You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Junk email automatically previewed - any risk? (iPadOS)

Hi all,


As I tried to delete a junk email, I noticed that the email automatically previewed (iPadOS Mail App). Does this pose any threat to my device?


Many thanks.

iPad (6th gen) WiFi

Posted on Jun 26, 2020 3:29 PM

Reply
Question marked as Top-ranking reply

Posted on Jun 26, 2020 4:35 PM

Yes - and no...


Before proceeding, it is worthwhile to state that iOS/iPadOS, if not jailbroken, is not susceptible to malware infection in the traditional sense per-se - but, in common with all computing systems, is vulnerable to many other threats and threat actors. Immunity from threat is a myth - falsely perpetuated.


As to your question...


Many email messages contain images - some visible, some not. These images may be used to

  • detect that an email has been accessed
  • attempt to deliver a malicious payload via the Mail client
  • attempt to load a malicious linked page via your default web browser (Safari).


The best defence is to “harden” your iPad. Doing so will allow you to review email content - without automatically downloading or triggering embedded content.


To “harden” the iPad and its desired behaviour it is necessary to change/set some settings for various App elements in iPadOS.


1) In iPad Settings, disable Automatic loading of remote images:

Settings > Mail > Load Remote Images - set to OFF


2a) Open the Mail App. From the sidebar, open an email that contains an embedded web-link to a safe/trusted website.

2b) From the main message pane, long-touch the embedded link to a web-age; a preview window will open.

2c) At the top of the preview window, tap Hide Preview (this inhibits loading of image elements); selecting Show Preview reverses this setting such that the preview will download potentially malicious content. This setting is “sticky”.


3) Install and configure a good quality Content Locker; highly recommend for iOS/iPadOS/macOS is 1Blocker for Safari:

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


The full benefits of installing a comprehensive Content blocker - that processes locally on the iPad without reliance upon an external proxy - is beyond the immediate scope of this reply.


4) Change your DNS server settings to use a high security Recursive DNS provider. Quad9 is highly recommended:


Quad9

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9


OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2


Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001


Items (1) and (2) are essential hardening settings. If you concerned about email threat, these should be considered as a minimum.


Item (3) I strongly recommend for its depth of protection in defending against browser-based attacks - but comes with a small cost. Item (4) comes at no cost and adds protection against a multitude of internet threats; (3) and (4) provide complementary “defence in depth”.


Implementing all four measures provides considerable protection from a high proportion of internet threats to which your iPad (and other computing devices) are exposed.


I hope this information and guidance is helpful to you - resolving any concerns you may have.


6 replies
Question marked as Top-ranking reply

Jun 26, 2020 4:35 PM in response to Bookieme

Yes - and no...


Before proceeding, it is worthwhile to state that iOS/iPadOS, if not jailbroken, is not susceptible to malware infection in the traditional sense per-se - but, in common with all computing systems, is vulnerable to many other threats and threat actors. Immunity from threat is a myth - falsely perpetuated.


As to your question...


Many email messages contain images - some visible, some not. These images may be used to

  • detect that an email has been accessed
  • attempt to deliver a malicious payload via the Mail client
  • attempt to load a malicious linked page via your default web browser (Safari).


The best defence is to “harden” your iPad. Doing so will allow you to review email content - without automatically downloading or triggering embedded content.


To “harden” the iPad and its desired behaviour it is necessary to change/set some settings for various App elements in iPadOS.


1) In iPad Settings, disable Automatic loading of remote images:

Settings > Mail > Load Remote Images - set to OFF


2a) Open the Mail App. From the sidebar, open an email that contains an embedded web-link to a safe/trusted website.

2b) From the main message pane, long-touch the embedded link to a web-age; a preview window will open.

2c) At the top of the preview window, tap Hide Preview (this inhibits loading of image elements); selecting Show Preview reverses this setting such that the preview will download potentially malicious content. This setting is “sticky”.


3) Install and configure a good quality Content Locker; highly recommend for iOS/iPadOS/macOS is 1Blocker for Safari:

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


The full benefits of installing a comprehensive Content blocker - that processes locally on the iPad without reliance upon an external proxy - is beyond the immediate scope of this reply.


4) Change your DNS server settings to use a high security Recursive DNS provider. Quad9 is highly recommended:


Quad9

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9


OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2


Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001


Items (1) and (2) are essential hardening settings. If you concerned about email threat, these should be considered as a minimum.


Item (3) I strongly recommend for its depth of protection in defending against browser-based attacks - but comes with a small cost. Item (4) comes at no cost and adds protection against a multitude of internet threats; (3) and (4) provide complementary “defence in depth”.


Implementing all four measures provides considerable protection from a high proportion of internet threats to which your iPad (and other computing devices) are exposed.


I hope this information and guidance is helpful to you - resolving any concerns you may have.


Junk email automatically previewed - any risk? (iPadOS)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.