IT specialist Bob Gendler found that macOS Mail was storing encrypted emails in plain text. He first notified Apple on July 29, but only got a temporary fix from the company 99 days later on November 5.
The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it *still* stores unencrypted messages in this database!
Mr. Gendler shard a fix in his blog post.
Check It Out: macOS Mail Stores Encrypted Emails in Plain Text
Which is a really good reason for having whole disk encryption enabled, S/MIME secures emails in transit, not when opened and stored on your machine.
I use PGP in my day job – there’s nothing stopping me copying the data out of email but I also use PGP disk encryption on top of BitLocker – BitLocker is mandatory and yeah its Windoze 10 – but my Air has encryption enabled, permanently.
Good data management practices are HARD to maintain, but its not always the vendor’s fault. Just use the features provided to encrypt your whole disk.
Storm in a teacup.