Oggyo Proton says this on their website
Spy pixel protection: We remove known email trackers whenever you receive an email. We also pre-load other remote images on your behalf using a proxy with a generic IP address and geolocation. This hides your personal information and the exact time you opened the email. Images are cached for a few days for faster, secure access.
- Embedding the snippet: A small snippet of HTML or JavaScript code containing the pixel URL is embedded in the webpage or email — usually graphics.
- Triggering the snippet: When you open the page or email, your browser or email client automatically requests the image from the server.
We maintain our own link detection list and also use open-source block lists that are continuously updated.
In addition, removing tracking parameters from a link sometimes means it no longer works. If you believe we missed some tracking parameters, you can submit a bug report to let our team know.
When opening certain Wise emails, about transactions, I saw it pop up in my DNS resolver trying to contact their home domain. So my guess is, it is one of those snippets that loads just by opening the email.
I contacted Proton some months ago about it, but they seemed to just have closed the report after I didn't reply if it is still not solved.
I do not really care personally anymore because I just block the request now with my DNS resolver. I don't know if the tracker are still there, because I didn't use Wise recently.
My behavior changed to whitelist IPs more, otherwise lockdown everything. The concept of just allowing everything by default seems very flawed.
I wish apps would come with a basic set of IPs/domains they need to contact, and everything in addition to them would need to be whitelisted by the user in a popup.