6

All is in the title really. How can protonmail detect spam if if cannot read mail content?

It could be

  • based on metadata. But then spam detection would probably not be very good. And what metadata does Protonmail has access to in that case? Sender, title?
  • done on the client side. That would imply giving away your spam detection algorithm — something spammers would love to have I suppose.
  • done when the email is incoming. In that case Protonmail does read my mail but supposedly only once. Spam detection should also not work for mail sent from protonmail.

Is this one of the above, or yet another one?

P-Gn
  • 205
  • 1
  • 4
  • 1
    Protonmail only uses E2EE if both the sender and recipient are using Protonmail. When someone sends you an e-mail from let's say Gmail, Protonmail can read it at the moment it is received but it encrypts it using your key before storing it. – Spoody Jun 28 '18 at 22:06

1 Answers1

6

As you hint in your third point, it's a difference if the mail is from and to a Protonmal account, or if one side is an third-party server.

For the cases where the sender or receiver (one of them) is not a Protonmail user, they DO read the mail, as they say themselves: https://protonmail.com/blog/encrypted-email-spam-filtering/

Part of the text there:

  1. First, the IP address of the incoming SMTP server is checked against spam blacklists which contain IP addresses of servers we have previously received spam from. If we receive a hit, the message is rejected.

  2. Secondly, the message is passed through our customized Bayesian filters which marks suspicious messages as spam.

  3. Next, we generate checksums of incoming messages and check them against a database of known spam messages. If there is a match, we mark the message as spam. The checksums are done in such a way that it is also effective against mutating spam emails.

...

All this is done in memory so that by the time anything is permanently stored to disk, the email is already un-readable to us. This gives us a very limited window to perform spam filtering on incoming messages.

...

TL;DR. they encrypt the received mail after filtering it / filter after decrypting before sending.
They still say they "can't read anything" despite anything running through their spam filter is not secure from admins and developers.

To be fair, even without filter the server must handle the unencrypted mail at some point, if the sender/receiver is external... but "they never can read it" is nonsense.

About internal mails from and to Protonmail, I have not found a similar post - but there are (probably) some official statements on the internet.

  • That they factor in if receivers mark something as spam.
  • That they take care to block anyone over a treshold (unlike some mail providers who just don't care).
  • And that there is a limit how many mails can be send in a certain time (making mass spam harder).
tungsten
  • 432
  • 1
  • 5
  • 19
deviantfan
  • 3,854
  • 21
  • 22
  • 1
    I think the idea is that it prevents someone who steals the disk will not be able to read the emails, not that Protonmail could not read the emails if they go rogue. – forest Jun 29 '18 at 02:10
  • 1
    An encrypted disk would already protect from a disk-snatcher. This also protects you from Protonmail [employees] _unless_ they subvert the installed programs to do something else (which protonmail certainly could, harder to do if it was a single employee going rogue). This would include the ability of changing the smtp server (or the spam filter) to send an unencrypted copy to someone else of emails sent/received (although that would only compromise _future_ emails) or to send you a malicious javascript that exfiltrated your keys. – Ángel Oct 21 '19 at 20:16