Hi MPUers,
- How does Mail store emails? On device or iCloud?
- Are these emails on device/iCloud encrypted or can be read by any app/person
If you are using Mail, how do you like it? Planning to switch from gmail to Mail app
The answer on both these questions is: it depends.
It’s installed on any Mac, iPad and iPhone. Not a huge barrier to try it yourself.
2 Likes
In addition to @vco1’s comments, to give Apple Mail a try, fire it up and connect you Google mail account to it.
Like @vco1 I have Apple mail on all my Apple devices, and have done so for years. Works fine and is integrated with the Apple ecosystem pretty well and for me that a benefit. The Google mail app on iOS useful to help manage Google 2-factor security. So I have it, but don’t use it really much for mail.
1 Like
Are you switching from gmail to icloud or just connecting your gmail account to mail app?
Email is the least secure messaging system we use. All of the protocols, SMTP, IMAP and POP are designed without encryption or authentication. Any security has to be added on top by something like PGP.
5 Likes
Mail downloads your email messages from the account provider you have and creates local archives that, for all I know, are not encrypted. Someone with access to your Mac account or your physical disk could read those emails. Enabling full-disk encryption will mitigate the last attack vector.
2 Likes
The thing to remember is that Mail is an app, not a service. It uses standard protocols (IMAP,POP) to send and receive email via mail servers, including those operated by Apple (for iCloud mail).
So if your email provider encrypts, Mail will get encrypted messages, and it’ll be up to you to decrypt them. Or if you send an encrypted message from your Mac, it will be encrypted, and it’s up to your recipient to decrypt it. That’s end to end encryption, but Mail isn’t doing it.
Keep in mind that at least some email metadata – including sender and receiver (or at least reply-to), time and date, IP addresses, etc etc – isn’t and can’t be encrypted; servers wouldn’t know where to send messages, or how to send any response from the recipient. And, as has been pointed out, email on the Internet was never designed to be particularly secure, whatever email client you use
2 Likes
Just to expand on this for the OP: IMAP and SMTP do have encrypted versions that you should use if your service provider supports them. Using them does not change the fact that plain old email (without an additional layer of encryption such as PGP, as @jcarucci mentioned) should never be considered a private, for a number of reasons.
2 Likes
Since I have no control of the copies of messages I have sent to, or received from, others I have no expectation of privacy.
1 Like
Just connecting gmail to Mail app
Then nothing goes to iCloud, it is just on your devices via imap. Any security off device is on google.
2 Likes
Just clarifying for OP, unless I’m misunderstanding - the transmission is encrypted when using POP3, IMAP, or SMTP over SSL, but the data it’s actually transmitting is stored “at rest” on both sides as cleartext.
If you have email on a given server, unless you’re using PGP or something the admin of that server can go read your email whenever they feel like it. And even with tech like PGP, the headers (who it’s from, who it’s to, where it went on the way, when it was sent, etc.) are all available in cleartext.
4 Likes
So all the mail is only saved on the device? How does it sync between devices then?
To what I say on iOS, it was asking me to enable iCloud sync so I can use Mail on both mac and iOS
It makes me a bit anxious every time I get to know about how much admins/companies have access to our data (email and other stuff). End-end encryption should be the norm.
PS: I should stop reading all this stuff to keep life simpler. Don’t know how y’all handle this. 
1 Like
If you’re using IMAP, it doesn’t sync “between devices”. It syncs between each device and your provider’s IMAP server. Since both devices are syncing to and from that server, the devices are in sync as a side effect. 
2 Likes
And if your provider doesn’t support them, find a new provider.
So I started using Mail on iOS, its pretty barebones but has a few nice features.
One thing I can’t seen to figure out is, it does not show gmail labels on the email itself. I mean there are folders for each label, but email sitting in my inbox with label (in gmail), don’t have any label in inbox in Mail. They show up in the label folder though. But I want the label tag to show in the inbox as well. Any way to make this work?
And, any suggestion on privacy in Mail? I used to keep images blocked in gmail to avoid pixel tracking and “Read” indicator. I just tried the same thing with Mail by enabling “Block All Remote Content”, it was still showing a few images that were being blocked by gmail. How effective is this in your experience?
Based on what I read, “Protect Mail Activity” proxies the mail hides the IP, but the images are all loading up, which can let the sender know if I read the email or not, which is what I don’t want.
Long story short, the way Gmail works and the way Mail works is different. This is mostly because Gmail isn’t standard IMAP, and Mail is.
Gmail stores ONE copy of the message, and applies multiple labels to it on the back end so that it can show it in “folders” - but the folders are illusory. The mail lives in “All Mail”, and is surfaced in different views based on tags/labels.
Mail is standard IMAP, which means that if an email has three different labels, and is thus in three different “folders” in Gmail, Mail sees three actual folders and will therefore download three copies.
This would be true of any standard IMAP client trying to access Gmail.
3 Likes