TekRevue

  • HOME
  • MAC
  • macOS MOJAVE
  • iOS 12
  • WINDOWS
  • MOBILE
  • GAMES
  • REVIEWS
  • EDITORIALS
  • TIPS
    • Windows
    • Mac
    • Mobile
  • Twitter
  • Facebook
  • Google+
  • Feed
email-screen

Pavel Ignatov / Shutterstock

Mac

Fight Spam and Protect Your Privacy by Disabling Remote Content in Apple Mail

By Jim Tanous on December 29, 2014 at 8:10 AM • @JimTanous

We all hate spam. No, not the disturbingly delicious canned meat. I’m talking about email spam. Despite continued improvements in spam detection and filtering, it’s almost unavoidable these days, and while you likely won’t ever be able to stop it completely, there are steps you can take to minimize it. One of those steps is disabling remote content in the OS X Apple Mail app. Here’s why and how to do it.

First, a little background. The immoral jerks behind spam email often send out millions of messages at a time, frequently “guessing” at email addresses from popular domains such as Gmail, Yahoo, and iCloud. From a spammer’s perspective, for example, it’s a safe bet that “bob@yahoo.com” is a real email address, and when you have powerful modern computers and scripting software, you can just as easily generate “bob2@yahoo.com,” “bob1980@yahoo.com,” and so on, with virtually endless variations. The spammer will eventually end up with a huge list of potential victims, but one that’s filled with email addresses that don’t actually work.

In terms of the huge numbers that spammers deal with, such a list is still relatively valuable, even if only one out of a thousand addresses is real and actively used by the account holder. But narrowing down that list to maximize the number of “real” email accounts can be extremely lucrative to spammers, both for their own criminal marketing ambitions as well as for increasing the value to potential buyers of that list.

So spammers often employ several tactics to try and confirm that email addresses in their system are real and in active use. The first and most obvious tactic is of course attempting to trick the recipient into acting on the spam email’s offer, by enticing the recipient into clicking on a link to “buy” a product, receive a “discount,” or provide personal information in some other way. Hopefully, most experienced email users have by now learned to be wary of such offers.

The second method is a little more devious: offering an “unsubscribe” link. Real companies are required by various laws and regulations to offer email recipients a safe way to remove themselves from a legitimate mailing list, and spammers take advantage of this requirement to trick users into clicking on an “unsubscribe” or “remove me from this list” link.

mail-junk-remote-images
This spam email is using all three tactics, including the dangerously fake unsubscribe button.

At best, clicking a link like this confirms to the spammer that your email address is real and that you actively use the account. At worst, it takes you to a phishing page in an attempt to ascertain your personal information, or takes you to a hijacked website that will try to infect your computer with malware. In any event, never click the “unsubscribe” links in suspicious email messages. Doing so will only ensure that you receive even more spam.

Once again, hopefully most users are already aware of the unsubscribe trick, and a day will come when such a tactic is no longer effective for the spammers. But there’s still a third tactic that’s less obvious: remote images and content.

You see, once upon a time email was just plain text with no formatting, images, or other fancy features. But as the needs and desires of Internet users grew, so too did users’ expectations for email, and today’s email is available in full HTML, with links, images, text formatting, and code. The problem is that the code that displays images or content in your email is hosted on an offsite server. When you receive an email from Amazon.com, for example, the Amazon logo and product images aren’t attached to the email, they’re stored on Amazon’s servers, and when you open the email to view it, a little bit of code in the email message makes a call to the Amazon servers and displays the intended images. This is all seamless to the user, but there are some important privacy and security implications here, especially when it comes to spam.

email-remote-content-comparison
An example of an email with remote images disabled (left) and enabled (right).

Using remote images and content lets legitimate companies and users keep email messages small, and allows for more useful formatting. But spammers and other online bad guys can use remote code to tell if you’ve received their email. Unlike our Amazon example, a spammer will use tracking code that associates your specific email address with a link to a remote image on the spammer’s server. If you even open a spammer’s email that contains images, the spammer instantly knows that your email address is valid and that you saw the spam email. Even worse, the spammer will also be able to learn important information about you, such as your IP address, which for most users reveals their general geographic location.

