- PDF EPUB Mobi
- May 13, 2018
You can work more effectively in Apple Mail with expert advice from Joe Kissell. You’ll learn how to make Mail serve your needs with essential setup, usage, and troubleshooting instructions, whether you use Gmail, iCloud, Exchange, IMAP, or POP—or more than one account—on your Mac running 10.13 High Sierra (or 10.12 Sierra), or on your iPad, iPhone, or iPod touch running iOS 11.
Joe explains core concepts like special IMAP mailboxes and email archiving, reveals Mail’s hidden interface elements and gestures, and helps with common tasks like addressing and adding attachments. He also offers tips on customizing Mail, including a nifty chapter on how simple plugins and special automation can dramatically improve the way you use Mail. Joe also covers finding that message in the haystack with Mail’s natural language search, improving the messages you send, how digital signatures and encryption work in Mail, and—perhaps most important—an award-winning strategy for avoiding email overload.
Note: You may have heard about a new encryption issue called EFAIL that can affect Apple Mail. This issue was discovered too late to cover it in the book, but we have an article with complete details here: What You Need to Know About the EFAIL Vulnerability.
You’ll quickly find the information that’s most important to you, including:
- Key changes in Mail for High Sierra (and Sierra) and iOS 11
- Getting through your email faster with gestures
- Using advanced search techniques to find filed messages
- Using plugins to significantly enhance how you use Mail
- The whys and hows of sending attachments
- Using markup features to embellish, and even sign, outgoing attachments
- Defeating spam with the Junk Mail filter—and what to do if you need more firepower
- Understanding special mailboxes like Sent, Drafts, and Junk
- Using notifications to stay apprised of incoming messages
- Taking charge of email organization with rules and other measures
- Backing up and restoring email
- Importing email from other apps, older versions of Mail, or another Mac
- Deciding whether you should encrypt your email, along with detailed, real-world steps for signing and encrypting messages
- Taking Mail to the next level with AppleScript and Automator
- 18 things everyone should know about Mail in iOS 11
- Fixing problems: receiving, sending, logging in, bad mailboxes, and more
- What's New
This fully revised fourth edition brings the book up to date with the numerous changes in Mail running under OS X 10.13 High Sierra (or 10.12 Sierra) and iOS 11. Along with hundreds of small changes in the book, major revisions include:
- Added detail to the “Master Mail Concepts” chapter:
- Updated the discussion of gestures to cover the Magic Mouse
- Explained new behaviors and options in full-screen mode
- Updated the description of addressing email to explain the new way Mail chooses From addresses
- Updated the descriptions of Markup (for macOS Mail) and Handoff (cross-platform) to reflect their current capabilities
- In the “Customize Mail” chapter, added new topics on tabbed windows and message filters
- Revamped the coverage of third-party plugins to remove plugins that are no longer available (or just not very useful anymore) and add Mailbutler and Universal Mailer
- Compressed and modernized the chapter “Use Gmail with Mail”
- Made a variety of updates in the “Find Your Messages” chapter, including a new sidebar about top hits, and descriptions of Mail’s current behavior with automatic tokens and search terms in quotation marks
- Developed the “Take Control of Your Inbox” chapter more fully:
- Updated the description of how Mail handles spam
- Greatly expanded coverage of backing up and restoring email
- Added a new topic about how to import email from another app, including a sidebar about moving from another Mac
- Enhanced the “Become a Better Correspondent” chapter:
- Added a tip about backing out of bulleted or numbered lists
- Added instructions for avoiding inline attachments if that’s your preference
- Updated instructions for sending attachments in iOS to mention Mail Drop
- Made a number of improvements to the chapter “Sign and Encrypt Messages,” including a new sidebar about ProtonMail
- Updated procedures and removed outdated advice in the chapter “Fix Mail Problems,” and added a new topic about dealing with recovered messages
- Made big improvements to the “Use Mail in iOS” chapter, including:
- Updated the discussion of iOS Mail vs. macOS Mail to reflect the current truth, and added a sidebar about three-pane view for users of the 12.9-inch iPad Pro
- Expanded the topic formerly called “15 Things Every iOS Mail User Should Know” to “18 Things Every iOS Mail User Should Know” by adding “Add an Inline Drawing,” “Use Drag and Drop,” and “Leave a Mailing List”; also updated the remaining 15 things, with especially important modifications in “Change Account Settings,” “Handle Attachments,” and “Manage Notifications,” plus new sidebars about 3D Touch gestures and suggested destinations
- Added detail to the “Master Mail Concepts” chapter:
Do you have any books about older versions of Apple Mail?
