Apple Mail’s Broken “Block All Remote Content”

This is outrageous. We HAVE to be able to rely on this setting.

It is. But what's to be done? Just leave Mail running in the background, but they still have your IP address. This is clearly a security/privacy issue.

What's to be done? Clearly, buy Little Snitch ;-)

Don't know if they're still sabotaging VoiceOver because reasons. If not then perhaps I could consider, though I'd really like a non-UI method of exercising the Mac filtering subsystems. Any ideas?

How really weird. I thought I could rely on this feature and set Mail to allow all connections in Little Snitch. I removed the rule and got a connection attempt for random unselected email.

Little Snitch is also the only company that isn't worried about being sherlocked. The whole premise is based on needing a third party.

This shows you the state of many first-party apps on macOS.

But back to the issue. If I understand it correctly, one should be fine, as long as you have spam filtering disabled in Mail.app settings?

@Dan No, turning off Mail’s spam filtering does not protect you.

@Michael Tsai

Thanks. The addendum was not published yet, when I read the article.

I don't want to have to run software like Little Snitch just because of a buggy Mail.app.

This is really frustrating.

There are options in Mail for Sonoma & Ventura to allow/disallow downloading in the background from mail. These are in the privacy pane of the settings. They are coupled to the default security option. If you unclick the default then you can hide your IP address and/or block all background downloads. This seems reasonable and not really worthy of a call for outrageous action involving pitchforks and torches at Apple headquarters. :-)

@sth The point is that the setting to block downloads doesn’t actually work.

I’ve been very happy with MailMate https://freron.com/

MailMate is awesome, I have a licence and glad it exists, however it is not a substitute for Mail, mostly because the author made the choice to focus on minimalism. No fault, but sometimes I still use Mail, for POP, rules, or as my spam filter drone. And of course this is a first-party app that shouldn't be so utterly broken anyway.

Ist MailMate still in active development? They recommend downloading a beta version which came out a year ago, and the download link doesn't work.

Never mind, it actually is in active development, here are recent alpha builds:
https://updates.mailmate-app.com/archives/?C=M;O=D

@Sebby SpamSieve does work as a spam filter drone with MailMate. Are there features that you’re missing?

Yep, been getting Little Snitch alerts from Mail frequently and reliably. Was bored this morning and filed a report, don't expect it to go anywhere but I'll post an update if anything happens.

@Michael Tsai Sorry, I should have been clearer that my spam filter drone also wants POP and rules. There's no problem with the integration for desktop MailMate filtering at all, far as I can tell, in fact the integration is basically first-class, as you know. :) The filtering and droning for all my old accounts is done by my Mac Mini "server".

Thank you for the MailMate reminder. Great app! I honestly forgot it existed.

Earlier this year they responded to the bug report and gave me a bug bounty. They also created a CVE, and the fix went out in 15.4.

https://nvd.nist.gov/vuln/detail/CVE-2025-24172
https://support.apple.com/en-us/122373

I'm still seeing Little Snitch blocks, plus mail.app drains my battery with networkservice proxy. 15.4.1

Same as @lucky I am still seeing this behaviour on 15.4.1. As soon as I open Mail, it immediately starts reaching out for remote content across all my emails. If I block the traffic with Little Snitch then neagent and networkservicesd start hitting the CPU hard. This has only happened since 15.4.1. I think they've botched the patch for this one!

Looks like 15.5 resolves the neagent and networkservicesd CPU usage, but Mail is _still_ attempting to reach out for remote content even with this box ticked