If you care about privacy, don't use OS X mail

I’ve been happily using the standard Mail application that ships with Apple’s OS X for years. Before this I had been using Thunderbird, but at around the time of Thunderbird 2 and 3, it wasn’t very good at managing hundreds of thousands of emails. (A situation that has since then changed again).

Since the amount of spam I’m receiving appears to increase every day, I wanted to look a bit into how sensitive is to letting spammers known I (accidentally) read their email.

Turns out it is absolutely horrendous. I’m talking Outlook Express in 1995-bad.

I already had a hunch that it would automatically load in external images, but it also loads <iframe>, <object>, and believe it or not, it follows redirects and loads in external websites when the redirect is specified as:

<meta http-equiv="Refresh" content="1; URL=http://TRACKING_URL/">

So for the moment I’m back to Thunderbird. If you’re interested in testing how well your mail client or webmail behaves in the department of privacy, have a look at the email privacy tester, which is pretty nifty.

My results:

For comparison, clients such as Thunderbird will show the above grid as completely gray.

What’s especially telling here, is that the privacy problems here are not simple mistakes, but definite design choices.


Ken Neville points out in the comments that there’s actually a setting in Mail that allows you to turn off this behavior.

I have to be honest that I looked for this very setting several times, but must have simply missed it.

However, I feel that my earlier point stands. Unlike other almost every other client on the planet, in Mail the default is terrible for privacy, and unless you are aware of the privacy implications of ‘not displaying remote images’, there is absolutely no indication why it’s a good idea to turn this off.

In my opinion the setting should be well hidden and off by default.

Web mentions


  • Guest

    Same with iPhone mail.

  • Ken Neville

    "I already had a hunch that it would automatically load in external images..."

    I am curious to see the results page if you try this with the "Display remote images in HTML messages" preference turned off. iOS has the same setting. For me, the results page is all gray. offers a "Load Images" button when you twiddle the preference.

    • Evert


      You're right, that does fix the situation.

      To be honest, I looked over the settings more than few times looking for exactly this; I must have skipped right over it every time.

      Bit embarrassing, but it definitely does not take away the fact that OS/X's defaults are bad and are unlikely to be changed, unless the user is aware of the privacy implications of sticking to the defaults.

      • Ken Neville

        I can agree that the default setting is less than desirable. The default is also arguably a bit disingenuous given Apple's "Do Not Track" preference for Mobile Safari. (The "Do Not Track" preference does not appear to have any effect on the iOS Mail app.) In iOS, neither of these application-specific settings gets any mention in the "Privacy" preferences area, where an additional iAd tracking preference is buried. I doubt most users ever dig through enough of the Settings list items to discover these disparate settings.

    • Bado

      The results are the same as what you found with the iOS version. It's 100% gray until the Load Images is clicked.

  • Nick Comer

    Simply turning off "Display remote images in HTML messages" option fixes all of this.

    • Seph

      Agreed. I tested this in both Mail for Mac (10.9.3) and iPhone (7.1) and no boxes triggered. As soon as I hit "load images" they triggered just fine, as expected.

      However, I do agree that this setting should be off by default or at least tied to sender information/settings.

  • Armin Hackmann

    Also there is a setting 'Trust junk mail headers in messages', but only if the Mail.apps own Junk filter is applied, that should solve the meta-refresh even if you allow remote images to load...

    BUT: That setting is turned on by default, so your point still stands. ;)

  • Lloyd Hanson

    Nick wrote "Simply turning off "Display remote images in HTML messages" option fixes all of this."

    I did turn this off. No images were presented in any of my emais.
    Yet but I got the same test result as did the writer of this email. 18 red boxes!

    • Ken Neville

      I'm curious to know if you had already loaded the results page once before disabling images via the preference? I'd be surprised if you could reproduce this; and it'd be worth continued investigation if it's really a bug in

    • Lloyd Hanson

      I did turn off "Display remote images in HTML messages: I then engaged "Email Privicy Testor" and got the results page with only gray buttons indicating that my Apple Mail was secure. I then received this email from EMTesterr:

      "(snip) . . . . if you want to look at the results page, please click "here"'.

      I clicked and suddenly the results page of EMTester quickly presented 18 red buttons. This was followed by a change in the original email from EMTester to this message:

      "Your email client has opened this webpage over the web. It has done this because it honours meta refreshes in HTML email. This is very wrong behavior. You'll notice that the meta refresh test has been triggered if you look back at the results page."

      And "meta refresh test" was one of the red buttons.

      Since I had turned off the command suggested on this discussion the results indicate that EMTester is not really testing when "Display remote images in HEML messages" is turned off. Turning this command off merely hides the fact that Email is perversely opening the flood gates of information to others.