So, just curious, how does filtering out spam work, if the email provider does not have access to the contents? Not saying it's not possible, but I wonder if any current users of ProtonMail could comment on this? If you use ProtonMail, are you mostly just on your own in regards to spam filtering?
> So, just curious, how does filtering out spam work, if the email provider does not have access to the contents?
Much (most?) of spam filtering is done using DKIM/SPF/DMARC/ARC, domain reputation, and IP reputation, none of which require access to the contents.
I'm not saying that you should go and make all your email subjects "Free herbal viagra" or whatever, but modern spam filtering algorithms revolve somewhat less around those kinds of trigger phrases than they used to.
Also, spam is by definition sent in bulk, so as long as the emails are hitting either some accounts on other email providers or else are hitting some honeypots on ProtonMail then you still get the benefit of being able to have the sender blacklisted based on the contents.
When ProtonMail's mail handler gets an email from mail.foo.com it's not coming in encrypted with the user's ProtonMail key. They have full access to the contents at that point and simple things like spam assassin would work, along with the usual DKIM/SPF checks.
This is for external mail only though. Presumably they don't have a bad problem with internal users sending mail to other internal users. I'm guessing any that did would get found quickly via reporting or heuristics.
There are some useless spam filters. I have received two phishers posing as protonmail customer support. On the other hand it seems like i haven't received nearly as much spam as my gmail gets.
