OS X Yosemite Mail

Apple’s Mac operating system is generally considered to be secure, but German security researchers have discovered what appears to be an oversight in how OS X 10.10 Yosemite’s overhauled search feature, Spotlight, handles remote content loading in messages through the default Mail app.

As Ars Technica reports, Spotlight search on OS X Yosemite appears to be overriding Mail’s security feature that prevents content stored on remote servers like images from being loaded which spammers can use to track personal information including IP address and more.

The way the security setting in Mail is supposed to work functions properly within the Mail app. For example, if you check the toggle labeled ‘Load remote content in messages’ off you will no longer see rich emails with images stored on servers in the message.

This behavior, however, does not extend to Spotlight search on OS X Yosemite. If you disable remote content loading and search for a term that pulls a message from Mail, you will indeed see remote stored content as if the toggle was never switched. As Ars points out, disabling remote stored content is a security feature that prevents email-based spammers from accessing personal information including your IP address.

Remote content enabled versus remote content disabled in OS X Mail

While the remote content load setting is turned off by default of OS X Yosemite, users should expect it to extend to Spotlight search, but alas, that’s not the behavior on the latest version of OS X 10.10.1. In the meantime, concerned users with the preference to not load remote content in messages can avoid using Spotlight search or disable Mail & Messages from Spotlight’s source list in the System Preferences app until a software update fixing the behavior is released.

Spotlight System Preferences Mail and Messages

Youur preferences should appear as above if you decide to disable Mail & Messages content from appearing in OS X Yosemite Spotlight search results.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author


Zac covers Apple news, hosts the 9to5Mac Happy Hour podcast, and created SpaceExplored.com.