Yes. After you download this ebook, you can follow its Ebook Extras link to download the first, second, or third edition of the book (look in the Blog) about earlier versions of Mail.
- Update Plans
May 14, 2018—The book is now up to date with macOS 10.13 High Sierra and iOS 11. Once Apple releases the next major versions of its operating systems, we’ll decide whether or when to update this book to cover them.
Posted by Joe Kissell
It’s been a while since the previous edition of Take Control of Apple Mail was published, so I had a lot to catch up on in my interview with Chuck Joiner on MacVoices. I’m not exactly a green rage monster this time, but there are a number of things about Mail I’m…less than happy about. If you feel the same way, I hope you find this interview therapeutic.
Posted by Joe Kissell (Permalink)
Note: Please see the end of this article for updates.
Just hours before the scheduled release of Take Control of Apple Mail, Fourth Edition, my Twitter feed started blowing up with Urgent! Breathless! Warnings! about a newly discovered vulnerability that affects email messages encrypted with S/MIME or OpenPGP, about which I have a whole chapter in my book (“Sign and Encrypt Messages”). And my first thought was, oh, great, my book needs revising before it’s even out. I’ve now examined the original report that prompted the warnings and have a better understanding of the situation, which I’d like to share with you here, and which I plan to update as new facts emerge. Let me start with this, however:
The sky is not falling.
Yes, there is a problem, but (a) the odds that you will encounter it, even if you regularly use email encryption—and most people don’t—are incredibly small; (b) there are easy temporary workarounds; and (c) it is being fixed even as I type these words.
Let’s go over the details.
A team of European researchers found a vulnerability that they’ve dubbed EFAIL. That site summarizes the issue; their complete technical paper (PDF) is here. The very short version of the problem is that there is a technique that an attacker could potentially use to cause your email client to send the decrypted contents of an encrypted message to outside parties. This technique exploits a combination of weaknesses in two encryption standards, design flaws in certain modern email clients (Apple Mail among them, on both macOS and iOS), and less-than-ideal default settings. It works only when you receive and open a message that contains a hidden copy of encrypted email you’ve already sent or received—meaning you are almost certainly being targeted directly. And it affects both of the most common encryption methods—S/MIME (built into most email clients) and OpenPGP (used by GnuPG and other software).
In order for this exploit to work, the attacker must already have encrypted messages sent to or from you. (There are numerous ways these could be obtained, but all of them require the extra, and sometimes quite challenging, step of first hacking into your email in some way.) Once that’s done, the attacker takes the encrypted contents of one or more of these messages and hides it in a new, specially crafted, encrypted message sent to one of the original senders or recipients (and, presumably, made to look as though it comes from a trusted source). When the victim opens this message, their email client decrypts it and sends the attacker the plaintext contents of the encrypted message(s) hidden within it. So, this doesn’t give the attacker the ability to freely read all your encrypted email, only those specific messages sent to you or the other party in the email transaction in this sneaky way.
Why You Probably Don’t Have to Worry
EFAIL almost certainly won’t affect you, even if you take no action. Here’s why:
Very few people encrypt their email anyway. If you’re not using S/MIME or OpenPGP—and believe me, you’d know it if you were—there’s just nothing to see here.
