Ensure email import is secure
I can't find much info about this feature, except that one can send data to email@example.com. Presumably it determines your identity by origin email address. If there's no other other auth then this is insecure, since I can masquerade as another user with publicly available. Information.