@cabel yep… I hope they’re smart enough to take email headers into account even if that’ll be tricky to like, prompt or something but it really is the only way to work around this I feel 🫠

And/or Mail should start being able to tell the user when an email is a phishing attempt/spoofing by checking SPF/DKIM records and such. Thinking a bit too much about email because of work 😭