Apple Mail’s Broken “Block All Remote Content”
Mail app on macOS has a privacy setting Block All Remote Content that prevents downloaded emails from connecting to the internet. For example, HTML emails frequently include image links, which can be used for tracking: when the image is loaded from a remote server, the owner of the server knows that you’ve opened the email! Block All Remote Content is supposed to prevent this kind of tracking, and it did… until macOS Sonoma.
[…]
The remote connection attempt doesn’t occur when I open the email. […] In this case, the remote connection attempt occurred when I opened Mail app itself and the new email was downloaded.
What would we do without Little Snitch?
19 Comments RSS · Twitter · Mastodon
It is. But what's to be done? Just leave Mail running in the background, but they still have your IP address. This is clearly a security/privacy issue.
What's to be done? Clearly, buy Little Snitch ;-)
Don't know if they're still sabotaging VoiceOver because reasons. If not then perhaps I could consider, though I'd really like a non-UI method of exercising the Mac filtering subsystems. Any ideas?
How really weird. I thought I could rely on this feature and set Mail to allow all connections in Little Snitch. I removed the rule and got a connection attempt for random unselected email.
Little Snitch is also the only company that isn't worried about being sherlocked. The whole premise is based on needing a third party.
This shows you the state of many first-party apps on macOS.
But back to the issue. If I understand it correctly, one should be fine, as long as you have spam filtering disabled in Mail.app settings?
@Dan No, turning off Mail’s spam filtering does not protect you.
@Michael Tsai
Thanks. The addendum was not published yet, when I read the article.
I don't want to have to run software like Little Snitch just because of a buggy Mail.app.
This is really frustrating.
There are options in Mail for Sonoma & Ventura to allow/disallow downloading in the background from mail. These are in the privacy pane of the settings. They are coupled to the default security option. If you unclick the default then you can hide your IP address and/or block all background downloads. This seems reasonable and not really worthy of a call for outrageous action involving pitchforks and torches at Apple headquarters. :-)
@sth The point is that the setting to block downloads doesn’t actually work.
I’ve been very happy with MailMate https://freron.com/
MailMate is awesome, I have a licence and glad it exists, however it is not a substitute for Mail, mostly because the author made the choice to focus on minimalism. No fault, but sometimes I still use Mail, for POP, rules, or as my spam filter drone. And of course this is a first-party app that shouldn't be so utterly broken anyway.
Ist MailMate still in active development? They recommend downloading a beta version which came out a year ago, and the download link doesn't work.
Never mind, it actually is in active development, here are recent alpha builds:
https://updates.mailmate-app.com/archives/?C=M;O=D
@Sebby SpamSieve does work as a spam filter drone with MailMate. Are there features that you’re missing?
Yep, been getting Little Snitch alerts from Mail frequently and reliably. Was bored this morning and filed a report, don't expect it to go anywhere but I'll post an update if anything happens.
@Michael Tsai Sorry, I should have been clearer that my spam filter drone also wants POP and rules. There's no problem with the integration for desktop MailMate filtering at all, far as I can tell, in fact the integration is basically first-class, as you know. :) The filtering and droning for all my old accounts is done by my Mac Mini "server".
Thank you for the MailMate reminder. Great app! I honestly forgot it existed.
This is outrageous. We HAVE to be able to rely on this setting.