Glitch in OS X search can expose private details of Apple Mail users

Performing a Spotlight search opens email previews that load external images, even when the Mail client is asked not to do this

A glitch in the search software in Apple's OS X Yosemite can expose private details of Apple Mail users, revealing their IP address as well as other system details to spammers, phishers and online tracking companies.

The potential privacy risk appears when people use the Spotlight Search feature, which also indexes emails received with the Apple Mail email client. When searching a Mac, Spotlight shows previews of emails and when it does this, it automatically loads external images linked in HTML email.

The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.

Opening external files can reveal private data to email senders. Senders often include so-called tracking pixels, usually a link to a one-pixel-square GIF file, in their email, which sends information back to the sender when an email is opened and the external image is loaded. Those pixels are often used by email marketeers to gather data.

The potential privacy issue was first reported by German tech news site Heise, and has been replicated by the IDG News Service by sending several emails with tracking pixels to a mail address linked to Apple Mail. A preview of the unopened emails was shown by Spotlight, which revealed to the operator of the server hosting the pixels the receiver's IP address, current OS version and some details about the browser used as well as the version of Quick Look, a program that let's users preview a document.

An IP address can reveal someone's location, although this is not always very accurate. Meanwhile, knowing more details about a user's system could potentially be interesting information for hackers.

At the moment, the only way to work around the issue seems to be to uncheck the "Mail & Messages" box for Spotlight in System Preferences. When this option is disabled no mails are returned in Spotlight's search results, and thus, no preview is shown.

We asked Apple why the "load remote content in messages" Mail privacy setting does not apply to mail shown in Spotlight searches, as users can reasonably expect it does, and asked if it is planning to fix this issue. Apple did not immediately respond.

(With additional reporting by Lucian Constantin of IDG News Service.)

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags AppleMac OSapplicationssecuritye-mailsoftwareoperating systemsprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?