Master Mail in macOS, iOS, and iPadOS!

Take Control of
Apple Mail

Fifth Edition
Joe Kissell

Use Apple Mail more effectively! Email expert Joe Kissell explains what’s new with Mail for macOS, iOS, and iPadOS, and how to best set up your Gmail, iCloud, IMAP, and Exchange accounts. He then shows you how to take Mail to the next level with plugins and automation, manage your incoming email, customize Mail, and solve common problems.

All Take Control books are delivered in three ebook formats—PDF, EPUB, and Mobipocket (Kindle)—and can be read on nearly any device.


Take Control of Apple Mail is your complete guide to Apple’s Mail app. In this book, Joe explains core concepts like special IMAP mailboxes and email archiving, reveals Mail’s hidden interface elements and gestures, and helps with common tasks like addressing and adding attachments. He also offers tips on customizing Mail, including a nifty chapter on how simple plugins and special automation can dramatically improve the way you use Mail. Joe also covers finding that message in the haystack with Mail’s natural-language search, improving the messages you send, how digital signatures and encryption work in Mail, and—perhaps most important—an award-winning strategy for avoiding email overload.

You’ll quickly find the information that’s most important to you, including:

  • Key changes in Mail for Monterey and iOS 15/iPadOS 15
  • How to take advantage of the new Mail privacy features Mail Privacy Protection and Hide My Email
  • Getting through your email faster with gestures
  • Using advanced search techniques to find filed messages
  • Using plugins to significantly enhance how you use Mail
  • The whys and hows of sending attachments
  • Using markup features to embellish, and even sign, outgoing attachments
  • Defeating spam with the Junk Mail filter—and what to do if you need more firepower
  • Understanding special mailboxes like Sent, Drafts, and Junk
  • Using notifications to stay apprised of incoming messages
  • Taking charge of email organization with rules and other measures
  • Backing up and restoring email
  • Importing email from other apps, older versions of Mail, or another Mac
  • Deciding whether you should encrypt your email, along with detailed, real-world steps for signing and encrypting messages
  • Taking Mail to the next level with AppleScript and Automator
  • Key skills for using Mail in iOS and iPadOS, such as working with incoming and outgoing messages, using attachments, and configuring accounts
  • Fixing problems: receiving, sending, logging in, bad mailboxes, and more

Although this book primarily covers Mail in Monterey, Big Sur, Catalina, Mojave, iOS 15/iPadOS 15, and iOS 14/iPadOS 14, the majority of it is also applicable to earlier versions.

Joe Kissell

About Joe Kissell

Take Control publisher Joe Kissell has written more than 60 books about technology, including many popular Take Control books. He formerly wrote for publications such as Macworld, Wirecutter, and TidBITS. He lives in Saskatoon with his wife, his two children, and his cat.

What’s New in Version 5.2

Version 5.2 updates the book to cover macOS 12 Monterey, iOS 15, and iPadOS 15:

  • Discussed the iCloud+ feature that lets you use your own domain name with iCloud Mail; see the sidebar “What About Custom Domains?”
  • Added a sidebar, “Restoring Missing Columns,” that explains how to enable “missing” columns in Column Layout in Big Sur and later
  • Explained the new Mail Privacy Protection and Hide My Email features in Mail; see “Improve Your Privacy”
  • Discussed the new Mail extensions; see “Understand Plugins vs. Extensions” and “Use Extensions (Monterey and Later)”
  • Added a sidebar about the Shortcuts app: “What About Shortcuts?”
  • Included a note in “Add Your Gmail Account” about using OAuth with a Google account.
  • Added a sidebar, “Which Reply Icon?”, explaining the two different Reply icons in Mail for iOS
  • Dropped explicit coverage of iOS 13, while continuing to cover iOS 14 and iPadOS 14
  • Read Me First
    • Updates and More
    • What’s New in Version 5.2
    • What Was New in Version 5.1
    • What Was New in the Fifth Edition
  • Introduction
  • Apple Mail Quick Start
  • Learn What’s New in Mail
    • Mail Changes in Monterey
    • Mail Changes in Big Sur
    • Mail Changes in Catalina
    • Mail Changes in Mojave
    • Mail Changes in iOS 15 & iPadOS 15
    • Mail Changes in iOS 14 & iPadOS 14
  • Learn About Email Protocols
    • POP
    • IMAP
    • SMTP
    • IMAP and POP Misconceptions
    • Switch from POP to IMAP
    • iCloud
    • Exchange
    • Gmail
    • Fetch, Push, and IMAP IDLE
  • Master Mail Concepts
    • Account Setup
    • Decoding the Mail Sidebar
    • Special Mailboxes
    • Controlling Mail Formatting
    • Hidden Interface Elements
    • Gestures
    • Full-Screen Mode
    • Addressing
    • Filing
    • Archiving
    • Notifications
    • Data Detectors
    • Attachments
    • Handoff
  • Customize Mail
    • Sidebar
    • Favorites
    • Tabbed Windows
    • Toolbars
    • Message Header
    • Views
    • Message List
    • Message Filters
    • VIPs
    • Signatures
    • Keyboard Shortcuts
  • Improve Your Privacy
    • Use Mail Privacy Protection
    • Hide Your Email Address
  • Extend and Automate Mail
    • Understand Plugins vs. Extensions
    • Use Third-Party Plugins
    • Noteworthy Plugins
    • Use Extensions (Monterey and Later)
    • Archive and Search Messages
    • Use AppleScript and Automator
  • Use Gmail with Mail
    • Understand How Mail Works (or Not) with Gmail
    • Set Up Mail to Use Gmail
    • Avoid Gmail Problems
  • Find Your Messages
    • Perform a Natural Language Search
    • Perform a Conventional Search
    • Search for a Phrase
    • Use Boolean Expressions
    • Search by Date Range
    • Search Within the Current Message
    • Work Smarter with Smart Mailboxes
  • Take Control of Your Inbox
    • Take Responsibility
    • Consolidate Your Accounts
    • Mute Conversations
    • Optimize Your Mailboxes
    • Use Rules
    • Control Spam
    • Develop an Email Strategy
    • Back Up and Restore Your Email
    • Import Email
  • Become a Better Correspondent
    • Don’t Be Part of the Problem
    • Choose Formatting Wisely
    • Use Attachments Judiciously
    • Quote Effectively
  • Sign and Encrypt Messages
    • Learn When and Why to Sign or Encrypt Messages
    • Use S/MIME Encryption
    • Use GnuPG for Mail
    • Sign and Encrypt Messages in iOS & iPadOS
  • Fix Mail Problems
    • Fix Incoming Mail Problems
    • Fix Outgoing Mail (SMTP) Problems
    • Untangle Special Mailboxes
    • Fix Mailbox Problems
    • Fix Searching Errors
    • Deal with Recovered Messages
    • Solve Other Problems
  • Use Mail in iOS & iPadOS
    • Mail in iOS & iPadOS vs. Mail in macOS
    • Configure Mail in iOS & iPadOS
    • Work with Incoming Email
    • Work with Outgoing Email
    • Use Drag and Drop
    • Troubleshoot iOS & iPadOS Mail Problems
  • About This Book
    • Ebook Extras
    • About the Author and Publisher
    • Credits
  • Also by Joe Kissell
  • Copyright and Fine Print

MacVoices gets an earful about Apple Mail from Joe Kissell

Posted by Joe Kissell on June 12, 2020

I joined Chuck Joiner on MacVoices in a two-part interview to discuss the fifth edition of my book Take Control of Apple Mail.

In Part 1, I talk about some of the bugs and design flaws in Mail for Catalina.

In Part 2, I stay hydrated while talking about plugins, security issues, and the challenges of email for ordinary users.

Joe Kissell Takes Control of Apple Mail in iOS 11 and High Sierra

Posted by Joe Kissell on May 14, 2018

It’s been a while since the previous edition of Take Control of Apple Mail was published, so I had a lot to catch up on in my interview with Chuck Joiner on MacVoices. I’m not exactly a green rage monster this time, but there are a number of things about Mail I’m…less than happy about. If you feel the same way, I hope you find this interview therapeutic.

What You Need to Know About the EFAIL Vulnerability

Posted by Joe Kissell on

Note: Please see the end of this article for updates.

Just hours before the scheduled release of Take Control of Apple Mail, Fourth Edition, my Twitter feed started blowing up with Urgent! Breathless! Warnings! about a newly discovered vulnerability that affects email messages encrypted with S/MIME or OpenPGP, about which I have a whole chapter in my book (“Sign and Encrypt Messages”). And my first thought was, oh, great, my book needs revising before it’s even out. I’ve now examined the original report that prompted the warnings and have a better understanding of the situation, which I’d like to share with you here, and which I plan to update as new facts emerge. Let me start with this, however:

The sky is not falling.

Yes, there is a problem, but (a) the odds that you will encounter it, even if you regularly use email encryption—and most people don’t—are incredibly small; (b) there are easy temporary workarounds; and (c) it is being fixed even as I type these words.

Let’s go over the details.

The Problem

A team of European researchers found a vulnerability that they’ve dubbed EFAIL. That site summarizes the issue; their complete technical paper (PDF) is here. The very short version of the problem is that there is a technique that an attacker could potentially use to cause your email client to send the decrypted contents of an encrypted message to outside parties. This technique exploits a combination of weaknesses in two encryption standards, design flaws in certain modern email clients (Apple Mail among them, on both macOS and iOS), and less-than-ideal default settings. It works only when you receive and open a message that contains a hidden copy of encrypted email you’ve already sent or received—meaning you are almost certainly being targeted directly. And it affects both of the most common encryption methods—S/MIME (built into most email clients) and OpenPGP (used by GnuPG and other software).

