Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A method to securely empty trashed Mail messages Apps
Here is the problem: How to securely empty Mail's trash (for privacy reasons)? Here's how I did it.

I created a folder called "Trash it" in my mailboxes within Mail. Here, I (unfortunately) manually move either the spam filtered by Junk Mail, or the messages I need to trash. When I'm done, I quit Mail.

Then I go in my home folder's ~/Library -> Mail -> Mailboxes folder (an alias or sidebar entry will make it shorter), and I drag and drop the file "Trash it.mbox" to the actual Trash in the Dock. Finally, I choose File -> Secure Empty Trash from the Finder's menu. When Mail is run again, the "Trash it" folder is still there, but its contents have been securely trashed.

Sorry, maybe somebody has a better solution, but I'm not a programmer...
    •    
  • Currently 3.00 / 5
  You rated: 5 / 5 (4 votes cast)
 
[5,720 views]  

A method to securely empty trashed Mail messages | 10 comments | Create New Account
Click here to return to the 'A method to securely empty trashed Mail messages' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A method to securely empty trashed Mail messages
Authored by: vancenase on Nov 10, '04 10:09:40AM

maybe someone could write an applescript that uses 'srm' (/usr/bin/srm) to remove the folder. then it could be accessible from the applescript menu and/or a shortcut.


more ?'s ... would there be any way to:

1. delete the actual 'trash' folder, then recreate ... so i can use delete rather than manually moving messages from 'Trash' to 'Trash It'?

2. configure 'delete' to move to 'Trash It' rather than 'Trash', if 1 is not possible?



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: brant on Nov 10, '04 11:51:11AM
ok, not a banner day for me....upon creating the securely deleted mailbox via the mail program as described in the original post, it is easiest to create a shell script and have the script run by crontab as you like. you will need to delete the directory recursively (which i did not include above):
/usr/bin/srm -rmz ~/Library/Mail/Mailboxes/"Trash it.mbox"
and then recreate the directory, as well:
mkdir "Trash it.mbox"
obviously, you want to add this to your user crontab versus the system crontab so that the created directory will have user-level access. so, you get something like this:

#!/bin/bash
/usr/bin/srm -rmz ~/Library/Mail/Mailboxes/"Trash it.mbox"
mkdir ~/Library/Mail/Mailboxes/"Trash it.mbox"
make sure to save the file (name it secure_delete.sh or something) and

chmod 755 secure_delete.sh
and save it in a directory with user-level access (e.g. in your home folder or a subdirectory thereof) so the user crontab can access. then, make an entry to the user crontab to run the script. make sure that you give it some time to run, especially if you will be securely deleting numerous emails and attachments. sorry for the multiple posts!

[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: brant on Nov 10, '04 10:58:53AM

why not just set up a cron script to erase the contents of the folder whenever you want? from this hint:

http://www.macosxhints.com/article.php?story=20031025092806502

you could set the cron job ([code]crontab -e[/code]) to erase the file by doing such:

[code]/usr/bin/srm -mz ~/Library/Mail/Mailboxes/"Trash it.mbox"[/code]

according to the hint posted above this will overwrite the file with 7 DoD Passes and then overwrite the block with 0s.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: brant on Nov 10, '04 11:03:35AM
sorry, forgot to set post mode, couldn't edit: why not just set up a cron script to erase the contents of the folder whenever you want? from this hint: http://www.macosxhints.com/article.php?story=20031025092806502 you could set the cron job
crontab -e
to erase the file by doing such:
/usr/bin/srm -mz ~/Library/Mail/Mailboxes/"Trash it.mbox"
according to the hint posted above this will overwrite the file with 7 DoD Passes and then overwrite the block with 0s.

[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: Mendenhall on Nov 10, '04 01:30:45PM

Warning! I doubt that there is any security associated with this at all.

Moved messages also remain in the source mbox file for a long time (until the mbox is rebuilt, usually). Thus, all you are doing this way is making a _copy_ of the message, and securely deleting the copy. The original is still probably sitting in the mbox file, just marked as deleted!

FWIW.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: Hamo on Nov 10, '04 01:38:11PM

Agreed!



[ Reply to This | # ]
Yap, keeping things secret on a computer is not that easy
Authored by: hamarkus on Nov 10, '04 01:50:58PM

Everything that has been in memory might have in swapped out at some point and might still sit there on your hard drive, even if the swapfile got deleted.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: szabesz on Nov 11, '04 06:50:49AM

The way Apple has implemented the "delete feature" in Mail.app is a shame! You cannot really delete mails and attachments from the mbox files. You loose the (easy) access to them by using the delete commands, but they keep lurking around in the mbox files even after they have been rebuilt. First your mail folder keeps growing over 1GB in no time. Second, you are unable to manage your own security! Things are going to get worse in Tiger. All the information that has ever materialised on your Mac will be recorded in the HSF+ filesystem! Your only way to get rid of all the confidental data will be the to preform low level format! Right now I do not really know what we can do against it. Any idea?



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: Makosuke on Nov 11, '04 05:58:28PM

Indeed, the only thing this hint does in encourage people to waste their time while giving themselves a false sense of security.

It's akin to making a copy of a file, then securely deleting that copy while leaving the original intact, believing all the while that you've securely deleted the original. Bad news, and I hope this hint gets removed or prominently noted so as not to mislead people.

There are ways to get mail to purge deleted mail from the .mbox files, but I'm not sure what those are. In the mean time, here's the only definite solution I can think of off the top of my head:

1) Delete the messages from Mail.
2) Quit Mail.
3) Open the .mbox file in a text editor.
4) Find the messages you don't want sticking around, delete them, and save the mailbox.

5) If you want to be REALLY secure, you could instead save the mbox from the text editor into a new file, then securely delete the old one using the Finder, then put your newly saved copy in place of the old one. When you reopen Mail, it shouldn't know the difference.

Anyway, the point is that when stuff is stored in a simple flat-file database (which UNIX MBOX files are), security isn't that easy.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: webbix on Nov 10, '04 03:10:05PM

Not to mention that it may also reside on the server. Depends on what your intent is I suppose. If you wanted no trace of a message accessible by anyone then this will probably provide little if any help for that. Also, mail messages are streamed in clear view over the internet unless you use some type of encryption.

The bottom line is that if you want to be sure that no message is viewed by anyone other than those you intend (and actually whomever they decide to share it with or leave it vulnerable for) is to use encryption such as PGP or similar.



[ Reply to This | # ]