If the image in the message is hosted on a server operated by the one sending the message, then the sender's server will have a log showing the IP address of the person viewing the image. Just by opening the message, the sender will know the IP of the person reading it.

However, hundreds of people received the message. So in order to tell which IP comes from which user, the URL of the image sent to each person needs to be unique. It can be as simple as putting their name in the querystring, like http://image.server/girl.jpg?u=CrayonRosary%40lemmy.world

The web log will show that specific URL being requested by my IP address. Every user will receive an image with a URL unique to them.

It could also be more subtle like using a random looking ID and saving username/ID pairs in a table. Like http://image.server/girl.jpg?27639927. And then some table has that number associated to my username. The attacker builds the table as they send each message.

I got one of these messages. I should check if the URL is something like this.

Luckily the attacker can't get my personal IP address because I use NordVPN, the sponsor of this comment. Whether I’m browsing on public Wi-Fi, or trying to avoid deanonymization attacks like this one, NordVPN ensures my personal data stays private and secure. So if you want to stay safe online, go to NordVPN.com/MyTotallyRealPromoCode and get an exclusive deal today!

/s But I do use a VPN. 😄

(I must have deleted the message. I can't find it.)

Lemmy images are just links, so when the image is being displayed it will send a request, which always give your ip address.