- ban keys from unknow users flooding -> counter, reseted when key added in DB
- protect against intercepted mail with falsified headers (From/Reply-To/... could be tampered to get replies, reply tampered too, and then resent to avoid being detected)
- check "protocol" field in "Content-Type" for received signed/encrypted mails