I have seen no evidence, or even hints, that this exploit is being used, or has ever been used, in the wild. As far as I know, only the researchers who discovered the technique have actually tried it. (Obviously, that could change in hours or days, but it’s not like the bad guys have been actively using this already.) And remember, even if or when it does get out into the wild, an attacker can’t use this on you without first obtaining the existing encrypted email messages from your account that they want the contents of. That’s a nontrivial extra step.
The companies that make the affected email clients and third-party software are working on fixes right now. For example, the team that makes GPGTools has already tweeted that a mitigation is imminent, in GPGTools 2018.2, and that there’s an easy workaround in the meantime (about which, read on). And if Apple doesn’t address this in macOS 10.3.5 and iOS 11.4 within days, I’ll be shocked. (In other words: the vulnerability will likely be eliminated before anyone has time to exploit it.)
As the EFAIL researchers point out, although the developers of apps like Apple Mail, Thunderbird, and GPGTools can and should fix a variety of vulnerabilities, a complete and permanent fix requires changes to the S/MIME and OpenPGP standards, which will take longer. Even so, I fully expect the problem to resolve itself before it has any meaningful real-world effect.
What You Can Do Now
Long story short, flipping one switch is probably adequate.
If you are using Apple Mail on a Mac, and are actively using S/MIME or OpenPGP, the quickest and easiest way to immunize yourself against the most likely forms of this attack is simply to uncheck one box:
- Go to Mail > Preferences > Viewing.
- Uncheck “Load remote content in messages.”
- Close the Preferences window.
(I already had this unchecked in my copy of Mail, and have long recommended that other people do so too, because loading images from HTML messages is often used for tracking, and although some of this tracking is entirely benign, I prefer a little more privacy than the default.)
The Electronic Frontier Foundation (EFF) recommends going further—removing the GPGMail plugin (if you use it) to prevent Mail from decrypting messages automatically at all. But I agree with the GPGTools developers that this step is entirely unnecessary.
On an iOS device, do this:
- Go to Settings > Mail.
- Turn “Load Remote Images” off.
And that’s it.
A Few Last Remarks
In the paper that kicked off this whole crisis, the researchers included tables detailing which of the tested clients, on various platforms, are vulnerable to each of several variations on this attack. Interestingly, Canary Mail for iOS, an OpenPGP client I mention in my book, is not vulnerable. (The researchers didn’t test the Mac version, but I assume it’s also safe.) So, if you rely on OpenPGP-encrypted email on a Mac or iOS device, switching (even temporarily) to this client might be something to consider.
Finally, and I’ve said this many times in many books, keep your software up to date. All these fixes that developers are working on do you no good if you don’t install them. So please, keep up with system updates and security fixes for macOS and iOS, and make sure your third-party apps are also up to date.
If any significant new developments arise, I’ll update this article accordingly.
Update 2 (June 9, 2018): On June 4, GPG Suite from GPGTools was updated to version 2018.02, with mitigations for EFAIL. Apple also says that macOS 10.13.5 (released on June 1) addresses S/MIME vulnerabilities, although testing by the GPGTools developers indicates that Mail remains vulnerable to some EFAIL-related exploits.
Update 1 (May 31, 2018): Contrary to my expectations, neither Apple nor GPGTools has yet delivered an update to address this problem. I still expect fixes soon, but they didn’t happen as soon as they should have. In addition, one researcher has published a proof of concept exploit that could theoretically put your email at risk even if you disable the loading of remote images as described above. (And in any case, I should note that any mitigations you undertake on your own devices won’t help if your correspondents’ devices are compromised.) Even so, I have yet to hear of any real-world attacks involving the EFAIL vulnerability, and I still believe the sky is not falling. But I sure wish the security folks at Apple and elsewhere would kick their bug-fixing into high gear.
Posted by Joe Kissell (Permalink)