How to protect mail activity and safeguard your account

If you want to minimize the tracking of your email behavior, Apple has a useful feature you can try. Learn how to protect mail activity and enjoy more privacy.
If Apple Mail is your chosen email client, you may have heard about the Mail Privacy Protection (MPP) feature. It promises to increase the security of your incoming mail and stop marketers and other third parties from tracking your activity.In this guide, you’ll learn how to protect mail activity with MPP and how the feature works to safeguard your data. You’ll also see the potential drawbacks of this security layer and find out what you can do to keep your correspondence private and confidential.
Secure your digital lifeProtect your email activity and keep your account safe with Skiff's cutting-edge security practices
Sign up

What is Mail Privacy Protection, and why is it important?

You’re probably subscribed to at least a few email lists. As much as you may enjoy the content you’re receiving from them, you might be unaware of the amount of personal data the sender obtains through such lists. They allow the sender to track your online behavior, most notably:
  • Date and time of opening
  • Number of times you saw the email
  • Whether you’ve forwarded it
Mail Privacy Protection aims to prevent senders from seeing this information in two ways:
  1. Hiding your IP address
  2. Downloading remote content privately
Your IP address is a crucial piece of information that can reveal highly sensitive data like your location. That’s why keeping it concealed is an excellent first step toward higher email security.For additional security, Mail Privacy Protection downloads remote content on a proxy server so that it doesn’t reach you. To understand why this is so important, you must familiarize yourself with tracking pixels.

The dangers of tracking pixels

Also known as spy pixels, tracking pixels are embedded in most emails you receive from a newsletter or similar source. They come in the form of imperceptible 1x1px images and are used to track the recipient’s behavior.The pixel is automatically downloaded when you open the email and used to feed information back to the sender. This is mostly done for marketing purposes as it helps companies understand your buying journey better. While there’s typically no malicious intent behind such practices, they’re still a significant invasion of your privacy.Worse yet, hackers can misuse spy pixels to fine-tune phishing attacks—a common form of cybercrime targeting users with spoof emails aimed at stealing their login credentials or other sensitive information. By learning your email habits, the attacker can customize the phishing message and send you an email with a higher chance of success.To prevent the above issues, Mail Privacy Protection downloads the spy pixel on a remote server before the email reaches your inbox. You get a “clean” version that can’t be tracked, so you can have more privacy and avoid exposing yourself to the risk of elaborate cyberattacks.

How to protect email on iPhone and Mac

Mail Privacy Protection isn’t enabled by default, so you’ll need to turn it on manually. Follow these steps to do it on an iPhone:
  1. Go to Settings
  2. Scroll down to Mail
  3. Tap Privacy Protection
  4. Toggle Protect Mail Activity on
Source: iPhone screenshotIf you disable Mail Privacy Protection, you’ll see an option to turn on its two features separately. You can choose to only hide your IP address or block remote content.
Source: iPhone ScreenshotOn a Mac, you can take the following steps to enable MPP:
  1. Open the Mail app
  2. Go to Mail > Settings
  3. Under Privacy, check the Protect Email Activity box
Source: MacBook ScreenshotNote that when you activate MPP on one Apple device, it’s automatically enabled on all others connected to the same iCloud account. There have been some vulnerabilities regarding the Apple Watch, but they’ve been resolved.

Is Apple Mail secure enough after the introduction of MPP?

Apple Mail is generally considered more secure than Gmail, Outlook, and most other Big Tech email services. Note that this is mainly true if you use Apple as both your client and provider—you can connect other accounts to Apple Mail, in which case your security largely depends on the other provider’s measures.Mail Privacy Protection certainly increases your security levels, but it’s not without flaws. The feature only safeguards incoming mail to an extent, so there’s no advanced protection for sent emails.Another significant vulnerability of Apple Mail is the encryption you get. By default, the service offers two encryption types provided by most Big Tech solutions:
Encryption typeWhat it protects
Encryption in transitEmails traveling between the sender and recipient
Encryption at restIdle emails sitting on the provider’s server
These encryption types are not enough to secure your correspondence. For ultimate protection, you need end-to-end encryption (E2EE).
Fortify your email account with E2EEStay one step ahead in protecting your data with Skiff Mail's encrypted service
Sign up

