Is Email Tracker by Mailtrack® safe to use?

Email Tracker by Mailtrack® has a risk level of MEDIUM with an overall risk score of 3.8/10. Our scan detected 176 security findings. This extension has some risks worth reviewing.

What permissions does Email Tracker by Mailtrack® request?

Email Tracker by Mailtrack® requests the following permissions: storage, declarativeNetRequestWithHostAccess, notifications. It also requests host access to: *://*.mailtrack.io/*, *://mailtrack.io/*, *://*.mailsuite.com/*, *://mailsuite.com/*, https://mail.google.com/*, *://*.googleusercontent.com/*, https://api.rollbar.com/*, https://http-intake.logs.datadoghq.eu/*, https://mrt-attachments-prod.s3.eu-west-1.amazonaws.com/*, https://mt-file-tracking-temp.s3.eu-west-1.amazonaws.com/*, *://mailtrack.io/*/dashboard/welcome*, *://mailtrack.io/*/dashboard/reauthorized*, *://mailtrack.io/*/dashboard/install-success*, *://mailtrack.io/*/dashboard/payment/teams/success*, *://mailsuite.com/*/dashboard/welcome*, *://mailsuite.com/*/dashboard/reauthorized*, *://mailsuite.com/*/dashboard/install-success*, *://mailsuite.com/*/dashboard/payment/teams/success*.

What is Email Tracker by Mailtrack®'s risk score?

Email Tracker by Mailtrack® has an overall risk score of 3.8/10 (MEDIUM). Breakdown: Permissions 7.5/10, Code 9.1/10, Combinations 0.0/10, CSP 2.2/10.

ExtSafe

Email Tracker by Mailtrack®Security Analysis

Chromev12.67.1MV3March 2, 2026 at 07:44 AM

Use with caution

This extension requests significant permissions. It has 3M+ users, a 4.1 star rating, is published by Mailsuite, but review the findings below.

3.8MEDIUM

3.8 MEDIUMRaw: 5.8

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 21 permissions including high-risk ones, 157 code findings.

Trust Signals(6.5/10)

Users

3.0M

Rating

4.1(12K reviews)

Developer

Mailsuite

Status

Featured

Permissions

7.5/10

Code

9.1/10

Combinations

0.0/10

Manifest/CSP

2.2/10

Permissions(21 analyzed)

Code Findings(14 patterns, 157 total)

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Name: Email Tracker by Mailtrack®

Description: Free, unlimited email tracker for Gmail, trusted by millions. Accurate, reliable, GDPR-compliant, and Google-audited.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(17)

api.rollbar.comfb.megithub.comhandlebarsjs.comhttp-intake.logs.datadoghq.eumail.googlemail.google.commailsuite.commailtrack.iomrt-attachments-prod.s3.eu-west-1.amazonaws.commt-file-tracking-temp.s3.eu-west-1.amazonaws.comnpms.ioreactjs.orgredux.js.orgrollbar.coms3.amazonaws.comx.com