In order for this exploit to work, the attacker must already have encrypted messages sent to or from you. (There are numerous ways these could be obtained, but all of them require the extra, and sometimes quite challenging, step of first hacking into your email in some way.) Once that’s done, the attacker takes the encrypted contents of one or more of these messages and hides it in a new, specially crafted, encrypted message sent to one of the original senders or recipients (and, presumably, made to look as though it comes from a trusted source). When the victim opens this message, their email client decrypts it and sends the attacker the plaintext contents of the encrypted message(s) hidden within it. So, this doesn’t give the attacker the ability to freely read all your encrypted email, only those specific messages sent to you or the other party in the email transaction in this sneaky way.

Why You Probably Don’t Have to Worry

EFAIL almost certainly won’t affect you, even if you take no action. Here’s why:

  • Very few people encrypt their email anyway. If you’re not using S/MIME or OpenPGP—and believe me, you’d know it if you were—there’s just nothing to see here.

  • I have seen no evidence, or even hints, that this exploit is being used, or has ever been used, in the wild. As far as I know, only the researchers who discovered the technique have actually tried it. (Obviously, that could change in hours or days, but it’s not like the bad guys have been actively using this already.) And remember, even if or when it does get out into the wild, an attacker can’t use this on you without first obtaining the existing encrypted email messages from your account that they want the contents of. That’s a nontrivial extra step.

  • The companies that make the affected email clients and third-party software are working on fixes right now. For example, the team that makes GPGTools has already tweeted that a mitigation is imminent, in GPGTools 2018.2, and that there’s an easy workaround in the meantime (about which, read on). And if Apple doesn’t address this in macOS 10.3.5 and iOS 11.4 within days, I’ll be shocked. (In other words: the vulnerability will likely be eliminated before anyone has time to exploit it.)

As the EFAIL researchers point out, although the developers of apps like Apple Mail, Thunderbird, and GPGTools can and should fix a variety of vulnerabilities, a complete and permanent fix requires changes to the S/MIME and OpenPGP standards, which will take longer. Even so, I fully expect the problem to resolve itself before it has any meaningful real-world effect.

What You Can Do Now

Long story short, flipping one switch is probably adequate.

If you are using Apple Mail on a Mac, and are actively using S/MIME or OpenPGP, the quickest and easiest way to immunize yourself against the most likely forms of this attack is simply to uncheck one box:

  1. Go to Mail > Preferences > Viewing.
  2. Uncheck “Load remote content in messages.”
  3. Close the Preferences window.

(I already had this unchecked in my copy of Mail, and have long recommended that other people do so too, because loading images from HTML messages is often used for tracking, and although some of this tracking is entirely benign, I prefer a little more privacy than the default.)

The Electronic Frontier Foundation (EFF) recommends going further—removing the GPGMail plugin (if you use it) to prevent Mail from decrypting messages automatically at all. But I agree with the GPGTools developers that this step is entirely unnecessary.

On an iOS device, do this:

  1. Go to Settings > Mail.
  2. Turn “Load Remote Images” off.

And that’s it.

A Few Last Remarks

In the paper that kicked off this whole crisis, the researchers included tables detailing which of the tested clients, on various platforms, are vulnerable to each of several variations on this attack. Interestingly, Canary Mail for iOS, an OpenPGP client I mention in my book, is not vulnerable. (The researchers didn’t test the Mac version, but I assume it’s also safe.) So, if you rely on OpenPGP-encrypted email on a Mac or iOS device, switching (even temporarily) to this client might be something to consider.

Finally, and I’ve said this many times in many books, keep your software up to date. All these fixes that developers are working on do you no good if you don’t install them. So please, keep up with system updates and security fixes for macOS and iOS, and make sure your third-party apps are also up to date.

If any significant new developments arise, I’ll update this article accordingly.

Update 2 (June 9, 2018): On June 4, GPG Suite from GPGTools was updated to version 2018.02, with mitigations for EFAIL. Apple also says that macOS 10.13.5 (released on June 1) addresses S/MIME vulnerabilities, although testing by the GPGTools developers indicates that Mail remains vulnerable to some EFAIL-related exploits.

Update 1 (May 31, 2018): Contrary to my expectations, neither Apple nor GPGTools has yet delivered an update to address this problem. I still expect fixes soon, but they didn’t happen as soon as they should have. In addition, one researcher has published a proof of concept exploit that could theoretically put your email at risk even if you disable the loading of remote images as described above. (And in any case, I should note that any mitigations you undertake on your own devices won’t help if your correspondents’ devices are compromised.) Even so, I have yet to hear of any real-world attacks involving the EFAIL vulnerability, and I still believe the sky is not falling. But I sure wish the security folks at Apple and elsewhere would kick their bug-fixing into high gear.


There are no reviews yet.

Be the first to review “Take Control of Apple Mail”

You may also like…