Apple’s filtering iCloud emails? Probably not

Update: Macworld has reported that it does appear Apple may be selectively filtering emails. There’s no official confirmation from Apple and as it doesn’t affect every user, it’s an issue that will hopefully have more light shed on it. I still think it’s related to the adultscore rating the phrase triggers (see below) and maybe an over-zealous spam filter – but it is worrying that instead of being marked as junk, they simply don’t appear for some users.

Robert X. Cringely over at InfoWorld reported the story back in November 2012 of a Hollywood screenwriter having trouble sending a script to a colleague. Despite multiple attempts at attaching a PDF and sending it compressed as a Zip, sending this script from an iCloud account to a Gmail account, it would never arrive. The problem? It appears the phrase “barely legal teens” was a red flag.

He began experimenting to find out what was going on. First, he compressed the screenplay PDF into a Zip file and sent that. It also disappeared. Next, he compressed it using Apple’s encrypted archive format. That attachment made it through, but it came with an unusual comment: “[not Virus Scanned]” appended to the subject field.

AND THEN I SAW IT – a line in the script, describing a character viewing an advertisement for a pornographic site on his computer screen. Upon modifying this line, the entire document was delivered with no problem.

Before we jump to any conclusions, which Cult of Mac unfortunately already has done, there’s no reason to assume at this stage iCloud is doing any sort of filtering (or even virus scanning). Before making any assumptions, let’s explore some alternative theories.

#####Recipient’s Mail Server and Virus Scanner#####

The fact that the message subject text was prepended with “[not Virus Scanned]” indicates the message was passed through a mail server’s virus scanner. This is usually done by the receiving mail server, though some virus scanners can be set up to scan outgoing messages as well. Viewing the email headers or knowing the exact email setup might shed further light on the subject.

Additionally, the trigger phrase may have been the straw that broke the camel’s back. Most virus scanners use a scoring system, they look for key points that are a characteristic of a spam email and grade them accordingly. For the sake of argument, let’s say the scale is 1-10 and 8 or above will never be received as it could be considered harmful. A large PDF or ZIP, maybe with no subject or body text will already be setting alarms off, maybe grading the message as a 6. Add in the key phrase and it might push it right up to 9, filtering it as potentially harmful.

Most mail server-based spam and filtering solutions usually place suspect messages into a junk folder or can even quarantine them, where you’ll instead receive a message telling you to log in via a browser and confirm the message is ok to be delivered. However, most packages will also have the option to simply delete the suspect emails upon receipt, meaning they’ll never even get to the recipient’s inbox.

Perhaps the sender has a virus scanner installed on their Mac?

#####Message Forwarding#####

The screenwriter states that the email was being sent to a Gmail account. It’s just as likely that Gmail is scanning and deleting the email as iCloud is, but both are unlikely. Google’s legendary spam filtering simply dumps any suspect emails to the spam folder – there’s no reason to delete any potential messages and I suspect the same holds true with iCloud. Spam/virus scanners can never be 100% effective.

But perhaps the recipient has a Gmail account that autoforwards to another email account? I have a Gmail account that is used pretty much as a spam filter and everything that is sent to it forwards to my iCloud address. If the final destination was filtering then it should still be in Gmail somewhere (either the inbox or directly in the archive, depending on what was set up) so I’d encourage the recipient (or anyone in a similar situation) to check there first.

#####Alternate SMTP Server#####

We also don’t know if the message was sent via iCloud’s SMTP server. Mail has long been able to use multiple SMTP servers and provided you have login information, there’s nothing stopping you using alternate SMTP servers. In fact, here in the UK, Apple used to recommend using O2’s SMTP servers for the first iPhone users since many ISPs wouldn’t work unless your device was on their broadband network.

For all intents and purposes, you’re still sending a message from but it’s sent via O2’s SMTP server, not iCloud. If O2 were to then filter anything containing the word “legal” for example, to the user it looks like iCloud isn’t working – but the fault would actually be with O21.

Since emails are stamped with the email address as well as all the information regarding the sending server, if the receiving mail server (with appropriate spam/virus scanner) notices that a message supposedly from iCloud is using a non-iCloud SMTP server, this will increase the likelihood of messages being undelivered or marked as spam (since to the scanner, it looks like the address is being spoofed).

I’ve tried to recreate the problem with a bunch of different iCloud and Gmail (as well as Google Apps) accounts and I’ve been unable to do so. Let’s not jump on the censorship bandwagon2 until we have all of the facts.

Update: Some commenters at Cult of Mac are reporting being able to replicate the issue, some aren’t. It seems extremely hit and miss to be a blanket policy. Perhaps this is actually an ongoing glitch that affects some users, either at random or it could be by region?

Update 2: I decided to check the raw headers of an typical email sent from my girlfriend (from a non-iCloud account) and a test email I sent to myself via iCloud with the phrase. Here’s what I got.

######Headers for Typical Email######

######Headers for Email with Phrase######

Notice the difference? The email with the phrase is showing 100 for “adultscore” as well as going to 34 for “spamscore”. If the scale is 1-100 then just using that one phrase is enough to make the email a third more likely to be flagged as spam.

This makes me lean more towards it being a server glitch than anything else since there’s a number of different iCloud IMAP servers. It’s likely one of these is configured incorrectly, causing it to be overzealous with filtering. However, since it’s been going on so long then it does appear something is amiss.

  1. I’m only using O2 simply because it’s a real world example of using an alternate SMTP server. 

  2. Some of the comments at Cult of Mac seem to be people mortified about this potential invasion of privacy that Apple’s servers are parsing emails. Don’t tell them about Gmail then.