End-to-end encryption—the gold standard of email security

As the name implies, E2EE offers comprehensive email protection between endpoints. The main reason for this is that encryption keys are inaccessible to anyone but the recipient. They’re created on the user’s device and stay on it, which means plaintext email versions can’t be seen by:
  • Third parties
  • Hackers
  • The service provider
With end-to-end encryption, you can rest assured your emails are only readable by the intended recipient and that your private information won’t leak. Any exception to this rule would involve someone stealing the decryption key from the user’s device, which is far less likely than obtaining it from the provider’s server (where they’re stored without E2EE).Apple Mail doesn’t offer end-to-end encryption by default. It supports optional S/MIME integration, but configuring this standard can be complex and time-consuming unless you have a certain degree of technical knowledge.Besides, S/MIME has been tied to significant vulnerabilities, so it’s far from the most secure encryption protocol.To enjoy peace of mind knowing that your correspondence isn’t visible to any unauthorized parties, you should opt for a privacy-first email service like Skiff Mail.

Skiff Mail—cutting-edge privacy without complications

Skiff Mail gives every user complete security without the need for complex setups. It uses strong end-to-end encryption involving two separate keys—public and private.The public key is used for encryption and shared between the sender and recipient. The private decryption key is safely stored on the user’s device, ensuring nobody—not even Skiff’s team—can access plaintext copies of emails. Every email is encrypted on the user’s device before leaving it and reaches Skiff’s servers in ciphered form.Privacy with Skiff doesn’t end at advanced E2EE—thanks to the Secure Remote Password algorithm, you can sign up without leaving any personal information to enjoy complete confidentiality and anonymity. Skiff is strict about its zero-knowledge policy, so your login credentials won’t be stored on the servers.These security measures stand behind a beautifully designed user interface, so you don’t need any technical knowledge to leverage them. Skiff made sure every feature and action was laid out in a user-friendly way to maximize productivity.For anonymous communication and file sharing, Skiff also integrates with numerous crypto wallets, most notably:Skiff is open source, so the codebase is transparent and available for review. You can find it on the platform’s GitHub and read the whitepaper for additional information. To become a part of Skiff’s growing community of privacy-conscious users and experts, join the Skiff Discord channel.

One account, four E2EE platforms

Besides mail, Skiff offers three end-to-end encrypted products to let you create a secure ecosystemSkiff Pages, Skiff Drive, and Skiff Calendar:
Skiff PagesCreate, edit, and share documents securely in an end-to-end encrypted environment. Skiff Pages combines a rich text editor with various collaboration features to help your team complete projects more effectively
Skiff DriveA secure alternative to Google Drive and similar cloud solutions. Besides E2EE, Skiff Drive supports optional InterPlanetary File System (IPFS) integration to ensure your sensitive information is kept in a safe, decentralized space
Skiff CalendarAuto-syncs emails with events to help you stay on top of your schedule. Skiff Calendar also lets you host private meetings and video conferences, facilitating streamlined collaboration
Skiff platforms are available on iOS and MacOS, so you can enjoy privacy at home and on the go. If you plan on using Skiff on other devices, you can download the Android app or use the web apps on any major browser.

No time limits, no commitments

All of the above features come with Skiff’s generous free plan that doesn’t expire. You get outstanding security and privacy alongside numerous features typically reserved for paid users:
  • 10 GB of storage
  • Fast email and text search
  • Five folders and labels
  • Four aliases
Getting started is simple—all you have to do is:
  1. Visit the signup page
  2. Choose your account name and password
  3. Start using Skiff Mail and other end-to-end encrypted products
The average user should find the free plan robust enough for their everyday needs. If you need additional features like custom domains or expanded storage, you can choose from the platform’s affordable paid plans.

Switching from Apple Mail? Skiff has you covered

You don’t need to start fresh and lose your previous conversations to protect your correspondence with Skiff Mail. The platform’s one-click migration will transfer all your data so you can safeguard it immediately. No unencrypted copies will be saved, so your messages will remain confidential.Note that no email provider can offer complete protection if your device is compromised by malware. While Apple’s devices are quite safe by default, don’t underestimate the importance of proper cybersecurity hygiene. This includes the following practices:
  • Setting long, complex passwords on all your accounts
  • Enabling two-factor authentication wherever possible (Skiff supports it through the Authenticator app, ensuring you don’t need to leave your phone number)
  • Watching out for signs of phishing
  • Staying away from public Wi-Fi whenever possible

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required