Setting Up MailMate (MacSparky Labs)

As part of my Rethinking Email series, I’ve installed MailMate on my Mac again. MailMate is the powerful (and nerdy) email solution for the Mac. Here’s a video showing what I’ve done after a few hours of setup, including some custom Key Bindings. There is more to come on this, but here are some early impressions for the Early Access Members…

This post is for MacSparky Labs Tier 3 (Early Access) Members only. Care to join? Or perhaps do you need to sign in?

Rethinking Email – Inbox Serenity (MacSparky Labs)

I’m behind on my email, which made me rethink my email practices and how I can improve them. This is no less than my quest for email serenity. I’ve decided to do this as a series for the MacSparky Labs. Here’s the first entry talking about the problem, potential solutions, and some trouble areas where a specific email can gum up the works. I also share diagrams of some of my email workflows…

This is a post for MacSparky Labs Level 3 (Early Access) and Level 2 (Backstage) Members only. Care to join? Or perhaps do you need to sign in?

Will MailKit Save

One of the announcements to come out of WWDC this year is a new framework for third parties to create plugins for Apple’s called MailKit. has been stagnant for a long time. While the app continues to get support for email rendering and improvements to its basic functions (like search), that’s about it.

Most who use it day-to-day have gotten somewhat accustomed to how dated it feels. Making a stable, feature-rich email application isn’t easy. Most third-party developers seem to fall down on the “stability” part. Apple nails that but seems uninterested in the “feature-rich” part.

I hope that this new MailKit will allow third-party developers to pick up that slack. There is already a rich ecosystem of Apple Mail plugins, but I’ve become increasingly leary about using and recommending them during recent years. My concern was that Apple could, at any point, pull the plug on Apple Mail plugins.
A few years ago, I talked to an Apple engineer at WWDC who explained that mail plugins, historically at least, represented a security vulnerability, and Apple is very much interested in removing any security holes. The good news is that the announcement of MailKit means Apple is not pulling the plug on plugins but instead found a safe way for them to continue while keeping the platform secure.

This new sense that mail plugins have a future path and will continue to exist makes it easier for me to use them. I hope this also encourages other developers to get off the sidelines and explore developing new and helpful plugins. Hopefully, another benefit will be that in future updates to macOS, plugin developers won’t have to re-invent the wheel every year. One of my favorite plugins is SmallCubed’s MailSuite, but every year I have to turn it off on beta machines and often for the first few months after a macOS update releases.

Unfortunately, MailKit is only for the Mac, leaving Apple’s Mail app on the iPhone and iPad sad and lonely, still without even the dignity of a sharing button. I’d love to see MailKit also make its way to iOS and iPad OS, but I’m not holding my breath.

Hey Email Gets Multi-Account Support and Hey for Work Released

The Hey team has been hard at work with several updates for Hey Email released today:

1. HEY for Work is now released. I’ve been trying it with one of my accounts and I’m impressed with its collaboration tools. Thread sharing with people on your team without hitting that damn BCC button is a massive improvement to team email. You can also move your work domain into Hey for Work as part of the setup. Another nice features is that the labels (tags) work everywhere and are consistent. That is not an easy nut to crack with other Mac email solutions.

2. Multi-account support. If you have multiple Hey accounts (e.g., work and personal) you can now see all that email at the same time or filter by account.

3. Revamped Forwarding + SMTP send-as support. There is better SMTP support so you can reply using alternative domain email addresses rather than your address (partially depending on your alternative email host).

One of the big questions when Hey first arrived was whether it was going to be sustainable enough to merit continued support and development. It looks like that is no longer a worry. I’m impressed with the service, but I still don’t like the icon.

AppleScript to Link to Apple Mail Message

I’ve always like the way OmniFocus can create links to Apple Mail messages when saving an email as a task. With help from listener Jacob (@evansio), I’ve now got a script that can do that anywhere via a text expander snippet. Here’s the AppleScript:

  Returns a link to the first selected Apple Mail message
tell application "Mail"
  set _msgs to selected messages of message viewer 0
  if (_msgs is not equal to missing value) then
    set _msg to first item of _msgs
    set _msgID to do shell script "/usr/bin/python -c 'import sys, urllib; print urllib.quote(sys.argv[1])' " & (message id of _msg)
    return "message://%3C" & (_msgID) & "%3E"
  end if
end tell

Here is that script embedded in a TextExpander Snippet. I’m using the abbreviation “elink”

Screen Shot 2019-02-05 at 7.19.58 AM.png

That’s it. Once you’ve installed it, just type “elink” in any app that can take a URL and you create a link to the currently selected email message. I use it all the time in Notes and Calendar note fields but it really works anywhere. Here’s a short explanatory video.

