Lion Mail easily bypasses encryption

[Rik]

If for some reason Mail is not closed when Lion closes down, such as during a crash, then when Lion restarts it automatically restarts Mail.  Mail then decides I have no mail and sets about recovering it all from my Mobileme account.  

If I close Mail during this process then restart it, Espionage intervenes and asks for a password before Mail loads the encrypted Mail and Mail Downloads folders.

The problems are: 1. I can't seem to stop Mail downloading my mail if it starts automatically.  2. There seems to be now a second Mail folder somewhere with a large amount of unencrypted mail downloaded into it.  3. How secure is the entire encryption process if it's only necessary to open Mail in this manner to gain access to all my Mail?

I'd like to stop the automatic downloads, clear the stored second Mail folders, and prevent anyone from being able to ever get my mail by such a simple method as otherwise the encryption provides very little protection.

Any helpful advice would be appreciated.

Thanks for your time and expertise.

[mike]

HI Rik, I'm sorry that we didn't respond to you sooner.

This is a known issue because Lion prioritizes auto-saved apps over the other apps like Espionage and because of that, Espionage won't have time to unlock the folders before Mail.app opens. For any crashes, Lion will save the apps and then restore them upon restarting the machine, there is no way to turn this off. Since Mail.app opens with the folders locked, it looks as if there are no Mail folders, thus it ask you about recovery. If you restart your computer, please make sure to uncheck the "Reopen open windows when logging back in" option to avoid this situation as well. We're looking into a better solution into this.

Are you running 10.7.1?

If you're using MobileMe, that information is probably stored via your System Preferences > MobileMe. Because it is stored, Mail will set it up automatically and start downloading your emails without prompting. You have to turn this off in order to avoid Mail from doing it again in the future. Espionage doesn't prevent your password from being used to access your data, it can only password protect and encrypt your data. Here's the information from Mail's Help on how to stop it from using your passwords stored in your OS X Keychain:

[Rik]

Hi Mike

Thanks for your reply.  I appreciate that there's some problem occurring as a result of a new start-up approach being used by Lion and these things can obviously be tricky and unwelcome news for developers.  Other than this new hiccup, a rather bad one, Espionage really is a great program and I'm a very happy user.

Hopefully some solution will be forthcoming.

In the meanwhile, unfortunately, I can't lock Mail from accessing my Mobileme account by requiring a password, as I'd then have to enter a password every few minutes that Mail checked my account or every time I wanted to send an email.  That would drive anyone nuts.

I looked through the many system settings and couldn't locate one to prevent re-loading apps on start-up after a crash, as you suggested.  Perhaps you could tell me where that is located.  It doesn't seem to be a Mobileme setting, and I checked various general and security settings, but with no luck.

I did notice that in the user accounts you can set programs to login (presumably startup) automatically, and I was wondering if this might give Espionage priority ahead of Mail to stop it grabbing mail.  It wouldn't be too secure, but better than how it is.

I'm running Lion v10.7.1.

Kind regards
Rik

[mike]

Hi Rik,

We have bene searching for it but we know from many reports that there is no way to specifically turn this off for the system-wide crashes. You can however turn off the global resume setting, this can be done via System Preferences > General and uncheck "Restore windows when quitting apps and re-opening apps". For many Espionage users including myself, this wouldn't make a difference. It might help you.


Espionage should already launch Mail for you. To confirm this, you should remove Mail from the list of Logins Items in your Account. After that, open Espionage, unlock, select the Mail folder, then press the "Edit Application Associations"  and then make sure "Launch at login" is enabled for Mail. Here's what my email client, Sparrow, looks like: