Is an email address really sensitive enough to scrub?

Yes, on three counts. It is a direct contact route, so exposing it volunteers someone for spam and phishing they did not sign up for. It is a lookup key that connects to accounts and profiles across the web. And in a thread, the addresses reveal who talks to whom, which is often more sensitive than anything in the message. Two seconds of scrubbing against all three.

What about the people on cc?

They are the easiest people in the frame to wrong. The sender at least wrote the words you are sharing; the cc list just received them, and a screenshot publishes their names, addresses and their presence in that conversation to an audience none of them chose. Unless a cc'd person is the point of the share, scrub the whole line.

Do I need to scrub the sidebar and message list too?

It is the most-missed leak in any email screenshot. The message list beside your open email shows senders, subjects and preview lines for a screenful of unrelated conversations, every one of them somebody else's business. Crop down to just the message when the sidebar adds nothing, and scrub the list wholesale when you need the full window.

Can a scrubbed address or name be recovered from the image?

Not from a ScrubShot scrub. The covered area is rewritten into the file as blocks sampled at random from the region, so there is no overlay to peel off and no relationship between the blocks and the characters they replaced, which leaves depixelation tools nothing to brute-force. Once scrubbed, the address is simply not in the image.

← Resources

Redacting email screenshots: headers leak more than the body

Short answer: when you screenshot an email, the message is the part you checked and the frame is the part that leaks. The to and cc lines carry real addresses, the signature carries a phone number and an address, the quoted thread underneath carries an older conversation, and the message list beside it all carries a screenful of other people's subjects and senders. Scrub the header block, the signature and the sidebar, and the email itself can usually travel as-is.

An email screenshot is a frame around the message

People share email screenshots for the message: the confirmation, the odd reply, the phishing attempt, the thing someone put in writing. The risk almost never lives there, because the message is the part you read before sharing. It lives in everything the window wrapped around it:

From, to and cc lines, full names and live addresses for everyone in the conversation.
The signature block, which volunteers a phone number, a job title and often a street address.
The quoted thread below, an older conversation riding along under the message you meant to share.
The message list or sidebar, senders, subjects and previews for every other conversation in the mailbox.
The mailbox chrome, account address in the corner, folder names, unread counts, calendar slivers.

The pattern is the same one that catches people in every tool: you check the content and forget the frame. With email the frame happens to be a directory of your correspondents.

Who talks to whom is the quiet leak

Addresses do the obvious damage, spam, phishing, lookup, but the header block leaks something subtler: the relationship map. A screenshot showing a recruiter's address in your inbox says you are job hunting. One showing a rival vendor says you are shopping. A cc line says these five people are involved in this matter, which can be the entire secret. None of that requires reading the message; the header tells the story on its own.

The people on that header also never chose the audience. The sender wrote to you, the cc list just received a copy, and a screenshot turns all of them into participants in whatever you share it for. That is the same asymmetry that drives redacting chat screenshots, email is just the version of it where everyone is wearing their full legal name and contact details.

Zone by zone

Zone	What leaks	What to do
Header block	Names, live addresses, and the relationship map of who is in the conversation.	Scrub addresses and names that are not the point. If the sender is the point, their name can stay while the address goes.
Signature	Phone number, title, company and often a street address, formatted for harvesting.	Scrub it wholesale. Nobody has ever needed a signature block to understand a shared email.
Quoted thread	An older exchange, with its own header lines, sitting under the message you meant to share.	Crop it away below the message, or scrub it if the scroll position will not let you crop.
Message list / sidebar	Senders, subjects and previews of unrelated conversations, the most-missed leak in the frame.	Crop down to the message when possible, scrub the list wholesale when you need the window.
Mailbox chrome	Your own account address, folder names that describe projects, unread counts.	Scrub your address and any folder names that say more than you want to.

Why screenshot instead of forward, and what that changes

The reason an email becomes a screenshot at all is usually a good one: a forward sends the whole thread to the new recipient, headers, history and all, while a screenshot shares exactly what is visible and nothing more. Screenshotting a phishing email also shows it safely without passing the live links along. So the instinct is right, the screenshot is the more controlled share. The catch is that "exactly what is visible" includes the frame, so the control is only real once the header, signature and sidebar are scrubbed.

Where it goes next sets the bar. Pasting to a colleague in Slack or Teams means a persistent, searchable copy; attaching to a support ticket means an external one; and posting publicly, say a phishing example or a ridiculous reply, means scraped and archived, with everything that implies from redacting before posting publicly.

The loop: capture, crop, scrub

With ScrubShot the cleanup happens in the same few seconds as the capture, whether the email is in Mail on your Mac or a webmail tab:

Press the shortcut with the email on screen. ScrubShot captures it.
Crop down to the message, which removes the sidebar and the quoted thread in one move.
Drag the Scrub tool over the addresses, the signature and any names that are not the point. Each pass is pixelated straight into the image.
Circle the line that matters with the Marker, then copy and paste it where it is going.

The scrub rewrites the pixels in the file, so a covered address cannot be lifted back out later, and the edit never touches the network, the unscrubbed mailbox exists nowhere but your own screen. The full reasoning behind that, and the comparison of methods, is in redacting screenshots on a Mac without uploading them.

FAQ

Is an email address really sensitive enough to scrub?: Yes, on three counts. It is a direct contact route, so exposing it volunteers someone for spam and phishing they did not sign up for. It is a lookup key that connects to accounts and profiles across the web. And in a thread, the addresses reveal who talks to whom, which is often more sensitive than anything in the message. Two seconds of scrubbing against all three.
What about the people on cc?: They are the easiest people in the frame to wrong. The sender at least wrote the words you are sharing; the cc list just received them, and a screenshot publishes their names, addresses and their presence in that conversation to an audience none of them chose. Unless a cc'd person is the point of the share, scrub the whole line.
Do I need to scrub the sidebar and message list too?: It is the most-missed leak in any email screenshot. The message list beside your open email shows senders, subjects and preview lines for a screenful of unrelated conversations, every one of them somebody else's business. Crop down to just the message when the sidebar adds nothing, and scrub the list wholesale when you need the full window.
Can a scrubbed address or name be recovered from the image?: Not from a ScrubShot scrub. The covered area is rewritten into the file as blocks sampled at random from the region, so there is no overlay to peel off and no relationship between the blocks and the characters they replaced, which leaves depixelation tools nothing to brute-force. Once scrubbed, the address is simply not in the image.

Try it

ScrubShot is a Mac app for the capture-to-paste loop: press the shortcut, crop to the message, scrub the addresses and the signature, then copy. The cleaned screenshot is the only version that ever leaves your Mac. There is a free 7-day trial with no card required. After that it is $30 once.

Try ScrubShot free →