Skip to main content

Security Bite: iCloud Mail, Gmail, others shockingly bad at detecting malware, study finds

Email security today has many shortcomings. It is widely known that email service providers cannot prevent every suspicious email from being received. However, a new study by web browser security startup SquareX reveals how little companies are doing to block malicious attachments and protect users.


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


By collecting 100 malicious document samples of different types classified into four main groups, researchers discovered that popular email service providers lack one basic security measure: scanning attachments.

It sounds like the early 2000s, but email attachments are still one of the primary ways through which malware, such as viruses, trojans, ransomware, etc., can infect a victim’s machine. These attacks continue to be lucrative vectors for cybercriminals for many reasons, mainly because of the growing popularity of ransomware.

The four malicious document categories were classified as the following:

  1. Original Malicious Documents from Malware Bazaar
  2. Slightly Altered Malicious Documents from Malware Bazaar, such as changes in
    metadata and file formats
  3. Malicious Documents modified using attack tools that have existed for many years
  4. Basic Macro-enabled Documents that execute programs on user devices

First reported by Forbes, researchers took samples, attached them to emails, and sent them through Proton Mail to addresses on iCloud Mail, Gmail, Outlook, Yahoo! Mail, and AOL, part of the Yahoo! group. Notably, if the emails were delivered successfully to the users, they might be vulnerable to any potential threat contained within those attachments.

The table below summarizes the results of sending 7 of the 100 malicious samples to the various email providers, indicating whether the malicious attachment was delivered. “If an email was undelivered, it is a sign that malware was detected when the email was being processed by the server,” according to the study from SquareX.

Email service provider chart showing which malware type was delivered
Table showing what malware samples passed which email provider’s scanners and delivered successfully
via SquareX

The dilemma

Investing in robust email security features may seem like the obvious critical part for protecting users. However, Ian Thornton-Trump, CISO with threat intelligence solutions firm Cyjax, told Forbes, “this is akin to asking the free Wi-Fi at a Starbucks why are they not blocking more or all cyber attacks.” He further explained that it’s tough to balance free and secure in the same sentence.

Thornton-Trump argues that adding advanced email security features “can be deeply problematic with false positives, which may involve the use of technical support resources to help or fix—that expense across millions of users on a free platform may be commercially untenable.”

Moreover, others argue email providers are dragging their feet on something that could cost substantial resources and impact their bottom line.

What do you think? Let us know in the comments below.

More in security

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications