I had a demo for some high-school students for an ethics and tech class that successfully demonstrated these with a GMail account, so when this started happening I got very upset lol.

So does Apple's Mail Client. So do most webmail providers. Open signals are generally worthless.

You might want to read https://www.grepular.com/Apples_Protect_Mail_Activity_Doesnt...

When Gmail downloads the image it identifies itself as GoogleImageProxy, and will be coming from a GCP/Google ASN.

Similar signal will be there for any email provider or server-side filter that downloads the content for malware inspection.

Pixel trackers are nearly never implemented in-house, because it's basically impossible for you to do your own email. So the tracker is a function of the batteries-included sending email provider. Those guys do that for a living, so they are sophisticated, and filter on the provider download of images.

I think gmail adds some heuristics on top of it, like if the same image was included in emails to multiple people.

At least that's what I remember from them announcing the feature. No idea about other providers, and I haven't tested the feature myself.

With a proper personalized tracking pixel, a simple deduplication won't catch it—the whole point is that each email's tracking pixel has a unique URL that lets them know that you opened the email.

It is, of course, very possible that Google has heuristics that can catch tracking pixels—in fact, I would go so far as to say that if they chose to, they 100% could, probably tomorrow. But given where Google makes its money, I would not in the least trust them to do that for me.