re: #215 e_e

Sure, the option must be activated, which is why I said “possible”. As for spoofed after the fact, IIRC this only pertains to additional fake “from:” headers and such spoofing is only useful for sending spam. We, on the other hand, can check for any additional headers if we have the .eml.

Guess they can try that route of authentication if available. If not available then does that fall back on the “trust us” question?