6.7.1 Spam Detection and Contact Monitoring

Confidentiality and integrity are not the only aspect of email security; some encrypted emails could contain spam, viruses, phishing messages, or other undesirable content. By design, Zoom servers cannot scan E2E-encrypted emails for such threats. Since sending E2EE emails requires a paid subscription, we expect abuse to be very limited. Moreover, even if the contents are inaccessible, user reporting and metadata-based techniques, such as rate limiting by account or IP address, can block or detect some abusive behavior. In addition, emails from external email addresses will be subject to server-side content analysis, including virus scanning and spam filtering using standard tools, as well as SPF, DMARC, DKIM and STS enforcement.