ProtonMail utilizes End-to-End Encryption (E2EE) for email bodies, though metadata and headers currently remain unencrypted to facilitate server-side filtering (I assume). This architecture allows the server to instantly sort incoming messages into folders, apply labels, manage expiration dates, or discard emails based on user-defined rules.

A potential enhancement to this system involves implementing content-based filtering. While server-side analysis of encrypted bodies is technically unfeasible due to the E2EE protocol, filtering could be offloaded to the client side. Once a user logs in and the client decrypts the message locally, the application could execute comprehensive filtering rules and synchronize the resulting organizational changes back to the remote servers.

Furthermore, transitioning to client-side filtering offers a significant security advantage: it enables the hardening of server-side storage. By removing the server's need to access headers for routing, Proton could implement full-message encryption (headers and body).