That's obvious since the email header and body are in the same document. Presumably what's going on is they capture all emails, process them to strip off the body, and then make the headers available to the analysis systems. They can then go back and retrieve the body of any email that interests them. One of the points that critics have been making is that analysts can make the decision to retrieve the content on their own without a court order, so this whole metadata safeguard isn't much of a protection at all.