> If you want to do this transparently, the only place you can store the key is... right next to the mailbox, so that anyone with access to the mailbox has access to the key.
If the client can generate a unique public/private key pair for every sender/recipient combination, the key wouldn't need to be stored on any server, just ephemerally transmitted one time over TLS/SSL. But that would have the downside of if you lose all devices with the key, you can no longer read those emails. There's partial solutions for that, like your own collection of public keys could be encrypted with a passkey/passphrase and uploaded to the central server, but then if you lose your passphrase, Gmail still can't help you read past emails.
I agree that good key distribution is probably impossible.
I'm pretty sure an on-device LLM / statistical model could filter spam pretty darn well though.
If the client can generate a unique public/private key pair for every sender/recipient combination, the key wouldn't need to be stored on any server, just ephemerally transmitted one time over TLS/SSL. But that would have the downside of if you lose all devices with the key, you can no longer read those emails. There's partial solutions for that, like your own collection of public keys could be encrypted with a passkey/passphrase and uploaded to the central server, but then if you lose your passphrase, Gmail still can't help you read past emails.
I agree that good key distribution is probably impossible.
I'm pretty sure an on-device LLM / statistical model could filter spam pretty darn well though.