A Case Study in Phishing

A few days ago I received this email. I thought it was an excellent example of a phishing attack. If you’ve never heard of it before, phishing is a process where a bad guy sends you an email that looks legitimate in hopes that you’ll click on the link and give information to him that he can use to somehow screw you over or steal your money.

Here’s the email. Click to enlarge.

In this case, they’ve created an email that looks a lot like it came directly from Apple. It’s got the Apple Logo and the YouTube logo and, on first glance, looks official. It informs me that I’ve subscribed to YouTube Red for $149.99/month and it gives me a handy link to unsubscribe. There be the dragons. If I were to click on that link–I didn’t–it would ask me for my iTunes login or my credit card (or both), and then the bad guys would have my information. Game over.

The first tool you need in fighting Spam is common sense. YouTube Red does not cost $149.99/month, and a simple search will tell you that. If there is any question, also take a closer look at the details. The sender lists their name as “App Store” but disclosing the actual email address; it’s “”. Does that really sound like an address Apple would send you to confirm a subscription? Also, it lists “Payment Method” as “By Card”, not the usual xxxx-xxxx-1234 you usually see. It also creates this sense of urgency, explaining I’m on a free trial but I will be charged $150 in just two days if I don’t act. While I can see how this email may fool some people, on the barest scrutiny, it starts looking shady.

Screen Shot 2018-02-28 at 9.27.27 AM.png

If you ever find yourself tempted to click on any link in an email that involves a problem or access to any of your online accounts, stop and think for a moment. Then go to the source website itself and check. In this case, logging onto my iTunes account would show that I have not, nor have I ever, signed up for a YouTube Red subscription.

Finally, there’s nothing wrong with proving yourself wrong on this stuff. I recently got a “credit card expired” email from Squarespace. Rather than clicking on the link, I went and logged into my account and discovered that my credit card had, in fact, expired. Better safe than sorry.

Want to learn more? I wrote a book about email.

The Email Diet

Screen Shot 2018-01-23 at 3.22.44 PM.png

With the start of a new year, I’m looking at new workflows, this year even more than usual. I’m disappointed that my latest iBook didn’t get released last year and am now looking for ways to get rid of some of the obstacles that got in my way.

One of the biggest obstacles is email. Because I’m “out there”, I get a lot of email. I particularly like reading and replying to email from listeners and readers. Indeed, I think I like it too much. I can start replying to MacSparky email and then look up to find that three hours just disappeared from the day. Moreover, I realized that I had turned my self-image about replying to most of my email into a liability. If I want to get a book released, I simply can’t do that anymore.

To combat that, I have now put myself on a strict email diet. I’ve set aside 30 minutes a day to process email. That’s it. Within 30 minutes I can always deal with the most urgent and some of the not-so-urgent email sitting in my box. I cannot, however, deal with all email. Every day I give it 30 minutes, and then I get back to work. I realize this isn’t ideal, but it’s a lot better than letting email take over my life.

At this point, I’m considering this an experiment, not a permanent practice. I’m just a few weeks in, but I already see benefits of this email diet. Over the long term, I realize this means I’m not going to be able to answer every email that comes to me. That may just end up being the way things are. If I have to choose between being a guy who no longer publishes books or a guy who doesn’t reply to every single email he receives, I think I know which one I would prefer.

The Perils of Your Own Mail Servers

I was at a professional gathering recently when the subject of email security came up. I was surrounded by a group of lawyers that knew next-to-nothing about technology and it made me curious about their thoughts on email servers. Going around the room, I found that just about everyone was maintaining their own email servers because they felt it was “safer”. There is this bias when it comes to data that somehow privately owned servers are safer despite the fact they are connected to the same Internet populated with the same bad guys everybody else is facing.

While I think there may be some private servers out there that are as well protected as the more reputable email providers, I think that is the exception, not the rule. My impression is that most of these private servers are instead on aging Dell box in a closet connected to the Internet that may (or may not) have the most recent security patches installed and may (or may not) have an IT person baby-sitting it once in awhile. I think there is this impression that despite this lackluster security, they are somehow safer than email services that have full time professional staff holding the barbarians at the gate 24/7. As the Democratic party found out, they’re not.

Yesterday, John Gruber linked to an article by Josephine Wolff that agreed.

The DNC is never going to be the equal of these companies employing thousands of engineers and managing millions of email accounts when it comes to security, so perhaps it should stop trying and let the experts take over.

If you’re running your company’s email on a private server and haven’t been compromised (or at least not aware of being compromised), there’s a good chance that the reason for your good fortune is not because of your security but instead the fact that you are not as juicy of a target as the DNC. Maybe it’s time to reconsider.