Just like the first two tactics above, this proves you’re a real person, and gives the spammer far more information about you that you ever intended to provide. It’s even more insidious, however, because the user doesn’t even have to do anything other than open the email message, which may not always be easily identifiable as spam until you open it. Thankfully, you can mitigate this risk fairly easily in most modern email applications, including Apple Mail, by preventing the automatic loading of remote images and content.

mail-preferences-remote-content

Launch Mail in OS X and go to Mail > Preferences > Viewing. Find the box labeled Load remote content in messages and uncheck it. This stops Mail from automatically loading images and other remote content when you first open an email message. Instead, you’ll see a new bar at the top of each email that contains remote content, asking you if you’d like to “Load Remote Content” (you can see examples of this prompt in the screenshots above). Just click on that button once you’re sure that the email is legitimate, and you’ll see the remote images and formatting appear in the message.

Note that Apple Mail doesn’t save or remember your choice, so you’ll need to choose to load remote content each time you open an email message, even if you had previously elected to load remote content on that same email.

The potential downside to disabling remote content is that emails from legitimate senders won’t render properly unless you click “Load Remote Content” for each message, but considering the increasingly disruptive spam problem, such a drawback is arguably a small price to pay for decreased risk. Disabling remote images and content in Mail won’t eliminate spam entirely, but it’s an important step in the greater battle against this terrible practice.

Although this tip focused on Mail for OS X, you can achieve the same result in Mail for iOS by going to Settings > Mail, Contacts, Calendars and turning off “Load Remote Images.” Other email apps such as Outlook and Thunderbird have a similar feature, although both prevent remote images from unknown senders by default.

Want news and tips from TekRevue delivered directly to your inbox? Sign up for the TekRevue Weekly Digest using the box below. Get tips, reviews, news, and giveaways reserved exclusively for subscribers.

Share this:

  • Facebook
  • Twitter
  • LinkedIn
  • Reddit
  • Pinterest
  • Email

  • Categories: Mac
  • Tags: #Email #How To #Mail #OS X #Privacy #Security #Spam #Tips

Sign Up for the TekRevue Weekly Digest

Read more in Mac on TekRevue

  • edit video mac mojave
    How to Trim Videos with Quick Look in macOS Mojave

    Filed Under: Mac

  • disable auto-brightness mac
    How to Disable Auto-Brightness on Your Mac

    Filed Under: Mac

  • siri touch bar mac
    How to Remove Siri from the Touch Bar

    Filed Under: Mac

Search

Related Articles

  • osx-mail
    Use Organize by Conversation the Right Way with a Toolbar Button in OS X Mail
  • apple-mail-drop
    How to Send Large Email Attachments with Mail Drop in OS X Yosemite
  • iPhone Mail Badge Notifications
    How to Disable the iOS Mail App Unread Badge Notification
  • Out of Office Email
    How to Create an Out of Office Email Reply with iCloud
  • Email Attachment Paperclip
    How to Disable Email Attachment Previews in Mac OS X Mavericks

