Question
How secure empty trash mail messages? There is a way to do it with smart mailboxes or so? I’ve been using a “rude” solutions: Created a new mail box “Trash it”, and regularly pick it up from my user/Library/mail/mailboxes/ and put into the trash, then choosing “Secure empty trash” from the Finder.
Hoping you find an easier way!!
Thanks!
Answer
There are several ways to accomplish this, but I’ll list the two that make the most sense for your situation. The root problem is that Mail doesn’t have this ability. The AppleScript commands for messages lack the ability to locate the actual on-disk message file. While one could try to use mdfind to locate the right message, it might match other messages as well simply due to the nature of the beast. So, doing things within Mail to accomplish this appears to be bust.
Hope is not lost, however, as there’s a pair of ideas. The first involves effort and obfuscation. The second involves no effort but a vulnerability period and a lot of time. Choose your tradeoff.
Method One: Encryption
Use FileVault. I don’t know you, so you can’t kill me when it eats all of your data, so I’ll recommend it. If that doesn’t ward you away from it, then have fun.
If you’d like a little more control over the process, or have more than a passing interest in retaining your data, I recently talked about encrypting all of your Mail and that method would ensure that any deleted messages are still scrambled on the physical disk and only scavengable when the image is mounted (and, thus, the password known or the operator careless).
Method Two: Periodic Wipes
The other method is a set-it-and-forget-it solution that is both overkill and a complete waste of time. That said, it works well. Setup a periodic task (cron is fine) that does the following:
diskutil secureErase freespace 3 /
This will cause Disk Utility to perform a DoD 7-pass secure wipe of all the free (unallocated) space on your drive, completely preventing data recovery of any deleted files. This is also JC’s worst nightmare. 
Anything you’ve ever deleted is gone for good. This is good and bad. If you have catalog corruption that is unrepaired (specifically, any problem with the extents file), you could lose unlinked parts of affected files. This is a less than one in one thousand chance of data loss, but worth mentioning. Before running the above, you should ensure the system runs, and completes, the following task:
diskutil repairDisk /
Mac OS X 10.4.3 and higher can repair a mounted disk if it is formatted as Mac OS X Extended (Journaled).
Doing a CMD-X (cutting) of the mail message that you wish to securely trash. When you CUT the message out, it’s stored in the clipboard but the second you copy/cut something else unrelated, the message is destroyed forever! No trace of it anymore. This works for me and has been the fastest/easiest way.
Not quite. When Mail goes to delete it off the disk as you cut it it still leaves the old content behind on the disk. The concept here being that even if you delete a file it’s still around and it doesn’t write over it (which is what a secure delete really is).
Could you please help me with this!
I have FileVault up and running. Let’s say I delete a Mail message – the deleted mail message will remain on the hard disk somewhere (as Mail doesn’t use ‘Secure Empty Trash’), presumably it will be left on the HD somewhere outside the FileVault sparse image – because when I switch off, the FileVault sparse image will be resized to fit the remaining files. So this must mean that the deleted mail message is sitting somewhere UNENCRYPTED (as it’s no longer inside the FileVault sparse image)!
So, I’m starting to think that the only way to securely delete my mail messages, even when USING FILEVAULT, is to find the Trash folder inside ~/Library/Mail…etc and then use the ‘Secure Empty Trash’ via the trash can! – this is a hassle when using IMAP as my folders are automatically synchronised, so I’d have to take Mail app offline, securely delete the trash, then log into my mail account via my browser to delete the trash from there. And then put Mail app back online!
I hope I’m completely wrong about all this. But it’s an interesting thought – what does happen in general to files that you delete whilst using FileVault (not only mail messages) – how are they kept secure?! After all, if they are all still fully encrypted or securely deleted automatically, then why have the ‘Secure Empty trash’ option whilst running FileVault?!
By the way, I make regular backups just incase any problems crop up with FileVault. With backups, I think Filevault is a good choice as opposed to making your own sparse images…
Thanks in advance!
Rest assured, you are completely wrong.
Trashed files are moved to the ~/.Trash folder in your home directory. As it resides in your home, it’s protected by FileVault. When the file is removed, the link to the file on the FileVault filesystem is removed and the data is then abandoned on the disk in encrypted form. When the FileVault image is resized, the data is further abandoned, still encrypted by FileVault.
At no point when moving a file is the file actually moved. All you’re moving is a pointer to the file (unless you copy it to another disk). Throwing away things in your home does not copy it to another disk, but leaves it in your home, still encrypted.
Just use it, it works.
look at it like this. let’s say the following line of text is the last bits of data in a sparse image, and the ‘]’ at the end is the end-of-volume.
...and let’s say that this data corresponds with the encrypted data for a plain text email message. Let’s say you delete this data from Mail.app, and FileVault eventually contracts as a result. What you’re left with is this, with the ‘]’ representing the new EOV.
What comes after the ‘]’ is still encrypted, and better yet, it’s now disassociated with the FileVault image that is the only chance to decrypt it.
My answer for customers who’ve lost data in conjunction with FV is pretty simple, whether it’s a true data recovery situation or an accidental-deletion issue.
“Yeah, that sucks. Sorry.”
Thanks, Adam and JC, for replying to my question! I suppose the main thing to remember, then, is that all the files in the Home folder remain encrypted all the time, even when you’re logged in. And they only get decrypted when you (or the computer) go to open one of the files to actually use it…And then it’s re-encrypted when you’re not using it any more.. – I suppose it would be a bit ridiculous if the computer were to decrypt the whole lot immediately as you logged in, just in case!! – that would be one hefty procedure…
So, this means that it is absolutely unnecessary to use the Secure Empty Trash on items held within the Home folder…(when FileVault is on)! I will now only use Secure Empty Trash on items held outside the Home folder!!
By the way – early experiences of using the FileVault… So far everything is running smoothly. Only slight hiccough so far is that the preferences for Firefox and NetnewsWire seem to get lost each time I log in… (that is, the preference for them to be the default applications) But then, this seems to be happening less often with Netnewswire… Maybe it takes a bit of time for the computer to get into the swing of it!? The tab feature in Safari also mysteriously disappeared – I certainly don’t remember disabling tabs! (I had to pop back into Safari preferences to re-enable them!) – I seem to remember some comments about FileVault messing with preferences. I wonder why this happens??! (I’m sure there are some answers to this on another thread…)
Thank you, again, for you help.
I wouldn’t go that far, actually.
While it’s true that files remain encrypted until opened (a big reason why using Garage Band or FCP sucks hard if your home is FileVaulted), the system has the credentials to do that at any time while you’re logged in.
To boot, if you normal-empty-trash, and someone gets a hold of you FV and your password, they may be able to recover your data. Inside of FileVault, if you want to be ultra-sure, use Secure Empty to make sure that, even if someone gets all of your credentials, they still can’t get anything.
Post new comment