Apple's OS X Spotlight found to ignore e-mail privacy settings
Mac owners who regularly make use of OS X's built-in Mail application and Spotlight search should take care when searching through e-mail messages, as Spotlight's preview functionality has been shown to ignore Mail's remote content settings and could inadvertently transmit unintended data to email senders.
When a Mail user searches for and selects an e-mail message in Spotlight, the preview pane automatically loads and renders images embedded in HTML e-mails. Disabling Mail's "load remote content in messages" setting does not prevent this from happening, according to IDG News Service.
Most e-mail marketers track the downloading of images included in their messages, which allows senders to analyze open rates and collect basic subscriber information like IP address and browser version. Spotlight's automatic previews could expose this information even for users who are cognizant of the practice and attempt to disable it.
It should be noted that this functionality does not expose any information that would not otherwise be transmitted if the e-mail and images were opened in Mail or any other e-mail reader, such as Google's Gmail, though it could prove concerning for privacy-conscious users.
Until Apple addresses the issue, users can work around it by removing e-mail messages from Spotlight results. To do this, navigate to System Preferences → Spotlight and uncheck "Mail & Messages" in the list.