Handling confidential emails with Mail Drop


Hey folks,

A client of mine uses OmniFocus. She’d like to forward emails to OmniFocus using Mail Drop, so that she can keep track of those emails in OmniFocus and process them later.

Problem is, most of the email she receives is confidential. (She’s a medical professional.) So she is not allowed to have the contents of emails residing in the OmniFocus database.

I suggested that she delete the body of any email before sending it to Mail Drop, so only the subject line will exist in OmniFocus (as the task title). But this requires that she manually delete the email body every single time she uses Mail Drop.

Can you think of a better way to handle this situation?

I believe my client uses Outlook on Windows, so Apple scripts are not an option.

— Peter


maybe she could use omni on the web?


Hey Janov, thank you for getting back to me.

I will indeed be advising her to sign up for OmniFocus for the Web.

But your question got me wondering what my client is actually trying to achieve here with Mail Drop. So I went back and asked her. I’ll report back.

— Peter


What you’re describing is confusing. If she’s not allowed to use MailDrop, she’s not allowed to use OmniFocus for Web—both go to the same cloud storage.

On the other hand, I’m not quite sure that just being a medical professional means she can’t use Omni Sync Server. The privacy policy states that Customer Data (i.e., anything she syncs) will be used for aggregate functions—statistics and such. They’re not reading our uploaded databases unless they receive a warrant.

So step one: email info@omnigroup.com and ask them if Omni Sync is HIPAA-compliant (assuming your client is in the US). If it is, then she only has a problem if there’s a compliance officer where she works who doesn’t take their word for it—which sometimes happens.

Plan B: build your own MailDrop. A Mac mini at the client’s home or office that’s turned on 24/7, running macOS Server and Mail.app. Set it up to connect to the local email account and receive encrypted mail from work—the email will be encrypted in transit, arrive on the server, and passed locally into Mail.app. There you can AppleScript triggers doing whatever you like—which is something I’ve been intending to do for better control than I get with MailDrop.

So for example: email arrives, Subject line and the mail message URL goes into OmniFocus. That link will be clickable on any Mac or iOS device where that email resides in Mail.app, but won’t work anywhere else.

Jeff Porten
Author, Take Control of Your Productivity


Hi Jeff,

I appreciate your thinking with me here.

The point of Mail Drop would be to get the body text of emails into OmniFocus. The body text will help her complete the tasks associated with the email. It’s all right to have email subject lines in OmniFocus, she said, but not the body text.

So using Mail Drop as it is is not okay for her, because the body text of emails would end up in OmniFocus. But using OmniFocus for the Web is fine, because all that would help her do is manually add tasks to OmniFocus for processing emails.

— Peter


The question is what is going to cloud storage. If there’s PHI being exfiltrated from the employer’s systems that is a big problem. The client is right to be cautious about this.

The question is if Omnigroup is authorized to possess it, or the client is authorized to move it off her employer’s systems. But you’re right, she should be able to use Mail Drop, if she can do so without sending any PHI. I’d also keep in mind the employer’s IT should have a record of all emails sent through her work account, so all the mails sent to OmniSync could be audited.

What… this is not how it works. OmniGroup needs to sign a contract with the employer to become a Business Associate authorized to handle their PHI. Probably too much effort for the given use case.

Sending work mail to a homebrew server is just a bad idea if you’re in the healthcare field (or you’re the Secretary of State…).

The client just needs to delete attachments and remove sensitive data from the email body. Or limit Mail Drop to things that aren’t sensitive, which is what I do.