How best to encrypt Mail stored on iMac?

Richard,

Yes, the answer is to use an encrypted disk image. You would create a disk image of an appropriate size to accommodate all of your email, then copy your entire mail folder ( /Users/HOME/Library/Mail) to it. Then, you would create an alias of the copy on the disk image, and use it to replace the original mail folder (removing the "copy" portion of the alias name, of course). The key is that it must be named "Mail," and it must be in the original location.

When Mail launches, it will attempt to access what is now an alias pointing to the folder stored on the mounted disk image. OS X will automatically attempt to mount it, gaining the password from either you or your Keychain (in which case it will all happen transparently), and Mail gets the access it needs.

Backups would be made in the normal fashion by Time Machine, and your mail will continue to be backed up. The only difference (and this is the only drawback) is that the entire disk image, being a single file, will get backed up each time (as opposed to only new and/or changed emails). This drawback will manifest as a higher disk space overhead for your email backups.

Scott

I'm not 100% sure that this will work, but here's the process to create an encrypted disk image and set Mail to use it:

First, open disk utility (in your applications folder) and click File:New Disk Image. In the options for the image create a sparse image, and make it encrypted. Select a size for the image (a couple of GB should do, depending on your email habits.) Save the image wherever you feel comfortable (your documents folder, for example) and give it a password.

Once the image is created, locate it in finder wherever you saved it, and double click to mount it. It'll ask for the password. Select the "save password to keychain" option so that it can automatically be opened. (However, make sure that your computer isn't set to automatically log in as your user, otherwise anyone who steals your computer will get access to this disk image in any case when the computer logs them in.)

Once it is mounted, you have to set it up so that it mounts whenever you log in. Open system preferences, and then the accounts panel. Click on your account, and then open the "Login Items" tab. Drag the mounted drive on your desktop (NOT the disk image)into the window. This will make the mac mount the drive whenever you log in.

Now, to move your mail messages onto the drive. All of the mail files are inside yourhomefolder/Library/Mail. First off, copy the Mail folder onto the new mounted drive. Next, rename the Original mail folder to something else (perhaps MailOld) Now, create an alias to the new mail folder on the encrypted drive inside yourhomefolder/Library and call the alias Mail. In other words, inside your Library folder, you should now have an alias called Mail that points to the Mail folder on the encrypted drive.

In theory, that should be it. Open the mail application, and it should work exactly as it did before. There is only one potential glitch: if mail doesn't follow the alias in your Library to the encrypted drive. If that is the case, you probably won't see any emails inside mail and it'll start up as if it's a clean install (ask you to create accounts and such.) If that happens, then instead of using a finder alias, you'll have to use a Unix soft link. This isn't at all difficult to create:

First, delete the alias you made in the library folder, then
open Terminal in you Utilities folder. Type the following command:

ln -s "/Volumes/nameofencrypteddisk/Mail" ~/Library/Mail

(make sure to replace "nameofencrypteddisk" with the name of your encrypted drive) and then hit return. That command creates a soft link that, for all intents and purposes, programs on your mac can't distinguish from the original folder. Now try opening Mail and see if it works.

If it does work, you can delete the MailOld folder in yor Library to free up some space (though I'd make a backup just in case.)

Finally, because the disk image is encrypted, Time Machine won't be able to look inside it. Thus, even if one bit inside the disk changes (if you receive a new email, or even just READ an email,) Time Machine will try to back up the ENTIRE disk image. This really isn't good, especially if, like me, your mail folder is a few GB in size. Thus, set TM to ignore the file by dragging the disk image file into the ignore list in TM preferences. However, this does meant that YOU (or some other backup program you have) have to remember to back up the disk image every now and then.

This same process can be used for just about any other application's data on your computer - for example, you could put your iPhoto or iTunes library on an encrypted image, or your safari history, the possibilities are endless.

Hope that helps!

You can also do individual mailboxes using this technique. For example, let's say you archive your mail into a mailbox on your Mac called "Personal Folder 2007". In ~/Library/Mail/Mailboxes, there will be a directory called "Personal Folder 2007.mbox" (with no quotes).

1. Create the encrypted sparse disk (mine is called Mail.sparseimage), mount it, and copy the "Personal Folder 2007.mbox" to it.
2. Quit Mail
3. Move or delete the Personal Folder 2007.mbox from Mailboxes folder.
4. An alias didn't work for me so I used ln from the command line:

cd ~/Library/Mail/Mailboxes
ln -s /Volumes/Mail/Personal\ Folder\ 2007.mbox

5. Start Mail back up and you will see the "Personal Folder 2007" with your messages in it. You can test this by quitting Mail, unmounting the disk image, starting Mail back up and the mailbox should not be there.

Unlike gresmi, I put the disk image in the Login Items for my account and didn't add the password to the Keychain. This results in the OS asking for your password for the disk image at login before the disk image will mount. That's my preference.

I'm sorry. This question is marked as "Answered" but there is something strange that happens on my Mac when I follow these instructions. Like many, I had to create a symbolic link from the terminal rather than use the Alias...that wasn't a problem. I can send/receive/read/write email all while it stays safely encrypted on the Sparse disk image that I created (by the way THANKYOU for making creating the sparse BUNDLE image an option, this makes it useable for time machine so it doesn't back up the whole thing)...Mail appeared to work perfectly with my folder in the new location

HOWEVER...I quickly discovered that the search tool in the upper right hand corner of the Mail View no longer works (the same)...It will all me to search the "from", "to" and "subject" lines like any old mail program would, BUT the "Entire Message" option returns on results. There must be something special about the Library folder in my Home folder, because I haven't restricted my spotlight settings. In fact with the disk mounted, I even re-indexed my WHOLE computer just to see what would happen. Spotlight is able to search for FILE names on my encrypted disk, but the search "Entire Message" still doesn't work...are there any solutions? I've spent a great deal of time searching the internet for a solution to no avail. I feel like this question requires a real mac genius, but there are other people throughout other forums posting the same question with no answer. I'm no genius, but I'm not afraid of using Terminal if I'm told the basic gist of what should be typed there. Thanks!

@jennings: Have you solved the problem? I am looking for exactly the same.

Cheers
w.