Connect with TekRevue

  • TekRevue on Twitter
  • TekRevue on Facebook
  • Cheats
  • Contributor
  • Deals
  • Distractions
  • Editorials
  • Gadgets
  • Games
  • Gaming
  • Giveaway
  • Hardware
  • Home Theater
  • More in Mac
  • Mobile
  • News
  • Podcast
  • Reviews
  • Sponsor
  • Tips
  • Windows
  • edit video mac mojave
    How to Trim Videos with Quick Look in macOS Mojave
  • disable auto-brightness mac
    How to Disable Auto-Brightness on Your Mac
  • siri touch bar mac
    How to Remove Siri from the Touch Bar
  • mac gpu usage history
    How to View GPU Usage in macOS via Activity Monitor
  • clipped documents
    How to Use Mojave’s Quick Actions to Quickly Combine PDFs on the Mac
  • razer core x egpu macbook pro
    MacBook Pro eGPU Benchmarks: Razer Core X & AMD Radeon Vega Frontier Edition
  • hide app mac
    How to Hide Mac Apps in macOS via the Terminal
  • microsoft word for mac mojave
    How to Change Case in Microsoft Word for Mac
  • dockcase p1 adapter
    DockCase P1 Adapter: A USB-C Hub that Connects to Your MacBook Pro Charger
  • change font notes mac
    How to Copy and Paste Styles to Easily Format Text in macOS
  • locked pages document
    How to Password Protect a Pages Document
  • chrome hold command q to quit
    How to Turn Off the ‘Hold Command-Q to Quit’ Warning in Chrome for macOS
  • sort bookmarks safari
    How to Automatically Sort Bookmarks in Safari for Mac with SafariSort
  • chrome picture in picture
    How to Use Chrome Picture in Picture in macOS
  • outlook for mac logo
    How to Use Text Replacement in Office for Mac
  • airdrop website between iphone ipad mac
    How to AirDrop Websites Between the iPhone, iPad, and Mac
  • exclude app dark mode mac mojave
    How to Exclude an App From Dark Mode in macOS Mojave
  • apple books download location
    Where Are Apple Books Downloads Stored in macOS?
  • notes app mac
    Float Notes in the macOS Notes App to Keep Them Always On Top
  • mac lock screen message featured
    How to Add a Lock Screen Message to macOS

Tips

  • Apps
  • Gaming
  • Mac
  • Mobile
  • Online
  • Windows
  • parallels custom touch bar
    Parallels Desktop: Using XML to Create Custom Touch Bar Buttons for Windows Apps
  • replace notepad notepad plus plus
    How to Completely Replace Notepad With Notepad++ in Windows
  • chrome picture-in-picture windows
    How to Use Chrome Picture-in-Picture in Windows 10
  • eartrumpet
    EarTrumpet for Windows 10: A Better Windows Volume Mixer
  • xbox store autoplay video
    How to Turn Off Xbox Store Autoplay Videos on the Xbox One
  • slow steam browser windows
    Here’s One Potential Fix for a Slow Steam Browser in Windows
  • How to Manually Dim the Xbox One Screen
  • xbox one store games
    How to Browse Games by Genre in the Xbox One Store
  • edit video mac mojave
    How to Trim Videos with Quick Look in macOS Mojave
  • disable auto-brightness mac
    How to Disable Auto-Brightness on Your Mac
  • siri touch bar mac
    How to Remove Siri from the Touch Bar
  • mac gpu usage history
    How to View GPU Usage in macOS via Activity Monitor
  • flip camera facetime ios 12
    How to Check FaceTime Data Usage on the iPhone
  • change default card apple pay watch
    Apple Watch: How to Change the Default Apple Pay Card
  • siri mac sierra
    Enable ‘Type to Siri’ to Type Your Siri Questions Instead of Speaking
  • iphone live photo
    How to Convert a Live Photo to a Still Image With a Custom Key Photo
  • plex web shows
    How to Disable Web Shows in Plex
  • youtube dark theme web
    How to Enable the YouTube Dark Theme in a Desktop Browser
  • chrome new look vs old
    How to Switch Back to the Old Chrome Design
  • google drive shared expiration
    How to Set Expiration Dates for Shared Google Drive Files
  • windows 10 lock screen tips
    How to Turn Off Windows 10 Lock Screen Tips
  • av1 windows 10
    How to Play AV1 Videos in Windows 10 With the Free AV1 Codec
  • replace notepad notepad plus plus
    How to Completely Replace Notepad With Notepad++ in Windows
  • windows 10 power user menu
    How to Edit the Power User Menu (Win+X Menu) in Windows 10
Company
  • About TekRevue
  • Get in Touch
  • Sponsorships

Sign Up for the TekRevue Weekly Digest

© TekRevue LLC. All Rights Reserved.

  • TekRevue User Agreement
  • TekRevue Privacy Policy

Built by Blazer Six

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.