"I just came across this email," began the message, a long overdue reply. But I knew the sender was lying. He’d opened my email nearly six months ago. On a Mac. In Palo Alto. At night.

I knew this because I was running the email tracking service Streak, which notified me as soon as my message had been opened. It told me where, when, and on what kind of device it was read. With Streak enabled, I felt like an inside trader whenever I glanced at my inbox, privy to details that gave me maybe a little too much information. And I certainly wasn’t alone.

There are some 269 billion emails sent and received daily. That’s roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an “email intelligence” company that also builds anti-tracking tools.

The tech is pretty simple. Tracking clients embed a line of code in the body of an email—usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online.

But lately, a surprising—and growing—number of tracked emails are being sent not from corporations, but acquaintances. “We have been in touch with users that were tracked by their spouses, business partners, competitors,” says Florian Seroussi, the founder of OMC. “It's the wild, wild west out there.”

According to OMC's data, a full 19 percent of all “conversational” email is now tracked. That’s one in five of the emails you get from your friends. And you probably never noticed.

“Surprisingly, while there is a vast literature on web tracking, email tracking has seen little research,” noted an October 2017 paper published by three Princeton computer scientists. All of this means that billions of emails are sent every day to millions of people who have never consented in any way to be tracked, but are being tracked nonetheless. And Seroussi believes that some, at least, are in serious danger as a result.

As recently as the mid-2000s, email tracking was almost entirely unknown to the mainstream public. Then in 2006, an early tracking service called ReadNotify made waves when a lawsuit revealed that HP had used the product to trace the origins of a scandalous email that had leaked to the press. The intrusiveness (and simplicity) of the tactic came as something of a shock, even though newsletter services, salespeople, and marketers had long used email tracking to gather data.

Seroussi says that Gmail was the ice breaker here—he points back to the days when sponsored links first started showing up in our inboxes, based on tracked data. At the time it seemed invasive, even unsettling. “Now," he says, "it’s common knowledge and everyone’s fine with it.” Gmail’s foray was the signal flare; when advertisers and salespeople realized they too could send targeted ads based on tracked data, with little lasting pushback, the practice grew more pervasive.

“I do not know of a single established sales team in [the online sales industry] that does not use some form of email open tracking,” says John-Henry Scherck, a content marketing pro and the principal consultant at Growth Plays. “I think it will be a matter of time before either everyone uses them,” Scherck says, “or major email providers block them entirely.”

That's partly to do with spam. "Competent spammers will track any activity on your email because they tend to buy entire lists of addresses and will actively try to rule out spam traps or unused emails,” says Andrei Afloarei, a spam researcher with Bitdefender. “If you click on any link in one of their messages they will know your address is being used and might actually cause them to send more spam your way.”