If you're sending encrypted e-mail with the default Mail app on OS X Mavericks, your setup may be saving plaintext messages on the mail server. Mac-based users of the GPG encryption app began noticing this unfortunate behavior in October when using Gmail. Even after unchecking the "Store draft messages on the server" and "Store sent messages on the server" checkboxes, the changes would mysteriously vanish.

On Thursday, independent privacy and security researcher Ashkan Soltani was shocked to make the same discovery after finding that GPG-protected e-mails he received from others were stored unencrypted in the drafts folder of his Gmail account. The messages had been automatically saved immediately after he hit the reply button, just below where he would type his response. Like other Mavericks users, he had specifically configured his system not to save such messages when using the Internet Message Access Protocol (IMAP) in Gmail. Without warning, the unchecked checkmarks inexplicably reappeared.

"This is an example of things falling apart at the seams at the integration points," Soltani told Ars. "A lot of people don't use the Gmail browser. They just use Gmail for IMAP. I just happened to have Gmail in the browser opened. Most people wouldn't know about it. I was really shocked."

Further Reading Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away? behavior dates back to the Snow Leopard version of OS X released in 2009, and that Gmail was the only service observed to be affected. People have reported in social media posts that other IMAP services are also susceptible, but that claim hasn't been confirmed. Readers who can confirm are encouraged to leave a comment, preferably with a screenshot.

Fortunately, there's a workaround for the potential security operations failure. It involves logging in to Gmail with a browser and making changes to the settings. Specifically:

Quit Mail.app. Log in to Gmail in your favorite Web browser. Click on the gear menu and select "Settings." Click on the "Labels" tab. Under "System Labels," next to "Drafts," click on "show if unread" and uncheck the "Show in IMAP" box. Now disable "Store draft messages on the server." Launch Mail.app. Select Mail > Preferences... Click on the "Accounts" button in the toolbar. Click once on the account name and then click the "Mailbox Behaviors" tab. Uncheck the "Store draft messages on the server" box. Close the window and opt to save your changes when prompted.

The fix is widely reported as being reliable. Still, given the newly resurgent interest in encrypted e-mail, it would be best if Apple worked with Gmail and possibly other service providers to make the workaround easier to implement.