I think it is misleading to reference GPDR for distinguishing between hiding an email and deleting it entirely.
Whilst the motivation might currently be GDPR, there are other reasons why it is important to be able to remove an email completely. For example, sensitive data, or just plain wrong import. I don't think it makes sense to have to configure this at installation level. I think there needs to be two independent functions: hide email source and/or mbox entries, and remove them both. Also, what about attachments? Maybe the only item that needs to be redacted is an attachment. What happens to other emails that have the same attachment? Or maybe the email source needs to be redacted, but the attachment does not, and is used by other emails. This whole area needs a rethink: what functions need to be provided from a user point of view, and how to enable that.
