Can you get a virus from opening an email?

Is it possible to get a virus just from opening an email? We all know, hopefully, that you should never click on a link in an email unless you’re absolutely sure where it leads because it might be malicious. But what about just opening an email? Well, as you might have guessed, it’s complicated.

How it’s possible to get an email virus from opening a message

If you use an email client that’s configured to display email messages as text and discard all the HTML that comes with most email messages, you can’t get a virus just by opening a letter. That’s because all your computer is doing is displaying text. That’s why configuring an email client that way is much safer than reading and displaying HTML emails. 

However, text-only email messages don’t display images or other non-text content, and that could mean you miss out on important information. You won’t be able to click on any links in email messages, though from a security point of view, that’s a good thing.

The fact that email messages are often designed as rich multimedia experiences, rather than just text, however, means that most of us have email clients configured to display HTML, and that can be a problem. If there is malicious code hidden in the HTML or if there is a vulnerability in your email client, the instruction contained in the HTML could be executed by your computer in a way that is damaging to your computer.

Can you get a virus without even opening the email?

In theory, this is possible too. In fact, it’s more than theory, according to the study performed by Symantec in 2016.

If you use anti-malware software, you may have noticed that when you send a message, it has a signature like, for example: ‘this email has been sent from a virus-free computer protected by Avast.’ It’s intended to reassure recipients that the message is safe because it comes from a computer that is using anti-malware software. 

However, in order to scan emails for viruses, anti-malware tools have to open them. That should be done in a ‘sandbox’ so that the email is isolated from the rest of the system while it’s being checked. 

But in 2016, a bug was discovered in a core virus scan engine used by Symantec. That bug caused the virus scanner to execute whatever code was contained in an email message it was scanning and give it root privileges, meaning it could access all areas of the system. So, yes, it is possible to get a virus from an email without even opening the email.

How to avoid viruses in your email?

1. Use multiple email accounts
It makes sense to keep business, and personal email accounts separate. If one is compromised, you can still use the other safely. You should also create separate email accounts for social media logins.

2. Use email aliases
You can create email aliases that hide your valid email address when you send a message to someone you don’t know, in most mail providers’ settings. If you have an iCloud email address, you can do it in the Mail app on iCloud.com.

email alias

3. Use Sign in with Apple
If you sign up for a service that supports Sign in with Apple, use it. That way you can create a one-off email address that’s forwarded to your iCloud email, and avoid giving your real email address to the vendor.

4. Never click on a link in an email unless you are absolutely sure where it goes.
Really. Don’t do it. Ever.

Tip

Check your mail for malware DMGs.

Some malware is distributed as disk images, that install malicious code when they are unpacked. These can be distributed as email attachments. You can use CleanMyMac X to check these by running a malware scan.

How to scan email attachments with CleanMyMac X? 

  1. Download, install, and launch CleanMyMac X. 
  2. Choose the Malware Removal module from the sidebar on the left.
  3. Press the Scan button.
  4. CleanMyMac X will now scan your Mac and compare what it finds with its database of known malware, including DMG files. If it finds anything, it will alert you.
  5. If CleanMyMac X gives your Mac the all-clear, you can quit it and carry on with your work. If not, press Remove to get rid of the malware.

Don’t forget to clean your mail attachments

It’s a good idea to clean up mail attachments once in a while. It will save space on your Mac and, if there are any attachments with malware, it will remove them. CleanMyMac X can clean up attachments from Apple Mail and other email applications you might use, like Spark. Here’s how to use it.

mail attachments
  1. Launch CleanMyMac X.
  2. Choose the Mail Attachments module in the sidebar.
  3. Press Scan.
  4. When it’s finished, you can press Clean to remove all attachments.
  5. If you’d rather review them first, click on an email application in the middle window and then on the drop-down arrow in the right window, next to the attachment location eg, iCloud.
  6. Review the list of attachments. If there are any you don’t want to delete, uncheck the boxes next to them.
  7. When you’re done, press Clean.

CleanMyMac X will remove all the attachments in the list that are still checked, freeing up disk space and eliminating potential harmful files.

As we’ve seen, you can, in some circumstances, get a virus just by opening an email. However, it’s very rare and unlikely to happen. If you want to be very cautious, you should configure your email client to open all email messages as plain text. Viruses in email messages usually come in the form of attachments, such as DMGs. You can use CleanMyMac X to scan your Mac for malware and also to clean up mail attachments and get rid of those you no longer want.

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.