Try to send an encrypted mail to an address where the OpenPGP key has expired. (Or to a keygroup, where one of the keys has expired). The Confirmation dialog comes up:
Even if you remove the filter, the address in question is not listed at all, not even as "not compliant".
This is now a different behavior than for S/MIME keys, for which we do now offer the option to encrypt anyway, though it is not compliant.
And in case of keygroups we have the additional difficulty that it would be preferable to encrypt at least to the valid keys of the group, instead of not showing no key for the recipient and no hint for the user what the problem may be.
Here I would at least expect some helpful error message regarding the reason if we do not allow the encryption to that group.
See also T6742.
Update: "can encrypt" should determine if an encryption subkey exists for a key in the keyring associated with the given email address. If that key is expired, it should be displayed appropriately marked and the encryption button greyed out.
In case of a key group this has the consequence that the keys in the group will be resolved and the user can decide if the message should be encrypted to the remaining, not expired keys only.