. In Gmail, go to Settings → General → Images → "Ask before displaying external images." This prevents the tracking pixel from firing when you open an email, because the pixel requires image loading to trigger. The limitation: it breaks every email with images in it, requires you to manually approve images in every message, and does nothing about click tracking — every link you click still routes through Instantly.ai's infrastructure, logging your IP directly.
2. Use Gblock. Get Gblock for Gmail — Gblock is a Gmail extension that identifies and neutralizes tracking pixels and click redirect links before they fire, including Instantly.ai's default inst.li infrastructure and custom sender-controlled tracking domains. Because Gblock uses behavioral pattern detection rather than a static domain blocklist, it catches Instantly.ai tracking even when senders have configured a Custom Tracking Domain pointing to itrackly.com under their own subdomain. You keep images enabled for legitimate emails; the tracking signals never reach Instantly.ai's dashboard. Cold email open tracking from platforms like Instantly.ai is one of the core use cases Gblock was built to handle.
3. Plain text rendering. Gmail has no native "plain text only" mode, but some third-party tools force it. Stripping HTML removes the pixel and all link rewrites entirely — but renders every properly formatted email as raw text, which is impractical for most people.
For a broader overview of your options, see how to block email tracking in Gmail — including a full comparison of extensions, browser settings, and manual techniques.