Apple Protect Mail Activity and Pi-Hole
Apple’s "Protect Mail Activity" is a powerful feature designed to enhance your email privacy by masking your IP address and preventing senders from tracking your email activity. However, when combined with Pi-hole, it can lead to unexpected delays in email delivery.
In this article, we’ll explore how Apple’s Mail Privacy Protection works, its interaction with Pi-hole, and how you can adjust your Pi-hole setup to balance privacy with functionality.
The cause
Pi-hole is replying to mask.icloud.com and mask-h2.icloud.com with NXDOMAIN. Apple mentions this setting in the official Documentation. This behavior from Pi-hole is by design and can be disabled within Pi-hole configuration.
Protect Mail Activity
Apple offers a feature called "Protect Mail Activity" to enhance privacy when receiving emails. When enabled, it downloads remote content in the background by default, preventing the sender from learning about your activity, such as when or how many times you open the email, whether you forward it, or your IP address. This is done through two separate relays:
- Relay 1: Knows your IP address but not the content of the email.
- Relay 2: Knows the email content but not your IP address.
This ensures that no single entity can connect your identity with the content you receive.
In fact this a cool security feature by Apple but only usable with iCloud+.
Setting up Pi-hole
I was able to use the protection mechanism due to emails by setting up Pi-hole as follows:
- Connect to Pi-hole host due SSH
-
Edit pihole-FTL.conf:
-
Add the following line:
-
Restart pi-hole ftl service:
Before:
After:
Note: Enabling this option may cause your iPhone to partially bypass Pi-hole.
References
Apple Mail Privacy Protection & Privacy
Cheers!