Filed under: Security, Leopard
Cached Leopard Mail images: friend or foe?
TUAW reader Simon wrote in to us, to share one of his favorite new Leopard features--and its unexpected consequences. After clicking on an All Images search, he was astonished to find any number of odd gifs and jpgs pertaining to, um, Viagra, and er, male enhancement. He quickly realized that All Images was displaying bits (and we do mean bits) from Mail's download cache. This means that although he set Mail to not download HTML images, they're getting downloaded anyway. Simple annoyance or possible security breech? You tell us in the comments.

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 2)
Sam Katz said 11:09PM on 11-07-2007
security breach. These images are trackers, so that tells the spammer that the e-mail address is valid. Dumb. Even Outlook does better.
Reply
William Sun said 8:11PM on 11-07-2007
That's why I disable all the 'Search For' items in fear of something like this.
Reply
link.dupont said 8:18PM on 11-07-2007
CoverFlow is b0rken for me anyway, so I don't have to worry about this... http://myskitch.com/link/fullscreen_spotlight_messed_up-20071107-095750/
Reply
Brian E said 8:19PM on 11-07-2007
I don't think it's downloading HTML images. Most of these spam images are sent as attachments.
Mail should delete the cached image when the message is deleted, especially if the mail is marked as junk.
Reply
Macroy said 8:30PM on 11-07-2007
This explains the funny looks I was getting when I demo'd CoverFlow for my grandparents!
Reply
starwxrwx said 9:02PM on 11-07-2007
If it IS downloading images via HTML, then that is a serious problem - one of the main ways that SPAM emails determine if your address is valid is if these images get downloaded (there is usually a reference string that informs the site which email address downloaded the image, I think that's how it works).
Reply
Rboyett said 9:09PM on 11-07-2007
starwxrwx is dead on right. The email client shouldn't be downloading those images to being with. It is really screwed up if it is and it is a security and privacy breach.
We need to get some verification on this..
Reply
The Wildman said 9:18PM on 11-07-2007
I'm seeing the same thing, but the images are attachments...not HTML based images. I'm not seeing the images initially because those emails are going straight to my Spam box, and not my Inbox. So, an "All Images" search may bring up some interesting results in this scenario, but only because I haven't seen the images before. When the Spam is deleted, those images will obviously go away.
Reply
hs said 9:24PM on 11-07-2007
Most email spam images are attachments, not HTML embeds.
Reply
Aaron Yates said 9:35PM on 11-07-2007
You could just lock the folder the caches are going to as a temporary fix until this is resolved.
Reply
RobW said 10:21PM on 11-07-2007
Er, the word is BREACH, not breech (which means coming out butt first during birht), and although this defn may apply here, I don't really think you meant that.
This is NOT a good day for American word and date usage!
Reply
Eric M. said 9:44PM on 11-07-2007
Yeah, this post should be updated. Those images are attachments, not downloads. This is not a security issue with mail.
Reply
matthew_treder said 10:12PM on 11-07-2007
Presumably you meant "security breach"?
Reply
Rob said 11:03PM on 11-07-2007
And I can't spell today either-- try "birth"
Reply
Erik said 2:45PM on 11-21-2007
Embedded images will automaticly save themselfs, as they are part of the message itself. It's just raw data that is being written to a (temporary) file. Just look a the source of such a message.
It isn't considdered a breach, since the data is already recieved, rather than opening a connection to some bogus server to download an image, which ofcourse can be addressed to as a breach. Just my 2 cents :)
Reply
Simon said 11:15PM on 11-07-2007
You know - you guys are right - these have to be attachments. It makes sense - and it makes me feel better about Mail not downloading html images in the background. Thanks TUAW community - you guys are the best.
- Simon
Reply
Jack said 4:36PM on 11-08-2007
I've noticed a breach along the same lines. I have multiple users and although you can't access another users files by going to their home folder, spotlight and "search for" return other users files that are then viewable by quickview.
Reply
rcfa said 3:01AM on 11-08-2007
These images are NOT HTML references cached, these are attachments that many spam e-mails now have. If the user would enable the attachment count column in their e-mail message list, they'd see which (spam) messages come with attachments.
The strategy is to attach the entire spam as a picture with a noisy background pattern, such as to prevent text based spam filtering and to thwart OCR based image to text conversion during spam filtering.
These images will deleted from the cache as the messages are DELETED, but not if the messages are just MOVED to the spam folder. Also, for the images to be deleted, the "remove unedited downloads" preference (under Mail's General tab) must be set to "After message is deleted", because as far as Mail is concerned, it's "downloading" the images from a data source i.e. the attachment.
It would of course be nice if the mail download folder could distinguish between what's in the Junk folder and what's not, but if you don't want these sort of surprises, change your spam handling rules to custom settings and have spam deleted on arrival, then you should not have these images in the first place.
Reply
Travis L. said 2:10AM on 11-08-2007
As a quick temporary work around, I just had spotlight ignore my Deleted Messages, Junk, Trash mailboxes. Works fine for me.
Reply
MacMacken said 2:29AM on 11-08-2007
Thank you for your statement, Simon. It's now up to TUAW to post a corrigendum.
Reply