feat!: fire MsgRead on subsequent MDNs

BREAKING CHANGE: previously this event only fired if message state really did just transition from `DC_STATE_OUT_DELIVERED` to `DC_STATE_OUT_MDN_RCVD`. Now this is only the case for `MsgRead` events that have the newly added `first_time == true`. Closes https://github.com/deltachat/deltachat-desktop/issues/5220. This is also useful for channels as it facilitates updating the post (message) read count live. Despite the fact that it's a breaking change, this should not be problematic in most cases because clients mostly use this event as an "it's time to reload" indicator. There is a case in Delta Chat Desktop where and adjustment will be needed: d1fbb30979/packages/frontend/src/stores/messagelist.ts (L119-L123) It seems that the message state could later transition to `DC_STATE_OUT_FAILED`, so we should not uncoditionally set it to `DC_STATE_OUT_MDN_RCVD`. Note that this does not expose `first_time` in CFFI.
2026-05-05 06:16:30 +03:00 · 2026-03-12 20:34:20 +04:00
486 changed files with 9340 additions and 7000 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,10 +20,10 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.95.0
+  RUST_VERSION: 1.94.0

  # Minimum Supported Rust Version
-  MSRV: 1.89.0
+  MSRV: 1.88.0

 jobs:
  lint_rust:
@@ -40,9 +40,7 @@ jobs:
      - run: rustup override set $RUST_VERSION
        shell: bash
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: Run rustfmt
        run: cargo fmt --all -- --check
      - name: Run clippy
@@ -61,7 +59,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb
+      - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979
        with:
          arguments: --workspace --all-features --locked
          command: check
@@ -93,9 +91,7 @@ jobs:
          show-progress: false
          persist-credentials: false
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: Rustdoc
        run: cargo doc --document-private-items --no-deps

@@ -138,12 +134,10 @@ jobs:
        shell: bash

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Install nextest
-        uses: taiki-e/install-action@1329c298aa20c3257846c9b2e0e55967df3e3c37
+        uses: taiki-e/install-action@69e777b377e4ec209ddad9426ae3e0c1008b0ef3
        with:
          tool: nextest

@@ -174,15 +168,13 @@ jobs:
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Build C library
        run: cargo build -p deltachat_ffi

      - name: Upload C library
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug/libdeltachat.a
@@ -202,15 +194,13 @@ jobs:
          persist-credentials: false

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
+        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5

      - name: Build deltachat-rpc-server
        run: cargo build -p deltachat-rpc-server

      - name: Upload deltachat-rpc-server
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: ${{ matrix.os == 'windows-latest' && 'target/debug/deltachat-rpc-server.exe' || 'target/debug/deltachat-rpc-server' }}
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -34,13 +34,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux
          path: result/bin/deltachat-rpc-server
@@ -58,13 +58,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
          path: result/*.whl
@@ -82,13 +82,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}
          path: result/bin/deltachat-rpc-server.exe
@@ -106,13 +106,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-wheel
          path: result/*.whl
@@ -139,7 +139,7 @@ jobs:
        run: cargo build --release --package deltachat-rpc-server --target ${{ matrix.arch }}-apple-darwin --features vendored

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-macos
          path: target/${{ matrix.arch }}-apple-darwin/release/deltachat-rpc-server
@@ -157,13 +157,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android

      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android
          path: result/bin/deltachat-rpc-server
@@ -181,13 +181,13 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel

      - name: Upload wheel
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
          path: result/*.whl
@@ -208,7 +208,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1

      - name: Download Linux aarch64 binary
        uses: actions/download-artifact@v7
@@ -382,7 +382,7 @@ jobs:

      - name: Publish deltachat-rpc-server to PyPI
        if: github.event_name == 'release'
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e

  publish_npm_package:
    name: Build & Publish npm prebuilds and deltachat-rpc-server
@@ -496,7 +496,7 @@ jobs:
          ls -lah

      - name: Upload to artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: deltachat-rpc-server-npm-package
          path: deltachat-rpc-server/npm-package/*.tgz
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -10,11 +10,11 @@ permissions:
 jobs:
  dependabot:
    runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: metadata
-        uses: dependabot/fetch-metadata@v3.0.0
+        uses: dependabot/fetch-metadata@v2.4.0
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve a PR
--- a/.github/workflows/dev-version.yml
+++ b/.github/workflows/dev-version.yml
@@ -1,23 +0,0 @@
-# Check that PRs are made against the -dev version.
-# 
-# If this fails, push commit to update the version to -dev to main.
-
-name: Check for -dev version
-
-on:
-  pull_request:
-
-permissions: {}
-
-jobs:
-  check_dev_version:
-    name: Check that current version ends with -dev
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-
-      - name: Run version-checking script
-        run: scripts/check-dev-version.py
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          node-version: 18.x
      - name: Add Rust cache
-        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
      - name: npm install
        working-directory: deltachat-jsonrpc/typescript
        run: npm install
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - run: nix fmt flake.nix -- --check

  build:
@@ -84,7 +84,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -105,5 +105,5 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -23,7 +23,7 @@ jobs:
        working-directory: deltachat-rpc-client
        run: python3 -m build
      - name: Store the distribution packages
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: python-package-distributions
          path: deltachat-rpc-client/dist/
@@ -47,4 +47,4 @@ jobs:
          name: python-package-distributions
          path: dist/
      - name: Publish deltachat-rpc-client to PyPI
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -18,11 +18,11 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@v6
        with:
          name: repl.exe
          path: "result/bin/deltachat-repl.exe"
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -1,18 +1,16 @@
-name: Build & deploy documentation on rs.delta.chat, c.delta.chat, py.delta.chat and cffi.delta.chat
+name: Build & deploy documentation on rs.delta.chat, c.delta.chat, and py.delta.chat

 on:
  push:
    branches:
      - main
+      - build_jsonrpc_docs_ci

 permissions: {}

 jobs:
  build-rs:
    runs-on: ubuntu-latest
-    environment:
-      name: rs.delta.chat
-      url: https://rs.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -25,15 +23,12 @@ jobs:
      - name: Upload to rs.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.RS_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.RS_DOCS_SSH_USER }}@rs.delta.chat:/var/www/html/rs.delta.chat/"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.USERNAME }}@rs.delta.chat:/var/www/html/rs/"

  build-python:
    runs-on: ubuntu-latest
-    environment:
-      name: py.delta.chat
-      url: https://py.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -41,21 +36,18 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.PY_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.PY_DOCS_SSH_USER }}@py.delta.chat:/var/www/html/py.delta.chat"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@py.delta.chat:/home/delta/build/master"

  build-c:
    runs-on: ubuntu-latest
-    environment:
-      name: c.delta.chat
-      url: https://c.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -63,22 +55,18 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
+      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.C_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.C_DOCS_SSH_USER }}@c.delta.chat:/var/www/html/c.delta.chat"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@c.delta.chat:/home/delta/build-c/master"

  build-ts:
    runs-on: ubuntu-latest
-    environment:
-      name: js.jsonrpc.delta.chat
-      url: https://js.jsonrpc.delta.chat/
-
    defaults:
      run:
        working-directory: ./deltachat-jsonrpc/typescript
@@ -102,27 +90,6 @@ jobs:
      - name: Upload to js.jsonrpc.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.JS_JSONRPC_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.JS_JSONRPC_DOCS_SSH_USER }}@js.jsonrpc.delta.chat:/var/www/html/js.jsonrpc.delta.chat/"
-
-  build-cffi:
-    runs-on: ubuntu-latest
-    environment:
-      name: cffi.delta.chat
-      url: https://cffi.delta.chat/
-
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - name: Build the documentation with cargo
-        run: |
-          cargo doc --package deltachat_ffi --no-deps
-      - name: Upload to cffi.delta.chat
-        run: |
-          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.CFFI_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
-          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.CFFI_DOCS_SSH_USER }}@delta.chat:/var/www/html/cffi.delta.chat/"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.USERNAME }}@js.jsonrpc.delta.chat:/var/www/html/js-jsonrpc/"
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -0,0 +1,31 @@
+# GitHub Actions workflow
+# to build `deltachat_ffi` crate documentation
+# and upload it to <https://cffi.delta.chat/>
+
+name: Build & Deploy Documentation on cffi.delta.chat
+
+on:
+  push:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+      - name: Build the documentation with cargo
+        run: |
+          cargo doc --package deltachat_ffi --no-deps
+      - name: Upload to cffi.delta.chat
+        run: |
+          mkdir -p "$HOME/.ssh"
+          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
+          chmod 600 "$HOME/.ssh/key"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.USERNAME }}@delta.chat:/var/www/html/cffi/"
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -23,4 +23,4 @@ jobs:
          persist-credentials: false

      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,282 +1,5 @@
 # Changelog

-## [2.49.0] - 2026-04-13
-
-### Features / Changes
-
- Flipped Exif orientations ([#8057](https://github.com/chatmail/core/pull/8057)).
-
-### Fixes
-
- Determine whether a message is an own message by looking at signature. multiple devices can temporarly have different sets of self addresses, and still need to properly recognize incoming versus outgoing messages. Disclaimer: some LLM tooling was initially involved but i went over everything by hand, and also addressed review comments..
- Mark a message as delivered only after it has been fully sent out ([#8062](https://github.com/chatmail/core/pull/8062)).
- Do not create 1:1 chat on second device when scanning a QR code.
- Do not URL-encode proxy hostnames.
- Assign webxdc updates from post-message to webxdc instance.
- Let search also return hidden contacts if search value is an email address.
- Add missing `extern "C"` to `dc_array_is_independent`.
- Make start messages stick to the top of the chat.
- For bots, wait with emitting IncomingMsg until the Post-Msg arrived ([#8104](https://github.com/chatmail/core/pull/8104)).
- Trash message about group name change from non-member.
-
-### API-Changes
-
- [**breaking**] remove `dc_msg_force_plaintext`.
- @deltachat/stdio-rpc-server: also export a class.
-
-### CI
-
- Make sure `-dev` version suffix is not forgotten after release.
-
-### Documentation
-
- Document that events are broadcasted to all event emitters.
- Fix broken link for i-d "Common PGP/MIME Message Mangling".
-
-### Refactor
-
- ignore ForcePlaintext in saved messages chat.
- @deltachat/stdio-rpc-server: make `getRPCServerPath` and `startDeltaChat` synchronous.
- @deltachat/stdio-rpc-server: remove `await` from README example.
- less nested `remove_contact_from_chat`.
-
-### Tests
-
- Add test for `tweak_sort_timestamp()`.
- Test that messages are only marked as delivered after being fully sent out ([#8077](https://github.com/chatmail/core/pull/8077)).
- Fix flaky `test_no_old_msg_is_fresh`: Wait for incoming message before sending outgoing one.
- Use TestContextManager in `test_keep_member_list_if_possibly_nomember`.
-
-### Miscellaneous Tasks
-
- cargo: bump chrono from 0.4.43 to 0.4.44.
- cargo: bump tracing-subscriber from 0.3.22 to 0.3.23.
- cargo: bump tempfile from 3.26.0 to 3.27.0.
- cargo: bump pin-project from 1.1.10 to 1.1.11.
- cargo: bump tokio from 1.49.0 to 1.50.0.
- cargo: bump libc from 0.2.182 to 0.2.183.
- cargo: bump quote from 1.0.44 to 1.0.45.
- cargo: bump image from 0.25.9 to 0.25.10.
- cargo: bump proptest from 1.10.0 to 1.11.0.
- deps: bump dependabot/fetch-metadata from 2.4.0 to 3.0.0.
- bump version to 2.49.0-dev.
-
-## [2.48.0] - 2026-03-30
-
-### Fixes
-
- Fix reordering problems in multi-relay setups by not sorting received messages below the last seen one.
- Always sort "Messages are end-to-end encrypted" notice to the beginning.
- Make Message-ID of pre-messages stable across resends ([#8007](https://github.com/chatmail/core/pull/8007)).
- Delete `imap_markseen` entries not corresponding to any `imap` rows.
- Cleanup `imap` and `imap_sync` records without transport in housekeeping.
- When receiving MDN, mark all preceding messages as noticed, even having same timestamp ([#7928](https://github.com/chatmail/core/pull/7928)).
- Remove migration 108 preventing upgrades from core 1.86.0 to the latest version.
-
-### Features / Changes
-
- Improve IMAP loop logs.
- Add decryption error to the device message about outgoing message decryption failure.
- Log received message sort timestamp.
-
-### Performance
-
- Move sorting outside of SQL query in `store_seen_flags_on_imap`.
-
-### API-Changes
-
- Add JSON-RPC API `markfresh_chat()`.
- ffi: Correctly declare `dc_event_channel_new()` as having no params ([#7831](https://github.com/chatmail/core/pull/7831)).
-
-### Refactor
-
- Remove `wal_checkpoint_mutex`, lock `write_mutex` before getting sql connection instead.
- Replace async `RwLock` with sync `RwLock` for stock strings.
- Cleanup remaining Autocrypt Setup Message processing in `mimeparser`.
- SecureJoin: do not check for self address in forwarding protection.
- Fix clippy warnings.
-
-### CI
-
- Update {c,py}.delta.chat website deployments.
- Use environments for {rs,cffi,js.jsonrpc}.delta.chat deployments.
- Fix https://docs.zizmor.sh/audits/#bot-conditions.
-
-### Documentation
-
- Add SQL performance tips to STYLE.md.
-
-### Tests
-
- Remove `test_old_message_5`.
- Do not rely on loading newest chat in `load_imf_email()`.
- Use `load_imf_email()` more.
- The message is sorted correctly in the chat even if it arrives late.
-
-### Miscellaneous Tasks
-
- cargo: update rustls-webpki to 0.103.10.
-
-## [2.47.0] - 2026-03-24
-
-### Fixes
-
- Don't fall into infinite loop if the folder is missing ([#8021](https://github.com/chatmail/core/pull/8021)).
- Delete `available_post_msgs` row if the message is already downloaded.
- Delete `available_post_msgs` row if there is no corresponding IMAP entry.
- Make newlines work in chat descriptions ([#8012](https://github.com/chatmail/core/pull/8012)).
-
-### Features / Changes
-
- use SEIPDv2 if all recipients support it.
-
-### Documentation
-
- Add shadowsocks spec to standards.md.
- Document Header Confidentiality Policy.
- `deltachat_rpc_client`: make sphinx documentation display method parameters.
- Remove `draft/aeap-mvp.md` which is superseded by key-contacts and multi-relay.
-
-### Refactor
-
- Remove code to send messages without intended recipient fingerprint.
-
-### Tests
-
- Make `add_or_lookup_contact_id_no_key` public.
-
-### Miscellaneous Tasks
-
- cargo: bump sdp from 0.10.0 to 0.17.1.
- Add RUSTSEC-2026-0049 exception to deny.toml.
-
-## [2.46.0] - 2026-03-19
-
-### API-Changes
-
- [**breaking**] remove functions for sending and receiving Autocrypt Setup Message.
- Add `list_transports_ex()` and `set_transport_unpublished()` functions.
- Add API `dc_markfresh_chat` to mark messages as "fresh".
-
-### Features / Changes
-
- add `IncomingCallAccepted.from_this_device`.
- decode `dcaccount://` URLs and error out on empty URLs early.
- enable anonymous OpenPGP key IDs.
- tls: do not verify TLS certificates for hostnames starting with `_`.
-
-### Fixes
-
- Mark call message as seen when accepting/declining a call ([#7842](https://github.com/chatmail/core/pull/7842)).
- do not send MDNs for hidden messages.
- call sync_all() instead of sync_data() when writing accounts.toml.
- fsync() the rename() of accounts.toml.
- count recipients by Intended Recipient Fingerprints.
-
-### Miscellaneous Tasks
-
- deps: bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2.
- cargo: bump astral-tokio-tar from 0.5.6 to 0.6.0.
- deps: bump actions/upload-artifact from 6 to 7.
- cargo: bump blake3 from 1.8.2 to 1.8.3.
- add constant_time_eq 0.3.1 to deny.toml.
-
-### Refactor
-
- use re-exported rustls::pki_types.
- import tokio_rustls::rustls.
- Move transport_tests to their own file.
-
-### Tests
-
- Shift time even more in flaky test_sync_broadcast_and_send_message.
- test markfresh_chat()
-
-## [2.45.0] - 2026-03-14
-
-### API-Changes
-
- JSON-RPC: add `createQrSvg` ([#7949](https://github.com/chatmail/core/pull/7949)).
-
-### Features / Changes
-
- Do not read own public key from the database.
- Securejoin v3, encrypt all securejoin messages ([#7754](https://github.com/chatmail/core/pull/7754)).
- Domain separation between securejoin auth tokens and broadcast channel secrets ([#7981](https://github.com/chatmail/core/pull/7981)).
- Merge OpenPGP certificates and distribute relays in them.
- Advertise SEIPDv2 feature for new keys.
- Don't depend on cleartext `Chat-Version`, `In-Reply-To`, and `References` headers for `prefetch_should_download` ([#7932](https://github.com/chatmail/core/pull/7932)).
- Don't send unencrypted `In-Reply-To` and `References` headers ([#7935](https://github.com/chatmail/core/pull/7935)).
- Don't send unencrypted `Auto-Submitted` header ([#7938](https://github.com/chatmail/core/pull/7938)).
- Remove QR code tokens sync compatibility code.
- Mutex to prevent fetching from multiple IMAP servers at the same time.
- Add support to gif stickers ([#7941](https://github.com/chatmail/core/pull/7941))
-
-### Fixes
-
- Fix the deadlock by adding a mutex around `wal_checkpoint()`.
- Do not run more than one housekeeping at a time.
- ffi: don't steal Arc in `dc_jsonrpc_init` ([#7962](https://github.com/chatmail/core/pull/7962)).
- Handle the case that the user starts a securejoin, and then deletes the contact ([#7883](https://github.com/chatmail/core/pull/7883)).
- Do not trash pre-message if it is received twice.
- Set `is_chatmail` during initial configuration.
- vCard: Improve property value escaping ([#7931](https://github.com/chatmail/core/pull/7931)).
- Percent-decode the address in `dclogin://` URLs.
- Make broadcast owner and subscriber hidden contacts for each other ([#7856](https://github.com/chatmail/core/pull/7856)).
- Set proper placeholder texts for system messages ([#7953](https://github.com/chatmail/core/pull/7953)).
- Add "member added" messages to `OutBroadcast` when executing `SetPgpContacts` sync message ([#7952](https://github.com/chatmail/core/pull/7952)).
- Correct channel system messages ([#7959](https://github.com/chatmail/core/pull/7959)).
- Drop messages encrypted with the wrong symmetric secret ([#7963](https://github.com/chatmail/core/pull/7963)).
- Fix debug assert message incorrectly talking about past members in the current member branch.
- Update device chats at the end of configuration.
- `deltachat_rpc_client`: make `@futuremethod` decorator keep method metadata.
- Use the correct chat description stock string again ([#7939](https://github.com/chatmail/core/pull/7939)).
- Use correct string for encryption info.
-
-### CI
-
- Update Rust to 1.94.0.
- Allow non-hash references for `actions/*` and `dependabot/*`.
- update zizmor workflow to use zizmorcore/zizmor-action.
-
-### Documentation
-
- update `store_self_keypair()` documentation.
- Fix documentation for membership change stock strings ([#7944](https://github.com/chatmail/core/pull/7944)).
- use correct define for 'description changed' info message.
-
-### Refactor
-
- Un-resultify `KeyPair::new()`.
- Remove `KeyPair` type.
- pgp: do not use legacy key ID except for IssuerKeyId subpacket.
- `use super::*` in qr::dclogin_scheme.
- Move WAL checkpointing into `sql::pool` submodule.
- Order self addresses by addition timestamp.
-
-### Tests
-
- Remove arbitrary timeouts from `test_4_lowlevel.py`.
- Fix flaky `test_qr_securejoin_broadcast` ([#7937](https://github.com/chatmail/core/pull/7937)).
- Work around `test_sync_broadcast_and_send_message` flakiness.
-
-### Miscellaneous Tasks
-
- bump version to 2.44.0-dev.
- cargo: bump futures from 0.3.31 to 0.3.32.
- cargo: bump quick-xml from 0.39.0 to 0.39.2.
- cargo: bump criterion from 0.8.1 to 0.8.2.
- cargo: bump tempfile from 3.24.0 to 3.25.0.
- cargo: bump async-imap from 0.11.1 to 0.11.2.
- cargo: bump regex from 1.12.2 to 1.12.3.
- cargo: bump hyper-util from 0.1.19 to 0.1.20.
- cargo: bump anyhow from 1.0.100 to 1.0.102.
- cargo: bump syn from 2.0.114 to 2.0.117.
- cargo: bump proptest from 1.9.0 to 1.10.0.
- cargo: bump strum from 0.27.2 to 0.28.0.
- cargo: bump strum_macros from 0.27.2 to 0.28.0.
- cargo: bump quinn-proto from 0.11.9 to 0.11.14.
-
 ## [2.44.0] - 2026-02-27

 ### Build system
@@ -8098,8 +7821,3 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.42.0]: https://github.com/chatmail/core/compare/v2.41.0..v2.42.0
 [2.43.0]: https://github.com/chatmail/core/compare/v2.42.0..v2.43.0
 [2.44.0]: https://github.com/chatmail/core/compare/v2.43.0..v2.44.0
-[2.45.0]: https://github.com/chatmail/core/compare/v2.44.0..v2.45.0
-[2.46.0]: https://github.com/chatmail/core/compare/v2.45.0..v2.46.0
-[2.47.0]: https://github.com/chatmail/core/compare/v2.46.0..v2.47.0
-[2.48.0]: https://github.com/chatmail/core/compare/v2.47.0..v2.48.0
-[2.49.0]: https://github.com/chatmail/core/compare/v2.48.0..v2.49.0
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -36,7 +36,7 @@ checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -136,7 +136,7 @@ checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
 dependencies = [
 "base64ct",
 "blake2",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "password-hash",
 "zeroize",
 ]
@@ -194,9 +194,9 @@ dependencies = [

 [[package]]
 name = "astral-tokio-tar"
-version = "0.6.1"
+version = "0.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ce73b17c62717c4b6a9af10b43e87c578b0cac27e00666d48304d3b7d2c0693"
+checksum = "ec179a06c1769b1e42e1e2cbe74c7dcdb3d6383c838454d063eaac5bbb7ebbe5"
 dependencies = [
 "filetime",
 "futures-core",
@@ -497,16 +497,15 @@ dependencies = [

 [[package]]
 name = "blake3"
-version = "1.8.5"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce"
+checksum = "3888aaa89e4b2a40fca9848e400f6a658a5a3978de7be858e209cafa8be9a4a0"
 dependencies = [
 "arrayref",
 "arrayvec",
 "cc",
 "cfg-if",
- "constant_time_eq 0.4.2",
- "cpufeatures 0.3.0",
+ "constant_time_eq",
 ]

 [[package]]
@@ -550,7 +549,7 @@ dependencies = [
 "bolero-kani",
 "bolero-libfuzzer",
 "cfg-if",
- "rand 0.9.4",
+ "rand 0.9.2",
 ]

 [[package]]
@@ -573,7 +572,7 @@ dependencies = [
 "bolero-generator",
 "lazy_static",
 "pretty-hex",
- "rand 0.9.4",
+ "rand 0.9.2",
 "rand_xoshiro",
 ]

@@ -799,7 +798,7 @@ checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -827,9 +826,9 @@ dependencies = [

 [[package]]
 name = "chrono"
-version = "0.4.44"
+version = "0.4.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
+checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
 dependencies = [
 "iana-time-zone",
 "num-traits",
@@ -934,9 +933,9 @@ checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"

 [[package]]
 name = "colorutils-rs"
-version = "0.8.0"
+version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69abc9a8ed011e2b7946769f460b9e76e8b659ece9ef4001b9d8bba3489f796d"
+checksum = "6e2fc25857fa523662de5cae84225b0e7bfb24a2a3f9ed8802fecf03df7252b1"
 dependencies = [
 "erydanos",
 "half",
@@ -964,12 +963,6 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"

-[[package]]
-name = "constant_time_eq"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
-
 [[package]]
 name = "convert_case"
 version = "0.5.0"
@@ -1011,15 +1004,6 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "cpufeatures"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "crc"
 version = "3.2.1"
@@ -1225,7 +1209,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "curve25519-dalek-derive",
 "digest",
 "fiat-crypto",
@@ -1301,9 +1285,9 @@ dependencies = [

 [[package]]
 name = "data-encoding"
-version = "2.11.0"
+version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8"
+checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"

 [[package]]
 name = "dbl"
@@ -1316,7 +1300,7 @@ dependencies = [

 [[package]]
 name = "deltachat"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 dependencies = [
 "anyhow",
 "astral-tokio-tar",
@@ -1369,11 +1353,12 @@ dependencies = [
 "proptest",
 "qrcodegen",
 "quick-xml",
- "rand 0.8.6",
- "rand 0.9.4",
+ "rand 0.8.5",
+ "rand 0.9.2",
 "ratelimit",
 "regex",
 "rusqlite",
+ "rustls-pki-types",
 "sanitize-filename",
 "sdp",
 "serde",
@@ -1425,7 +1410,7 @@ dependencies = [

 [[package]]
 name = "deltachat-jsonrpc"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 dependencies = [
 "anyhow",
 "async-channel 2.5.0",
@@ -1446,7 +1431,7 @@ dependencies = [

 [[package]]
 name = "deltachat-repl"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1462,7 +1447,7 @@ dependencies = [

 [[package]]
 name = "deltachat-rpc-server"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1491,7 +1476,7 @@ dependencies = [

 [[package]]
 name = "deltachat_ffi"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1499,7 +1484,7 @@ dependencies = [
 "human-panic",
 "libc",
 "num-traits",
- "rand 0.9.4",
+ "rand 0.9.2",
 "serde_json",
 "thiserror 2.0.18",
 "tokio",
@@ -2438,7 +2423,7 @@ dependencies = [
 "idna",
 "ipnet",
 "once_cell",
- "rand 0.9.4",
+ "rand 0.9.2",
 "ring",
 "thiserror 2.0.18",
 "tinyvec",
@@ -2460,7 +2445,7 @@ dependencies = [
 "moka",
 "once_cell",
 "parking_lot",
- "rand 0.9.4",
+ "rand 0.9.2",
 "resolv-conf",
 "smallvec",
 "thiserror 2.0.18",
@@ -2610,9 +2595,9 @@ dependencies = [

 [[package]]
 name = "hyper"
-version = "1.9.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
+checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
 dependencies = [
 "atomic-waker",
 "bytes",
@@ -2625,6 +2610,7 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
+ "pin-utils",
 "smallvec",
 "tokio",
 "want",
@@ -2662,7 +2648,7 @@ dependencies = [
 "hyper",
 "libc",
 "pin-project-lite",
- "socket2 0.6.3",
+ "socket2 0.6.0",
 "tokio",
 "tower-service",
 "tracing",
@@ -2860,7 +2846,7 @@ dependencies = [
 "hyper",
 "hyper-util",
 "log",
- "rand 0.9.4",
+ "rand 0.9.2",
 "tokio",
 "url",
 "xmltree",
@@ -2868,9 +2854,9 @@ dependencies = [

 [[package]]
 name = "image"
-version = "0.25.10"
+version = "0.25.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85ab80394333c02fe689eaf900ab500fbd0c2213da414687ebf995a65d5a6104"
+checksum = "e6506c6c10786659413faa717ceebcb8f70731c0a60cbae39795fdf114519c1a"
 dependencies = [
 "bytemuck",
 "byteorder-lite",
@@ -2989,12 +2975,12 @@ dependencies = [
 "pin-project",
 "pkarr",
 "portmapper",
- "rand 0.8.6",
+ "rand 0.8.5",
 "rcgen",
 "reqwest",
 "ring",
 "rustls",
- "rustls-webpki 0.102.8",
+ "rustls-webpki",
 "serde",
 "smallvec",
 "spki",
@@ -3040,7 +3026,7 @@ dependencies = [
 "arrayvec",
 "cc",
 "cfg-if",
- "constant_time_eq 0.3.1",
+ "constant_time_eq",
 ]

 [[package]]
@@ -3064,7 +3050,7 @@ dependencies = [
 "iroh-metrics",
 "n0-future",
 "postcard",
- "rand 0.8.6",
+ "rand 0.8.5",
 "rand_core 0.6.4",
 "serde",
 "serde-error",
@@ -3127,7 +3113,7 @@ checksum = "929d5d8fa77d5c304d3ee7cae9aede31f13908bd049f9de8c7c0094ad6f7c535"
 dependencies = [
 "bytes",
 "getrandom 0.2.16",
- "rand 0.8.6",
+ "rand 0.8.5",
 "ring",
 "rustc-hash",
 "rustls",
@@ -3180,10 +3166,10 @@ dependencies = [
 "pin-project",
 "pkarr",
 "postcard",
- "rand 0.8.6",
+ "rand 0.8.5",
 "reqwest",
 "rustls",
- "rustls-webpki 0.102.8",
+ "rustls-webpki",
 "serde",
 "sha1",
 "strum 0.26.2",
@@ -3254,7 +3240,7 @@ version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
 dependencies = [
- "cpufeatures 0.2.17",
+ "cpufeatures",
 ]

 [[package]]
@@ -3268,9 +3254,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.186"
+version = "0.2.182"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
+checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112"

 [[package]]
 name = "libm"
@@ -3461,13 +3447,13 @@ dependencies = [

 [[package]]
 name = "mio"
-version = "1.2.0"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1"
+checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
 "libc",
 "wasi 0.11.0+wasi-snapshot-preview1",
- "windows-sys 0.61.1",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -3491,9 +3477,9 @@ dependencies = [

 [[package]]
 name = "moxcms"
-version = "0.8.1"
+version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb85c154ba489f01b25c0d36ae69a87e4a1c73a72631fc6c0eb6dde34a73e44b"
+checksum = "ddd32fa8935aeadb8a8a6b6b351e40225570a37c43de67690383d87ef170cd08"
 dependencies = [
 "num-traits",
 "pxfm",
@@ -3784,7 +3770,7 @@ dependencies = [
 "num-integer",
 "num-iter",
 "num-traits",
- "rand 0.8.6",
+ "rand 0.8.5",
 "serde",
 "smallvec",
 "zeroize",
@@ -3941,9 +3927,9 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"

 [[package]]
 name = "openssl"
-version = "0.10.78"
+version = "0.10.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f38c4372413cdaaf3cc79dd92d29d7d9f5ab09b51b10dded508fb90bb70b9222"
+checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da"
 dependencies = [
 "bitflags 2.11.0",
 "cfg-if",
@@ -3982,9 +3968,9 @@ dependencies = [

 [[package]]
 name = "openssl-sys"
-version = "0.9.114"
+version = "0.9.107"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6"
+checksum = "8288979acd84749c744a9014b4382d42b8f7b2592847b5afb2ed29e5d16ede07"
 dependencies = [
 "cc",
 "libc",
@@ -4214,7 +4200,7 @@ dependencies = [
 "p256",
 "p384",
 "p521",
- "rand 0.8.6",
+ "rand 0.8.5",
 "regex",
 "replace_with",
 "ripemd",
@@ -4243,18 +4229,18 @@ dependencies = [

 [[package]]
 name = "pin-project"
-version = "1.1.11"
+version = "1.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517"
+checksum = "677f1add503faace112b9f1373e43e9e054bfdd22ff1a63c1bc485eaec6a6a8a"
 dependencies = [
 "pin-project-internal",
 ]

 [[package]]
 name = "pin-project-internal"
-version = "1.1.11"
+version = "1.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
+checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -4420,7 +4406,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
 dependencies = [
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "opaque-debug",
 "universal-hash",
 ]
@@ -4432,7 +4418,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "opaque-debug",
 "universal-hash",
 ]
@@ -4461,7 +4447,7 @@ dependencies = [
 "nested_enum_utils",
 "netwatch",
 "num_enum",
- "rand 0.8.6",
+ "rand 0.8.5",
 "serde",
 "smallvec",
 "snafu",
@@ -4623,13 +4609,13 @@ dependencies = [

 [[package]]
 name = "proptest"
-version = "1.11.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
+checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
 dependencies = [
 "bitflags 2.11.0",
 "num-traits",
- "rand 0.9.4",
+ "rand 0.9.2",
 "rand_chacha 0.9.0",
 "rand_xorshift",
 "regex-syntax",
@@ -4709,7 +4695,7 @@ dependencies = [
 "bytes",
 "getrandom 0.3.3",
 "lru-slab",
- "rand 0.9.4",
+ "rand 0.9.2",
 "ring",
 "rustc-hash",
 "rustls",
@@ -4737,9 +4723,9 @@ dependencies = [

 [[package]]
 name = "quote"
-version = "1.0.45"
+version = "1.0.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
+checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4"
 dependencies = [
 "proc-macro2",
 ]
@@ -4784,9 +4770,9 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.8.6"
+version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
 "libc",
 "rand_chacha 0.3.1",
@@ -4795,9 +4781,9 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.9.4"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
 "rand_chacha 0.9.0",
 "rand_core 0.9.3",
@@ -5164,15 +5150,15 @@ dependencies = [

 [[package]]
 name = "rustls"
-version = "0.23.37"
+version = "0.23.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4"
+checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395"
 dependencies = [
 "log",
 "once_cell",
 "ring",
 "rustls-pki-types",
- "rustls-webpki 0.103.13",
+ "rustls-webpki",
 "subtle",
 "zeroize",
 ]
@@ -5207,17 +5193,6 @@ dependencies = [
 "untrusted",
 ]

-[[package]]
-name = "rustls-webpki"
-version = "0.103.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
-dependencies = [
- "ring",
- "rustls-pki-types",
- "untrusted",
-]
-
 [[package]]
 name = "rustversion"
 version = "1.0.14"
@@ -5326,11 +5301,11 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

 [[package]]
 name = "sdp"
-version = "0.17.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22c3b0257608d7de4de4c4ea650ccc2e6e3e45e3cd80039fcdee768bcb449253"
+checksum = "32c374dceda16965d541c8800ce9cc4e1c14acfd661ddf7952feeedc3411e5c6"
 dependencies = [
- "rand 0.9.4",
+ "rand 0.9.2",
 "substring",
 "thiserror 1.0.69",
 "url",
@@ -5516,7 +5491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f5058ada175748e33390e40e872bd0fe59a19f265d0158daa551c5a88a76009c"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5527,7 +5502,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5555,7 +5530,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
 "cfg-if",
- "cpufeatures 0.2.17",
+ "cpufeatures",
 "digest",
 ]

@@ -5589,7 +5564,7 @@ dependencies = [
 "once_cell",
 "percent-encoding",
 "pin-project",
- "rand 0.9.4",
+ "rand 0.9.2",
 "sendfd",
 "serde",
 "serde_json",
@@ -5619,7 +5594,7 @@ dependencies = [
 "chacha20poly1305",
 "hkdf",
 "md-5",
- "rand 0.9.4",
+ "rand 0.9.2",
 "ring-compat",
 "sha1",
 ]
@@ -5733,12 +5708,12 @@ dependencies = [

 [[package]]
 name = "socket2"
-version = "0.6.3"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
+checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807"
 dependencies = [
 "libc",
- "windows-sys 0.61.1",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -5851,7 +5826,7 @@ dependencies = [
 "precis-core",
 "precis-profiles",
 "quoted-string-parser",
- "rand 0.9.4",
+ "rand 0.9.2",
 ]

 [[package]]
@@ -5878,7 +5853,7 @@ dependencies = [
 "hex",
 "parking_lot",
 "pnet_packet",
- "rand 0.8.6",
+ "rand 0.8.5",
 "socket2 0.5.9",
 "thiserror 1.0.69",
 "tokio",
@@ -5996,9 +5971,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"

 [[package]]
 name = "tempfile"
-version = "3.27.0"
+version = "3.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
+checksum = "82a72c767771b47409d2345987fda8628641887d5466101319899796367354a0"
 dependencies = [
 "fastrand",
 "getrandom 0.3.3",
@@ -6152,9 +6127,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.52.1"
+version = "1.49.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6"
+checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86"
 dependencies = [
 "bytes",
 "libc",
@@ -6162,7 +6137,7 @@ dependencies = [
 "parking_lot",
 "pin-project-lite",
 "signal-hook-registry",
- "socket2 0.6.3",
+ "socket2 0.6.0",
 "tokio-macros",
 "windows-sys 0.61.1",
 ]
@@ -6179,9 +6154,9 @@ dependencies = [

 [[package]]
 name = "tokio-macros"
-version = "2.7.0"
+version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
+checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -6190,9 +6165,9 @@ dependencies = [

 [[package]]
 name = "tokio-rustls"
-version = "0.26.4"
+version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
+checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b"
 dependencies = [
 "rustls",
 "tokio",
@@ -6255,7 +6230,7 @@ dependencies = [
 "getrandom 0.3.3",
 "http 1.1.0",
 "httparse",
- "rand 0.9.4",
+ "rand 0.9.2",
 "ring",
 "rustls-pki-types",
 "simdutf8",
@@ -6411,9 +6386,9 @@ dependencies = [

 [[package]]
 name = "tracing-subscriber"
-version = "0.3.23"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
+checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
 dependencies = [
 "matchers",
 "nu-ansi-term",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "deltachat"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 edition = "2024"
 license = "MPL-2.0"
-rust-version = "1.89"
+rust-version = "1.88"
 repository = "https://github.com/chatmail/core"

 [profile.dev]
@@ -53,7 +53,7 @@ blake3 = "1.8.2"
 brotli = { version = "8", default-features=false, features = ["std"] }
 bytes = "1"
 chrono = { workspace = true, features = ["alloc", "clock", "std"] }
-colorutils-rs = { version = "0.8.0", default-features = false }
+colorutils-rs = { version = "0.7.5", default-features = false }
 data-encoding = "2.9.0"
 escaper = "0.1"
 fast-socks5 = "1"
@@ -86,8 +86,9 @@ rand-old = { package = "rand", version = "0.8" }
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
+rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.17.1"
+sdp = "0.10.0"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -103,7 +104,7 @@ thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-astral-tokio-tar = { version = "0.6.1", default-features = false }
+astral-tokio-tar = { version = "0.5.6", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"
@@ -181,7 +182,7 @@ harness = false
 anyhow = "1"
 async-channel = "2.5.0"
 base64 = "0.22"
-chrono = { version = "0.4.44", default-features = false }
+chrono = { version = "0.4.43", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
@@ -198,7 +199,7 @@ rusqlite = "0.37"
 sanitize-filename = "0.6"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.27.0"
+tempfile = "3.25.0"
 thiserror = "2"
 tokio = "1"
 tokio-util = "0.7.18"
--- a/STYLE.md
+++ b/STYLE.md
@@ -68,12 +68,6 @@ keyword doesn't help here.
 Consider adding context to `anyhow` errors for SQL statements using `.context()` so that it's
 possible to understand from logs which statement failed. See [Errors](#errors) for more info.

-When changing complex SQL queries, test them on a new database with `EXPLAIN QUERY PLAN`
-to make sure that indexes are used and large tables are not going to be scanned.
-Never run `ANALYZE` on the databases,
-this makes query planner unpredictable
-and may make performance significantly worse: <https://github.com/chatmail/core/issues/6585>
-
 ## Errors

 Delta Chat core mostly uses [`anyhow`](https://docs.rs/anyhow/) errors.
@@ -161,16 +155,3 @@ are documented.

 Follow Rust guidelines for the documentation comments:
 <https://rust-lang.github.io/rfcs/1574-more-api-documentation-conventions.html#summary-sentence>
-
-## Do not use `into()`, `try_into()` or `parse()`
-
-For internal types, implementing `From`, `TryFrom` or `FromStr` is discouraged.
-Instead, a `new()` function is recommended.
-
-For external types, prefer using `Type::from()`, `Type::try_from()` or `Type::from_str()`
-over `into()`, `try_into()` or `parse()`.
-
-Calling `into()`, `try_into()` or `parse()`
-creates an indirection,
-which is hard to follow for people who are not familiar with Rust,
-or who are not using rust-analyzer.
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -364,14 +364,18 @@ uint32_t        dc_get_id                    (dc_context_t* context);
 * To get these events, you have to create an event emitter using this function
 * and call dc_get_next_event() on the emitter.
 *
- * Events are broadcasted to all existing event emitters.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
- *
 * @memberof dc_context_t
 * @param context The context object as created by dc_context_new().
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
+ *
+ * Note: Use only one event emitter per context.
+ * The result of having multiple event emitters is unspecified.
+ * Currently events are broadcasted to all existing event emitters,
+ * but previous versions delivered events to only one event emitter
+ * and this behavior may change again in the future.
+ * Events emitted before creation of event emitter
+ * may or may not be available to event emitter.
 */
 dc_event_emitter_t* dc_get_event_emitter(dc_context_t* context);

@@ -390,9 +394,27 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 /**
 * Configure the context. The configuration is handled by key=value pairs as:
 *
- * - `configured_addr` = Email address in use.
+ * - `addr`         = Email address to use for configuration.
+ *                    If dc_configure() fails this is not the email address actually in use.
+ *                    Use `configured_addr` to find out the email address actually in use.
+ * - `configured_addr` = Email address actually in use.
 *                    Unless for testing, do not set this value using dc_set_config().
 *                    Instead, set `addr` and call dc_configure().
+ * - `mail_server`  = IMAP-server, guessed if left out
+ * - `mail_user`    = IMAP-username, guessed if left out
+ * - `mail_pw`      = IMAP-password (always needed)
+ * - `mail_port`    = IMAP-port, guessed if left out
+ * - `mail_security`= IMAP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
+ * - `send_server`  = SMTP-server, guessed if left out
+ * - `send_user`    = SMTP-user, guessed if left out
+ * - `send_pw`      = SMTP-password, guessed if left out
+ * - `send_port`    = SMTP-port, guessed if left out
+ * - `send_security`= SMTP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
+ * - `server_flags` = IMAP-/SMTP-flags as a combination of @ref DC_LP flags, guessed if left out
+ * - `proxy_enabled` = Proxy enabled. Disabled by default.
+ * - `proxy_url` = Proxy URL. May contain multiple URLs separated by newline, but only the first one is used.
+ * - `imap_certificate_checks` = how to check IMAP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
+ * - `smtp_certificate_checks` = deprecated option, should be set to the same value as `imap_certificate_checks` but ignored by the new core
 * - `displayname`  = Own name to use when sending messages. MUAs are allowed to spread this way e.g. using CC, defaults to empty
 * - `selfstatus`   = Own status to display, e.g. in e-mail footers, defaults to empty
 * - `selfavatar`   = File containing avatar. Will immediately be copied to the 
@@ -408,6 +430,20 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                    1=send a copy of outgoing messages to self (default).
 *                    Sending messages to self is needed for a proper multi-account setup,
 *                    however, on the other hand, may lead to unwanted notifications in non-delta clients.
+ * - `mvbox_move`   = 1=detect chat messages,
+ *                    move them to the `DeltaChat` folder,
+ *                    and watch the `DeltaChat` folder for updates (default),
+ *                    0=do not move chat-messages
+ * - `only_fetch_mvbox` = 1=Do not fetch messages from folders other than the
+ *                    `DeltaChat` folder. Messages will still be fetched from the
+ *                    spam folder.
+ *                    0=watch all folders normally (default)
+ * - `show_emails`  = DC_SHOW_EMAILS_OFF (0)=
+ *                    show direct replies to chats only,
+ *                    DC_SHOW_EMAILS_ACCEPTED_CONTACTS (1)=
+ *                    also show all mails of confirmed contacts,
+ *                    DC_SHOW_EMAILS_ALL (2)=
+ *                    also show mails of unconfirmed contacts (default).
 * - `delete_device_after` = 0=do not delete messages from device automatically (default),
 *                    >=1=seconds, after which messages are deleted automatically from the device.
 *                    Messages in the "saved messages" chat (see dc_chat_is_self_talk()) are skipped.
@@ -416,7 +452,8 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 * - `delete_server_after` = 0=do not delete messages from server automatically (default),
 *                    1=delete messages directly after receiving from server, mvbox is skipped.
 *                    >1=seconds, after which messages are deleted automatically from the server, mvbox is used as defined.
- *                    "Saved messages" are deleted from the server as well as emails, the UI should clearly point that out.
+ *                    "Saved messages" are deleted from the server as well as
+ *                    e-mails matching the `show_emails` settings above, the UI should clearly point that out.
 *                    See also dc_estimate_deletion_cnt().
 * - `media_quality` = DC_MEDIA_QUALITY_BALANCED (0) =
 *                    good outgoing images/videos/voice quality at reasonable sizes (default)
@@ -488,27 +525,6 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                       1 = Contacts (default, does not include contact requests),
 *                       2 = Nobody (calls never result in a notification).
 *
- * Also, there are configs that are only needed
- * if you want to use the deprecated dc_configure() API, such as:
- *
- * - `addr`         = Email address to use for configuration.
- *                    If dc_configure() fails this is not the email address actually in use.
- *                    Use `configured_addr` to find out the email address actually in use.
- * - `mail_server`  = IMAP-server, guessed if left out
- * - `mail_user`    = IMAP-username, guessed if left out
- * - `mail_pw`      = IMAP-password (always needed)
- * - `mail_port`    = IMAP-port, guessed if left out
- * - `mail_security`= IMAP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
- * - `send_server`  = SMTP-server, guessed if left out
- * - `send_user`    = SMTP-user, guessed if left out
- * - `send_pw`      = SMTP-password, guessed if left out
- * - `send_port`    = SMTP-port, guessed if left out
- * - `send_security`= SMTP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
- * - `server_flags` = IMAP-/SMTP-flags as a combination of @ref DC_LP flags, guessed if left out
- * - `proxy_enabled` = Proxy enabled. Disabled by default.
- * - `proxy_url` = Proxy URL. May contain multiple URLs separated by newline, but only the first one is used.
- * - `imap_certificate_checks` = how to check IMAP and SMTP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
-
 * If you want to retrieve a value, use dc_get_config().
 *
 * @memberof dc_context_t
@@ -534,6 +550,9 @@ int             dc_set_config                (dc_context_t* context, const char*
 *                    an error (no warning as it should be shown to the user) is logged but the attachment is sent anyway.
 * - `sys.config_keys` = get a space-separated list of all config-keys available.
 *                    The config-keys are the keys that can be passed to the parameter `key` of this function.
+ * - `quota_exceeding` = 0: quota is unknown or in normal range;
+ *                    >=80: quota is about to exceed, the value is the concrete percentage,
+ *                    a device message is added when that happens, however, that value may still be interesting for bots.
 *
 * @memberof dc_context_t
 * @param context The context object. For querying system values, this can be NULL.
@@ -692,12 +711,6 @@ int              dc_get_push_state           (dc_context_t* context);

 /**
 * Configure a context.
- *
- * This way of configuring a context is deprecated,
- * and does not allow to configure multiple transports.
- * If you can, use the JSON-RPC API (../deltachat-jsonrpc/src/api.rs)
- * `add_or_update_transport()`/`addOrUpdateTransport()` instead.
- *
 * During configuration IO must not be started,
 * if needed stop IO using dc_accounts_stop_io() or dc_stop_io() first.
 * If the context is already configured,
@@ -1387,6 +1400,7 @@ dc_msg_t*       dc_get_draft                 (dc_context_t* context, uint32_t ch


 #define         DC_GCM_ADDDAYMARKER          0x01
+#define         DC_GCM_INFO_ONLY             0x02


 /**
@@ -1407,6 +1421,7 @@ dc_msg_t*       dc_get_draft                 (dc_context_t* context, uint32_t ch
 * @param flags If set to DC_GCM_ADDDAYMARKER, the marker DC_MSG_ID_DAYMARKER will
 *     be added before each day (regarding the local timezone). Set this to 0 if you do not want this behaviour.
 *     The day marker timestamp is the midnight one for the corresponding (following) day in the local timezone.
+ *     If set to DC_GCM_INFO_ONLY, only system messages will be returned, can be combined with DC_GCM_ADDDAYMARKER.
 * @param marker1before Deprecated, set this to 0.
 * @return Array of message IDs, must be dc_array_unref()'d when no longer used.
 */
@@ -1470,6 +1485,7 @@ dc_chatlist_t*     dc_get_similar_chatlist   (dc_context_t* context, uint32_t ch
 * @param from_server 1=Estimate deletion count for server, 0=Estimate deletion count for device
 * @param seconds Count messages older than the given number of seconds.
 * @return Number of messages that are older than the given number of seconds.
+ *     This includes e-mails downloaded due to the `show_emails` option.
 *     Messages in the "saved messages" folder are not counted as they will not be deleted automatically.
 */
 int             dc_estimate_deletion_cnt    (dc_context_t* context, int from_server, int64_t seconds);
@@ -1553,7 +1569,7 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
 * (read receipts aren't sent for noticed messages).
 *
 * Calling this function usually results in the event #DC_EVENT_MSGS_NOTICED.
- * See also dc_markseen_msgs() and dc_markfresh_chat().
+ * See also dc_markseen_msgs().
 *
 * @memberof dc_context_t
 * @param context The context object as returned from dc_context_new().
@@ -1562,29 +1578,6 @@ dc_array_t*     dc_wait_next_msgs            (dc_context_t* context);
 void            dc_marknoticed_chat          (dc_context_t* context, uint32_t chat_id);


-/**
- * Mark the last incoming message in chat as _fresh_.
- *
- * UI can use this to offer a "mark unread" option,
- * so that already noticed chats (see dc_marknoticed_chat()) get a badge counter again.
- *
- * dc_get_fresh_msg_cnt() and dc_get_fresh_msgs() usually is increased by one afterwards.
- *
- * #DC_EVENT_MSGS_CHANGED is fired as usual,
- * however, #DC_EVENT_INCOMING_MSG is _not_ fired again.
- * This is to not add complexity to incoming messages code,
- * e.g. UI usually does not add notifications for manually unread chats.
- * If the UI wants to update system badge counters,
- * they should do so directly after calling dc_markfresh_chat().
- *
- * @memberof dc_context_t
- * @param context The context object as returned from dc_context_new().
- * @param chat_id The chat ID of which the last incoming message should be marked as fresh.
- *     If the chat does not have incoming messages, nothing happens.
- */
-void            dc_markfresh_chat            (dc_context_t* context, uint32_t chat_id);
-
-
 /**
 * Returns all message IDs of the given types in a given chat or any chat.
 * Typically used to show a gallery.
@@ -2478,6 +2471,76 @@ void            dc_imex                      (dc_context_t* context, int what, c
 char*           dc_imex_has_backup           (dc_context_t* context, const char* dir);


+/**
+ * Initiate Autocrypt Setup Transfer.
+ * Before starting the setup transfer with this function, the user should be asked:
+ *
+ * ~~~
+ * "An 'Autocrypt Setup Message' securely shares your end-to-end setup with other Autocrypt-compliant apps.
+ * The setup will be encrypted by a setup code which is displayed here and must be typed on the other device.
+ * ~~~
+ *
+ * After that, this function should be called to send the Autocrypt Setup Message.
+ * The function creates the setup message and adds it to outgoing message queue.
+ * The message is sent asynchronously.
+ *
+ * The required setup code is returned in the following format:
+ *
+ * ~~~
+ * 1234-1234-1234-1234-1234-1234-1234-1234-1234
+ * ~~~
+ *
+ * The setup code should be shown to the user then:
+ *
+ * ~~~
+ * "Your key has been sent to yourself. Switch to the other device and
+ * open the setup message. You should be prompted for a setup code. Type
+ * the following digits into the prompt:
+ *
+ * 1234 - 1234 - 1234 -
+ * 1234 - 1234 - 1234 -
+ * 1234 - 1234 - 1234
+ *
+ * Once you're done, your other device will be ready to use Autocrypt."
+ * ~~~
+ *
+ * On the _other device_ you will call dc_continue_key_transfer() then
+ * for setup messages identified by dc_msg_is_setupmessage().
+ *
+ * For more details about the Autocrypt setup process, please refer to
+ * https://autocrypt.org/en/latest/level1.html#autocrypt-setup-message
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @return The setup code. Must be released using dc_str_unref() after usage.
+ *     On errors, e.g. if the message could not be sent, NULL is returned.
+ */
+char*           dc_initiate_key_transfer     (dc_context_t* context);
+
+
+/**
+ * Continue the Autocrypt Key Transfer on another device.
+ *
+ * If you have started the key transfer on another device using dc_initiate_key_transfer()
+ * and you've detected a setup message with dc_msg_is_setupmessage(), you should prompt the
+ * user for the setup code and call this function then.
+ *
+ * You can use dc_msg_get_setupcodebegin() to give the user a hint about the code (useful if the user
+ * has created several messages and should not enter the wrong code).
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @param msg_id The ID of the setup message to decrypt.
+ * @param setup_code The setup code entered by the user. This is the same setup code as returned from
+ *     dc_initiate_key_transfer() on the other device.
+ *     There is no need to format the string correctly, the function will remove all spaces and other characters and
+ *     insert the `-` characters at the correct places.
+ * @return 1=key successfully decrypted and imported; both devices will use the same key now;
+ *     0=key transfer failed e.g. due to a bad setup code.
+ */
+int             dc_continue_key_transfer     (dc_context_t* context, uint32_t msg_id, const char* setup_code);
+
+
 /**
 * Signal an ongoing process to stop.
 *
@@ -2815,6 +2878,19 @@ int         dc_set_location                 (dc_context_t* context, double latit
 dc_array_t* dc_get_locations                (dc_context_t* context, uint32_t chat_id, uint32_t contact_id, int64_t timestamp_begin, int64_t timestamp_end);


+/**
+ * Delete all locations on the current device.
+ * Locations already sent cannot be deleted.
+ *
+ * Typically results in the event #DC_EVENT_LOCATION_CHANGED
+ * with contact_id set to 0.
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ */
+void        dc_delete_all_locations         (dc_context_t* context);
+
+
 // misc

 /**
@@ -3294,14 +3370,18 @@ void           dc_accounts_set_push_device_token (dc_accounts_t* accounts, const
 * This is similar to dc_get_event_emitter(), which, however,
 * must not be called for accounts handled by the account manager.
 *
- * Events are broadcasted to all existing event emitters.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
- *
 * @memberof dc_accounts_t
 * @param accounts The account manager as created by dc_accounts_new().
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
+ *
+ * Note: Use only one event emitter per account manager.
+ * The result of having multiple event emitters is unspecified.
+ * Currently events are broadcasted to all existing event emitters,
+ * but previous versions delivered events to only one event emitter
+ * and this behavior may change again in the future.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
 */
 dc_event_emitter_t* dc_accounts_get_event_emitter (dc_accounts_t* accounts);

@@ -4217,8 +4297,6 @@ char*             dc_msg_get_webxdc_blob      (const dc_msg_t* msg, const char*
 *   true if the Webxdc should get internet access;
 *   this is the case i.e. for experimental maps integration.
 * - self_addr: address to be used for `window.webxdc.selfAddr` in JS land.
- * - is_app_sender: Define if the local user is the one who initially shared the webxdc application in the chat.
- * - is_broadcast: Define if the app runs in a broadcasting context.
 * - send_update_interval: Milliseconds to wait before calling `sendUpdate()` again since the last call.
 *   Should be exposed to `webxdc.sendUpdateInterval` in JS land.
 * - send_update_max_size: Maximum number of bytes accepted for a serialized update object.
@@ -4581,10 +4659,7 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 #define         DC_INFO_GROUP_IMAGE_CHANGED        3
 #define         DC_INFO_MEMBER_ADDED_TO_GROUP      4
 #define         DC_INFO_MEMBER_REMOVED_FROM_GROUP  5
-
-// Deprecated as of 2026-03-16, not used for new messages.
 #define         DC_INFO_AUTOCRYPT_SETUP_MESSAGE    6
-
 #define         DC_INFO_SECURE_JOIN_MESSAGE        7
 #define         DC_INFO_LOCATIONSTREAMING_ENABLED  8
 #define         DC_INFO_LOCATION_ONLY              9
@@ -4614,6 +4689,40 @@ uint32_t        dc_msg_get_info_contact_id    (const dc_msg_t* msg);
 char*           dc_msg_get_webxdc_href        (const dc_msg_t* msg);


+/**
+ * Check if the message is an Autocrypt Setup Message.
+ *
+ * Setup messages should be shown in an unique way e.g. using a different text color.
+ * On a click or another action, the user should be prompted for the setup code
+ * which is forwarded to dc_continue_key_transfer() then.
+ *
+ * Setup message are typically generated by dc_initiate_key_transfer() on another device.
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object.
+ * @return 1=message is a setup message, 0=no setup message.
+ *     For setup messages, dc_msg_get_viewtype() returns #DC_MSG_FILE.
+ */
+int             dc_msg_is_setupmessage        (const dc_msg_t* msg);
+
+
+/**
+ * Get the first characters of the setup code.
+ *
+ * Typically, this is used to pre-fill the first entry field of the setup code.
+ * If the user has several setup messages, he can be sure typing in the correct digits.
+ *
+ * To check, if a message is a setup message, use dc_msg_is_setupmessage().
+ * To decrypt a secret key from a setup message, use dc_continue_key_transfer().
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object.
+ * @return Typically the first two digits of the setup code or an empty string if unknown.
+ *     NULL is never returned. Must be released using dc_str_unref() when done.
+ */
+char*           dc_msg_get_setupcodebegin     (const dc_msg_t* msg);
+
+
 /**
 * Gets the error status of the message.
 * If there is no error associated with the message, NULL is returned.
@@ -4950,6 +5059,17 @@ uint32_t        dc_msg_get_original_msg_id    (const dc_msg_t* msg);
 */
 uint32_t        dc_msg_get_saved_msg_id     (const dc_msg_t* msg);

+
+/**
+ * Force the message to be sent in plain text.
+ *
+ * This API is for bots, there is no need to expose it in the UI.
+ *
+ * @memberof dc_msg_t
+ * @param msg The message object.
+ */
+void            dc_msg_force_plaintext        (dc_msg_t* msg);
+
 /**
 * @class dc_contact_t
 *
@@ -5787,7 +5907,7 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
 * These constants configure TLS certificate checks for IMAP and SMTP connections.
 *
 * These constants are set via dc_set_config()
- * using key "imap_certificate_checks".
+ * using keys "imap_certificate_checks" and "smtp_certificate_checks".
 *
 * @addtogroup DC_CERTCK
 * @{
@@ -5917,7 +6037,7 @@ char* dc_jsonrpc_blocking_call(dc_jsonrpc_instance_t* jsonrpc_instance, const ch
  * @memberof dc_event_channel_t
  * @return An event channel wrapper object (dc_event_channel_t).
  */
- dc_event_channel_t* dc_event_channel_new(void);
+ dc_event_channel_t* dc_event_channel_new();
 
 /**
  * Release/free the events channel structure.
@@ -5937,14 +6057,21 @@ void dc_event_channel_unref(dc_event_channel_t* event_channel);
 * To get these events, you have to create an event emitter using this function
 * and call dc_get_next_event() on the emitter.
 *
- * Events are broadcasted to all existing event emitters.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
+ * This is similar to dc_get_event_emitter(), which, however,
+ * must not be called for accounts handled by the account manager.
 * 
 * @memberof dc_event_channel_t
 * @param The event channel.
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
+ * 
+ * Note: Use only one event emitter per account manager / event channel.
+ * The result of having multiple event emitters is unspecified.
+ * Currently events are broadcasted to all existing event emitters,
+ * but previous versions delivered events to only one event emitter
+ * and this behavior may change again in the future.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
 */
 dc_event_emitter_t* dc_event_channel_get_event_emitter(dc_event_channel_t* event_channel);

@@ -6189,7 +6316,7 @@ void dc_event_unref(dc_event_t* event);
 * should not be disturbed by a dialog or so. Instead, use a bubble or so.
 *
 * However, for ongoing processes (e.g. dc_configure())
- * or for functions that are expected to fail
+ * or for functions that are expected to fail (e.g. dc_continue_key_transfer())
 * it might be better to delay showing these events until the function has really
 * failed (returned false). It should be sufficient to report only the _last_ error
 * in a message box then.
@@ -6400,7 +6527,8 @@ void dc_event_unref(dc_event_t* event);
 * Location of one or more contact has changed.
 *
 * @param data1 (int) contact_id of the contact for which the location has changed.
- *     If the locations of several contacts have been changed, this parameter is set to 0.
+ *     If the locations of several contacts have been changed,
+ *     e.g. after calling dc_delete_all_locations(), this parameter is set to 0.
 * @param data2 0
 */
 #define DC_EVENT_LOCATION_CHANGED         2035
@@ -6627,7 +6755,6 @@ void dc_event_unref(dc_event_t* event);
 * UI usually only takes action in case call UI was opened before, otherwise the event should be ignored.
 *
 * @param data1 (int) msg_id ID of the message referring to the call
- * @param data2 (int) 1 if the call was accepted from this device (process).
 */
 #define DC_EVENT_INCOMING_CALL_ACCEPTED                  2560

@@ -6656,8 +6783,8 @@ void dc_event_unref(dc_event_t* event);
 * UI should update the list.
 *
 * The event is emitted when the transports are modified on another device
- * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`,
- * `set_transport_unpublished` or `set_config(configured_addr)`.
+ * using the JSON-RPC calls `add_or_update_transport`, `add_transport_from_qr`, `delete_transport`
+ * or `set_config(configured_addr)`.
 */
 #define DC_EVENT_TRANSPORTS_MODIFIED           2600

@@ -6671,6 +6798,14 @@ void dc_event_unref(dc_event_t* event);
 #define DC_EVENT_DATA2_IS_STRING(e)  ((e)==DC_EVENT_CONFIGURE_PROGRESS || (e)==DC_EVENT_IMEX_FILE_WRITTEN || ((e)>=100 && (e)<=499))


+/*
+ * Values for dc_get|set_config("show_emails")
+ */
+#define DC_SHOW_EMAILS_OFF               0
+#define DC_SHOW_EMAILS_ACCEPTED_CONTACTS 1
+#define DC_SHOW_EMAILS_ALL               2
+
+
 /*
 * Values for dc_get|set_config("media_quality")
 */
@@ -7005,7 +7140,11 @@ void dc_event_unref(dc_event_t* event);
 /// Used in message summary text for notifications and chatlist.
 #define DC_STR_FORWARDED                  97

-/// @deprecated 2026-04-25
+/// "Quota exceeding, already %1$s%% used."
+///
+/// Used as device message text.
+///
+/// `%1$s` will be replaced by the percentage used
 #define DC_STR_QUOTA_EXCEEDING_MSG_BODY   98

 /// "Multi Device Synchronization"
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -60,6 +60,7 @@ use self::string::*;
 // - finally, this behaviour matches the old core-c API and UIs already depend on it

 const DC_GCM_ADDDAYMARKER: u32 = 0x01;
+const DC_GCM_INFO_ONLY: u32 = 0x02;

 // dc_context_t

@@ -305,17 +306,20 @@ pub unsafe extern "C" fn dc_set_stock_translation(
    let msg = to_string_lossy(stock_msg);
    let ctx = &*context;

-    match StockMessage::from_u32(stock_id)
-        .with_context(|| format!("Invalid stock message ID {stock_id}"))
-        .log_err(ctx)
-    {
-        Ok(id) => ctx
-            .set_stock_translation(id, msg)
-            .context("set_stock_translation failed")
+    block_on(async move {
+        match StockMessage::from_u32(stock_id)
+            .with_context(|| format!("Invalid stock message ID {stock_id}"))
            .log_err(ctx)
-            .is_ok() as libc::c_int,
-        Err(_) => 0,
-    }
+        {
+            Ok(id) => ctx
+                .set_stock_translation(id, msg)
+                .await
+                .context("set_stock_translation failed")
+                .log_err(ctx)
+                .is_ok() as libc::c_int,
+            Err(_) => 0,
+        }
+    })
 }

 #[no_mangle]
@@ -676,6 +680,7 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::ChatModified(_)
        | EventType::ChatDeleted { .. }
        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
+        | EventType::IncomingCallAccepted { .. }
        | EventType::OutgoingCallAccepted { .. }
        | EventType::CallEnded { .. }
        | EventType::EventChannelOverflow { .. }
@@ -698,9 +703,6 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        } => status_update_serial.to_u32() as libc::c_int,
        EventType::WebxdcRealtimeData { data, .. } => data.len() as libc::c_int,
        EventType::IncomingCall { has_video, .. } => *has_video as libc::c_int,
-        EventType::IncomingCallAccepted {
-            from_this_device, ..
-        } => *from_this_device as libc::c_int,

        #[allow(unreachable_patterns)]
        #[cfg(test)]
@@ -1337,13 +1339,17 @@ pub unsafe extern "C" fn dc_get_chat_msgs(
    }
    let ctx = &*context;

+    let info_only = (flags & DC_GCM_INFO_ONLY) != 0;
    let add_daymarker = (flags & DC_GCM_ADDDAYMARKER) != 0;
    block_on(async move {
        Box::into_raw(Box::new(
            chat::get_chat_msgs_ex(
                ctx,
                ChatId::new(chat_id),
-                MessageListOptions { add_daymarker },
+                MessageListOptions {
+                    info_only,
+                    add_daymarker,
+                },
            )
            .await
            .unwrap_or_log_default(ctx, "failed to get chat msgs")
@@ -1515,23 +1521,6 @@ pub unsafe extern "C" fn dc_marknoticed_chat(context: *mut dc_context_t, chat_id
    })
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_markfresh_chat(context: *mut dc_context_t, chat_id: u32) {
-    if context.is_null() {
-        eprintln!("ignoring careless call to dc_markfresh_chat()");
-        return;
-    }
-    let ctx = &*context;
-
-    block_on(async move {
-        chat::markfresh_chat(ctx, ChatId::new(chat_id))
-            .await
-            .context("Failed markfresh chat")
-            .log_err(ctx)
-            .unwrap_or(())
-    })
-}
-
 fn from_prim<S, T>(s: S) -> Option<T>
 where
    T: FromPrimitive,
@@ -2438,6 +2427,45 @@ pub unsafe extern "C" fn dc_imex_has_backup(
    }
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_initiate_key_transfer(context: *mut dc_context_t) -> *mut libc::c_char {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_initiate_key_transfer()");
+        return ptr::null_mut(); // NULL explicitly defined as "error"
+    }
+    let ctx = &*context;
+
+    match block_on(imex::initiate_key_transfer(ctx))
+        .context("dc_initiate_key_transfer()")
+        .log_err(ctx)
+    {
+        Ok(res) => res.strdup(),
+        Err(_) => ptr::null_mut(),
+    }
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_continue_key_transfer(
+    context: *mut dc_context_t,
+    msg_id: u32,
+    setup_code: *const libc::c_char,
+) -> libc::c_int {
+    if context.is_null() || msg_id <= constants::DC_MSG_ID_LAST_SPECIAL || setup_code.is_null() {
+        eprintln!("ignoring careless call to dc_continue_key_transfer()");
+        return 0;
+    }
+    let ctx = &*context;
+
+    block_on(imex::continue_key_transfer(
+        ctx,
+        MsgId::new(msg_id),
+        &to_string_lossy(setup_code),
+    ))
+    .context("dc_continue_key_transfer")
+    .log_err(ctx)
+    .is_ok() as libc::c_int
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_stop_ongoing_process(context: *mut dc_context_t) {
    if context.is_null() {
@@ -2541,7 +2569,7 @@ pub unsafe extern "C" fn dc_send_locations_to_chat(
    }
    let ctx = &*context;

-    block_on(location::send_to_chat(
+    block_on(location::send_locations_to_chat(
        ctx,
        ChatId::new(chat_id),
        seconds as i64,
@@ -2561,14 +2589,14 @@ pub unsafe extern "C" fn dc_is_sending_locations_to_chat(
        return 0;
    }
    let ctx = &*context;
-    if chat_id == 0 {
-        block_on(location::is_sending(ctx))
-            .unwrap_or_log_default(ctx, "Failed is_sending_locations()") as libc::c_int
+    let chat_id = if chat_id == 0 {
+        None
    } else {
-        block_on(location::is_sending_to_chat(ctx, ChatId::new(chat_id)))
-            .unwrap_or_log_default(ctx, "Failed is_sending_locations_to_chat()")
-            as libc::c_int
-    }
+        Some(ChatId::new(chat_id))
+    };
+
+    block_on(location::is_sending_locations_to_chat(ctx, chat_id))
+        .unwrap_or_log_default(ctx, "Failed dc_is_sending_locations_to_chat()") as libc::c_int
 }

 #[no_mangle]
@@ -2584,9 +2612,12 @@ pub unsafe extern "C" fn dc_set_location(
    }
    let ctx = &*context;

-    block_on(location::set(ctx, latitude, longitude, accuracy))
-        .log_err(ctx)
-        .unwrap_or_default() as libc::c_int
+    block_on(async move {
+        location::set(ctx, latitude, longitude, accuracy)
+            .await
+            .log_err(ctx)
+            .unwrap_or_default()
+    }) as libc::c_int
 }

 #[no_mangle]
@@ -2621,6 +2652,23 @@ pub unsafe extern "C" fn dc_get_locations(
    })
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_delete_all_locations(context: *mut dc_context_t) {
+    if context.is_null() {
+        eprintln!("ignoring careless call to dc_delete_all_locations()");
+        return;
+    }
+    let ctx = &*context;
+
+    block_on(async move {
+        location::delete_all(ctx)
+            .await
+            .context("Failed to delete locations")
+            .log_err(ctx)
+            .ok()
+    });
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_create_qr_svg(payload: *const libc::c_char) -> *mut libc::c_char {
    if payload.is_null() {
@@ -2801,7 +2849,7 @@ pub unsafe extern "C" fn dc_array_search_id(
 // Returns 1 if location belongs to the track of the user,
 // 0 if location was reported independently.
 #[no_mangle]
-pub unsafe extern "C" fn dc_array_is_independent(
+pub unsafe fn dc_array_is_independent(
    array: *const dc_array_t,
    index: libc::size_t,
 ) -> libc::c_int {
@@ -3740,6 +3788,16 @@ pub unsafe extern "C" fn dc_msg_get_webxdc_href(msg: *mut dc_msg_t) -> *mut libc
    ffi_msg.message.get_webxdc_href().strdup()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_is_setupmessage(msg: *mut dc_msg_t) -> libc::c_int {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_is_setupmessage()");
+        return 0;
+    }
+    let ffi_msg = &*msg;
+    ffi_msg.message.is_setupmessage().into()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    if msg.is_null() {
@@ -3750,6 +3808,20 @@ pub unsafe extern "C" fn dc_msg_has_html(msg: *mut dc_msg_t) -> libc::c_int {
    ffi_msg.message.has_html().into()
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_get_setupcodebegin(msg: *mut dc_msg_t) -> *mut libc::c_char {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_get_setupcodebegin()");
+        return "".strdup();
+    }
+    let ffi_msg = &*msg;
+    let ctx = &*ffi_msg.context;
+
+    block_on(ffi_msg.message.get_setupcodebegin(ctx))
+        .unwrap_or_default()
+        .strdup()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_msg_set_text(msg: *mut dc_msg_t, text: *const libc::c_char) {
    if msg.is_null() {
@@ -4029,6 +4101,16 @@ pub unsafe extern "C" fn dc_msg_get_saved_msg_id(msg: *const dc_msg_t) -> u32 {
    })
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_msg_force_plaintext(msg: *mut dc_msg_t) {
+    if msg.is_null() {
+        eprintln!("ignoring careless call to dc_msg_force_plaintext()");
+        return;
+    }
+    let ffi_msg = &mut *msg;
+    ffi_msg.message.force_plaintext();
+}
+
 // dc_contact_t

 /// FFI struct for [dc_contact_t]
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -11,8 +11,8 @@ use deltachat::blob::BlobObject;
 use deltachat::calls::ice_servers;
 use deltachat::chat::{
    self, add_contact_to_chat, forward_msgs, forward_msgs_2ctx, get_chat_media, get_chat_msgs,
-    get_chat_msgs_ex, markfresh_chat, marknoticed_all_chats, marknoticed_chat,
-    remove_contact_from_chat, Chat, ChatId, ChatItem, MessageListOptions,
+    get_chat_msgs_ex, marknoticed_all_chats, marknoticed_chat, remove_contact_from_chat, Chat,
+    ChatId, ChatItem, MessageListOptions,
 };
 use deltachat::chatlist::Chatlist;
 use deltachat::config::{get_all_ui_config_keys, Config};
@@ -68,7 +68,6 @@ use self::types::{
    },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
-use crate::api::types::login_param::TransportListEntry;
 use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};

 #[derive(Debug)]
@@ -473,7 +472,9 @@ impl CommandApi {
        let accounts = self.accounts.read().await;
        for (stock_id, stock_message) in strings {
            if let Some(stock_id) = StockMessage::from_u32(stock_id) {
-                accounts.set_stock_translation(stock_id, stock_message)?;
+                accounts
+                    .set_stock_translation(stock_id, stock_message)
+                    .await?;
            }
        }
        Ok(())
@@ -527,7 +528,6 @@ impl CommandApi {
    ///   from a server encoded in a QR code.
    /// - [Self::list_transports()] to get a list of all configured transports.
    /// - [Self::delete_transport()] to remove a transport.
-    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
    async fn add_or_update_transport(
        &self,
        account_id: u32,
@@ -553,23 +553,7 @@ impl CommandApi {
    /// Returns the list of all email accounts that are used as a transport in the current profile.
    /// Use [Self::add_or_update_transport()] to add or change a transport
    /// and [Self::delete_transport()] to delete a transport.
-    /// Use [Self::list_transports_ex()] to additionally query
-    /// whether the transports are marked as 'unpublished'.
    async fn list_transports(&self, account_id: u32) -> Result<Vec<EnteredLoginParam>> {
-        let ctx = self.get_context(account_id).await?;
-        let res = ctx
-            .list_transports()
-            .await?
-            .into_iter()
-            .map(|t| t.param.into())
-            .collect();
-        Ok(res)
-    }
-
-    /// Returns the list of all email accounts that are used as a transport in the current profile.
-    /// Use [Self::add_or_update_transport()] to add or change a transport
-    /// and [Self::delete_transport()] to delete a transport.
-    async fn list_transports_ex(&self, account_id: u32) -> Result<Vec<TransportListEntry>> {
        let ctx = self.get_context(account_id).await?;
        let res = ctx
            .list_transports()
@@ -587,26 +571,6 @@ impl CommandApi {
        ctx.delete_transport(&addr).await
    }

-    /// Change whether the transport is unpublished.
-    ///
-    /// Unpublished transports are not advertised to contacts,
-    /// and self-sent messages are not sent there,
-    /// so that we don't cause extra messages to the corresponding inbox,
-    /// but can still receive messages from contacts who don't know our new transport addresses yet.
-    ///
-    /// The default is false, but when the user updates from a version that didn't have this flag,
-    /// existing secondary transports are set to unpublished,
-    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
-    async fn set_transport_unpublished(
-        &self,
-        account_id: u32,
-        addr: String,
-        unpublished: bool,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        ctx.set_transport_unpublished(&addr, unpublished).await
-    }
-
    /// Signal an ongoing process to stop.
    async fn stop_ongoing_process(&self, account_id: u32) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
@@ -678,7 +642,7 @@ impl CommandApi {
        ChatId::new(chat_id).get_fresh_msg_cnt(&ctx).await
    }

-    /// (deprecated) Gets messages to be processed by the bot and returns their IDs.
+    /// Gets messages to be processed by the bot and returns their IDs.
    ///
    /// Only messages with database ID higher than `last_msg_id` config value
    /// are returned. After processing the messages, the bot should
@@ -686,13 +650,6 @@ impl CommandApi {
    /// or manually updating the value to avoid getting already
    /// processed messages.
    ///
-    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
-    /// even if it is not fully downloaded yet.
-    /// The bot needs to wait for the message to be fully downloaded.
-    /// Since this is usually not the desired behavior,
-    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`types::events::EventType::IncomingMsg`]
-    /// event for getting notified about new messages.
-    ///
    /// [`markseen_msgs`]: Self::markseen_msgs
    async fn get_next_msgs(&self, account_id: u32) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
@@ -705,7 +662,7 @@ impl CommandApi {
        Ok(msg_ids)
    }

-    /// (deprecated) Waits for messages to be processed by the bot and returns their IDs.
+    /// Waits for messages to be processed by the bot and returns their IDs.
    ///
    /// This function is similar to [`get_next_msgs`],
    /// but waits for internal new message notification before returning.
@@ -716,13 +673,6 @@ impl CommandApi {
    /// To shutdown the bot, stopping I/O can be used to interrupt
    /// pending or next `wait_next_msgs` call.
    ///
-    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
-    /// even if it is not fully downloaded yet.
-    /// The bot needs to wait for the message to be fully downloaded.
-    /// Since this is usually not the desired behavior,
-    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`types::events::EventType::IncomingMsg`]
-    /// event for getting notified about new messages.
-    ///
    /// [`get_next_msgs`]: Self::get_next_msgs
    async fn wait_next_msgs(&self, account_id: u32) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
@@ -749,6 +699,25 @@ impl CommandApi {
        message::estimate_deletion_cnt(&ctx, from_server, seconds).await
    }

+    // ---------------------------------------------
+    //  autocrypt
+    // ---------------------------------------------
+
+    async fn initiate_autocrypt_key_transfer(&self, account_id: u32) -> Result<String> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::initiate_key_transfer(&ctx).await
+    }
+
+    async fn continue_autocrypt_key_transfer(
+        &self,
+        account_id: u32,
+        message_id: u32,
+        setup_code: String,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        deltachat::imex::continue_key_transfer(&ctx, MsgId::new(message_id), &setup_code).await
+    }
+
    // ---------------------------------------------
    //   chat list
    // ---------------------------------------------
@@ -1263,15 +1232,6 @@ impl CommandApi {
        marknoticed_chat(&ctx, ChatId::new(chat_id)).await
    }

-    /// Marks the last incoming message in the chat as _fresh_.
-    ///
-    /// UI can use this to offer a "mark unread" option,
-    /// so that already noticed chats get a badge counter again.
-    async fn markfresh_chat(&self, account_id: u32, chat_id: u32) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        markfresh_chat(&ctx, ChatId::new(chat_id)).await
-    }
-
    /// Returns the message that is immediately followed by the last seen
    /// message.
    /// From the point of view of the user this is effectively
@@ -1366,22 +1326,8 @@ impl CommandApi {
        markseen_msgs(&ctx, msg_ids.into_iter().map(MsgId::new).collect()).await
    }

-    /// Get all message IDs belonging to a chat.
+    /// Returns all messages of a particular chat.
    ///
-    /// The list is already sorted and starts with the oldest message.
-    /// Clients should not try to re-sort the list as this would be an expensive action
-    /// and would result in inconsistencies between clients.
-    /// Note that the messages are not necessarily sorted by their ID or by their displayed timestamp;
-    /// UIs need to handle both the case of descending message IDs
-    /// and of decreasing timestamps.
-    ///
-    /// Optionally, 'daymarkers' added to the ID array may help to
-    /// implement virtual lists.
-    ///
-    /// Parameters:
-    ///
-    /// * chat_id The chat ID of which the messages IDs should be queried.
-    /// * _info_only: Deprecated, pass `false` here.
    /// * `add_daymarker` - If `true`, add day markers as `DC_MSG_ID_DAYMARKER` to the result,
    ///   e.g. [1234, 1237, 9, 1239]. The day marker timestamp is the midnight one for the
    ///   corresponding (following) day in the local timezone.
@@ -1389,14 +1335,17 @@ impl CommandApi {
        &self,
        account_id: u32,
        chat_id: u32,
-        _info_only: bool,
+        info_only: bool,
        add_daymarker: bool,
    ) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
        let msg = get_chat_msgs_ex(
            &ctx,
            ChatId::new(chat_id),
-            MessageListOptions { add_daymarker },
+            MessageListOptions {
+                info_only,
+                add_daymarker,
+            },
        )
        .await?;
        Ok(msg
@@ -1428,24 +1377,21 @@ impl CommandApi {
        }
    }

-    /// Get all messages belonging to a chat.
-    ///
-    /// Similar to `get_message_ids` / `getMessageIds`,
-    /// see that function for details.
-    /// The difference is that this function here returns a list of `MessageListItem`,
-    /// which is an enum of a message or a daymarker.
    async fn get_message_list_items(
        &self,
        account_id: u32,
        chat_id: u32,
-        _info_only: bool,
+        info_only: bool,
        add_daymarker: bool,
    ) -> Result<Vec<JsonrpcMessageListItem>> {
        let ctx = self.get_context(account_id).await?;
        let msg = get_chat_msgs_ex(
            &ctx,
            ChatId::new(chat_id),
-            MessageListOptions { add_daymarker },
+            MessageListOptions {
+                info_only,
+                add_daymarker,
+            },
        )
        .await?;
        Ok(msg
@@ -1882,6 +1828,20 @@ impl CommandApi {
        deltachat::contact::make_vcard(&ctx, &contacts).await
    }

+    /// Sets vCard containing the given contacts to the message draft.
+    async fn set_draft_vcard(
+        &self,
+        account_id: u32,
+        msg_id: u32,
+        contacts: Vec<u32>,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        let contacts: Vec<_> = contacts.iter().map(|&c| ContactId::new(c)).collect();
+        let mut msg = Message::load_from_db(&ctx, MsgId::new(msg_id)).await?;
+        msg.make_vcard(&ctx, &contacts).await?;
+        msg.get_chat_id().set_draft(&ctx, Some(&mut msg)).await
+    }
+
    // ---------------------------------------------
    //                   chat
    // ---------------------------------------------
@@ -2106,21 +2066,6 @@ impl CommandApi {
    //                  locations
    // ---------------------------------------------

-    /// Sets current location.
-    ///
-    /// Returns true if location streaming is currently
-    /// enabled and locations should be updated.
-    ///
-    /// Location is represented as latitude and longitude in degrees
-    /// and horizontal accuracy in meters.
-    async fn set_location(&self, latitude: f64, longitude: f64, accuracy: f64) -> Result<bool> {
-        self.accounts
-            .read()
-            .await
-            .set_location(latitude, longitude, accuracy)
-            .await
-    }
-
    async fn get_locations(
        &self,
        account_id: u32,
@@ -2143,39 +2088,6 @@ impl CommandApi {
        Ok(locations.into_iter().map(|l| l.into()).collect())
    }

-    /// Enables location streaming in chat identified by `chat_id` for `seconds` seconds.
-    ///
-    /// Pass 0 as the number of seconds to disable location streaming in the chat.
-    async fn send_locations_to_chat(
-        &self,
-        account_id: u32,
-        chat_id: u32,
-        seconds: i64,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        let chat_id = ChatId::new(chat_id);
-        location::send_to_chat(&ctx, chat_id, seconds).await?;
-        Ok(())
-    }
-
-    /// Returns whether any chat is sending locations.
-    async fn is_sending_locations(&self, account_id: u32) -> Result<bool> {
-        let ctx = self.get_context(account_id).await?;
-        location::is_sending(&ctx).await
-    }
-
-    /// Returns whether `chat_id` is sending locations.
-    async fn is_sending_locations_to_chat(&self, account_id: u32, chat_id: u32) -> Result<bool> {
-        let ctx = self.get_context(account_id).await?;
-        let chat_id = ChatId::new(chat_id);
-        location::is_sending_to_chat(&ctx, chat_id).await
-    }
-
-    /// Stops sending locations to all chats.
-    async fn stop_sending_locations(&self) -> Result<()> {
-        self.accounts.read().await.stop_sending_locations().await
-    }
-
    // ---------------------------------------------
    //                   webxdc
    // ---------------------------------------------
@@ -2407,7 +2319,6 @@ impl CommandApi {
        chat::resend_msgs(&ctx, &message_ids).await
    }

-    /// @deprecated as of 2026-04; use `send_msg` with `Viewtype::Sticker` instead.
    async fn send_sticker(
        &self,
        account_id: u32,
@@ -2419,16 +2330,19 @@ impl CommandApi {
        let mut msg = Message::new(Viewtype::Sticker);
        msg.set_file_and_deduplicate(&ctx, Path::new(&sticker_path), None, None)?;

+        // JSON-rpc does not need heuristics to turn [Viewtype::Sticker] into [Viewtype::Image]
+        msg.force_sticker();
+
        let message_id = deltachat::chat::send_msg(&ctx, ChatId::new(chat_id), &mut msg).await?;
        Ok(message_id.to_u32())
    }

-    /// Sends a reaction to message.
+    /// Send a reaction to message.
    ///
-    /// A reaction is a string that represents an emoji.
-    /// You can call this function again to change the emoji;
-    /// the last sent reaction overrides all previously sent reactions.
-    /// It is possible to remove the reaction by sending an empty string.
+    /// Reaction is a string of emojis separated by spaces. Reaction to a
+    /// single message can be sent multiple times. The last reaction
+    /// received overrides all previously received reactions. It is
+    /// possible to remove all reactions by sending an empty string.
    async fn send_reaction(
        &self,
        account_id: u32,
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -192,8 +192,7 @@ pub enum EventType {
        msg_id: u32,
    },

-    /// A single message is read by the receiver. State changed from DC_STATE_OUT_DELIVERED to
-    /// DC_STATE_OUT_MDN_RCVD, see `Message.state`.
+    /// A single message is read by a receiver.
    #[serde(rename_all = "camelCase")]
    MsgRead {
        /// ID of the chat which the message belongs to.
@@ -201,6 +200,12 @@ pub enum EventType {

        /// ID of the message that was read.
        msg_id: u32,
+
+        /// Read for the first time (e.g. by just one group member
+        /// / channel subscriber).
+        /// State changed from DC_STATE_OUT_DELIVERED to
+        /// DC_STATE_OUT_MDN_RCVD, see dc_msg_get_state().
+        first_time: bool,
    },

    /// A single message was deleted.
@@ -441,8 +446,6 @@ pub enum EventType {
        msg_id: u32,
        /// ID of the chat which the message belongs to.
        chat_id: u32,
-        /// The call was accepted from this device (process).
-        from_this_device: bool,
    },

    /// Outgoing call accepted.
@@ -542,9 +545,14 @@ impl From<CoreEventType> for EventType {
                chat_id: chat_id.to_u32(),
                msg_id: msg_id.to_u32(),
            },
-            CoreEventType::MsgRead { chat_id, msg_id } => MsgRead {
+            CoreEventType::MsgRead {
+                chat_id,
+                msg_id,
+                first_time,
+            } => MsgRead {
                chat_id: chat_id.to_u32(),
                msg_id: msg_id.to_u32(),
+                first_time,
            },
            CoreEventType::MsgDeleted { chat_id, msg_id } => MsgDeleted {
                chat_id: chat_id.to_u32(),
@@ -636,14 +644,9 @@ impl From<CoreEventType> for EventType {
                place_call_info,
                has_video,
            },
-            CoreEventType::IncomingCallAccepted {
-                msg_id,
-                chat_id,
-                from_this_device,
-            } => IncomingCallAccepted {
+            CoreEventType::IncomingCallAccepted { msg_id, chat_id } => IncomingCallAccepted {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
-                from_this_device,
            },
            CoreEventType::OutgoingCallAccepted {
                msg_id,
--- a/deltachat-jsonrpc/src/api/types/login_param.rs
+++ b/deltachat-jsonrpc/src/api/types/login_param.rs
@@ -4,16 +4,6 @@ use serde::Deserialize;
 use serde::Serialize;
 use yerpc::TypeDef;

-#[derive(Serialize, TypeDef, schemars::JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct TransportListEntry {
-    /// The login data entered by the user.
-    pub param: EnteredLoginParam,
-    /// Whether this transport is set to 'unpublished'.
-    /// See `set_transport_unpublished` / `setTransportUnpublished` for details.
-    pub is_unpublished: bool,
-}
-
 /// Login parameters entered by the user.
 ///
 /// Usually it will be enough to only set `addr` and `password`,
@@ -33,12 +23,6 @@ pub struct EnteredLoginParam {
    /// Imap server port.
    pub imap_port: Option<u16>,

-    /// IMAP server folder.
-    ///
-    /// Defaults to "INBOX" if not set.
-    /// Should not be an empty string.
-    pub imap_folder: Option<String>,
-
    /// Imap socket security.
    pub imap_security: Option<Socket>,

@@ -72,15 +56,6 @@ pub struct EnteredLoginParam {
    pub oauth2: Option<bool>,
 }

-impl From<dc::TransportListEntry> for TransportListEntry {
-    fn from(transport: dc::TransportListEntry) -> Self {
-        TransportListEntry {
-            param: transport.param.into(),
-            is_unpublished: transport.is_unpublished,
-        }
-    }
-}
-
 impl From<dc::EnteredLoginParam> for EnteredLoginParam {
    fn from(param: dc::EnteredLoginParam) -> Self {
        let imap_security: Socket = param.imap.security.into();
@@ -91,7 +66,6 @@ impl From<dc::EnteredLoginParam> for EnteredLoginParam {
            password: param.imap.password,
            imap_server: param.imap.server.into_option(),
            imap_port: param.imap.port.into_option(),
-            imap_folder: param.imap.folder.into_option(),
            imap_security: imap_security.into_option(),
            imap_user: param.imap.user.into_option(),
            smtp_server: param.smtp.server.into_option(),
@@ -111,15 +85,14 @@ impl TryFrom<EnteredLoginParam> for dc::EnteredLoginParam {
    fn try_from(param: EnteredLoginParam) -> Result<Self> {
        Ok(Self {
            addr: param.addr,
-            imap: dc::EnteredImapLoginParam {
+            imap: dc::EnteredServerLoginParam {
                server: param.imap_server.unwrap_or_default(),
                port: param.imap_port.unwrap_or_default(),
-                folder: param.imap_folder.unwrap_or_default(),
                security: param.imap_security.unwrap_or_default().into(),
                user: param.imap_user.unwrap_or_default(),
                password: param.password,
            },
-            smtp: dc::EnteredSmtpLoginParam {
+            smtp: dc::EnteredServerLoginParam {
                server: param.smtp_server.unwrap_or_default(),
                port: param.smtp_port.unwrap_or_default(),
                security: param.smtp_security.unwrap_or_default().into(),
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -68,6 +68,7 @@ pub struct MessageObject {
    /// if `show_padlock` is `false`,
    /// and nothing if it is `true`.
    show_padlock: bool,
+    is_setupmessage: bool,
    is_info: bool,
    is_forwarded: bool,

@@ -87,6 +88,8 @@ pub struct MessageObject {
    override_sender_name: Option<String>,
    sender: ContactObject,

+    setup_code_begin: Option<String>,
+
    file: Option<String>,
    file_mime: Option<String>,

@@ -223,6 +226,7 @@ impl MessageObject {

            subject: message.get_subject().to_owned(),
            show_padlock: message.get_showpadlock(),
+            is_setupmessage: message.is_setupmessage(),
            is_info: message.is_info(),
            is_forwarded: message.is_forwarded(),
            is_bot: message.is_bot(),
@@ -239,6 +243,8 @@ impl MessageObject {
            override_sender_name,
            sender,

+            setup_code_begin: message.get_setupcodebegin(context).await,
+
            file: match message.get_file(context) {
                Some(path_buf) => path_buf.to_str().map(|s| s.to_owned()),
                None => None,
@@ -287,6 +293,8 @@ pub enum MessageViewtype {
    Gif,

    /// Message containing a sticker, similar to image.
+    /// NB: When sending, the message viewtype may be changed to `Image` by some heuristics like
+    /// checking for transparent pixels. Use `Message::force_sticker()` to disable them.
    ///
    /// If possible, the ui should display the image without borders in a transparent way.
    /// A click on a sticker will offer to install the sticker set in some future.
--- a/deltachat-jsonrpc/src/api/types/qr.rs
+++ b/deltachat-jsonrpc/src/api/types/qr.rs
@@ -238,7 +238,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::AskVerifyContact {
                    contact_id,
                    fingerprint,
@@ -257,7 +257,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::AskVerifyGroup {
                    grpname,
                    grpid,
@@ -278,7 +278,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::AskJoinBroadcast {
                    name,
                    grpid,
@@ -321,7 +321,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::WithdrawVerifyContact {
                    contact_id,
                    fingerprint,
@@ -338,7 +338,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::WithdrawVerifyGroup {
                    grpname,
                    grpid,
@@ -357,7 +357,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::WithdrawJoinBroadcast {
                    name,
                    grpid,
@@ -374,7 +374,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::ReviveVerifyContact {
                    contact_id,
                    fingerprint,
@@ -391,7 +391,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::ReviveVerifyGroup {
                    grpname,
                    grpid,
@@ -410,7 +410,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.human_readable();
+                let fingerprint = fingerprint.to_string();
                QrObject::ReviveJoinBroadcast {
                    name,
                    grpid,
--- a/deltachat-jsonrpc/src/api/types/reactions.rs
+++ b/deltachat-jsonrpc/src/api/types/reactions.rs
@@ -24,8 +24,6 @@ pub struct JsonrpcReaction {
 #[serde(rename = "Reactions", rename_all = "camelCase")]
 pub struct JsonrpcReactions {
    /// Map from a contact to it's reaction to message.
-    /// There is only a single reaction per contact,
-    /// but this contains a list of reactions for historical reasons.
    reactions_by_contact: BTreeMap<u32, Vec<String>>,
    /// Unique reactions and their count, sorted in descending order.
    reactions: Vec<JsonrpcReaction>,
@@ -33,16 +31,27 @@ pub struct JsonrpcReactions {

 impl From<Reactions> for JsonrpcReactions {
    fn from(reactions: Reactions) -> Self {
-        let reactions_by_contact: BTreeMap<u32, Vec<String>> = reactions
-            .iter()
-            .map(|(key, value)| (key.to_u32(), vec![value.as_str().to_string()]))
-            .collect();
-        let self_reaction = reactions_by_contact.get(&ContactId::SELF.to_u32());
+        let mut reactions_by_contact: BTreeMap<u32, Vec<String>> = BTreeMap::new();
+
+        for contact_id in reactions.contacts() {
+            let reaction = reactions.get(contact_id);
+            if reaction.is_empty() {
+                continue;
+            }
+            let emojis: Vec<String> = reaction
+                .emojis()
+                .into_iter()
+                .map(|emoji| emoji.to_owned())
+                .collect();
+            reactions_by_contact.insert(contact_id.to_u32(), emojis.clone());
+        }
+
+        let self_reactions = reactions_by_contact.get(&ContactId::SELF.to_u32());

        let mut reactions_v = Vec::new();
        for (emoji, count) in reactions.emoji_sorted_by_frequency() {
-            let is_from_self = if let Some(self_reaction) = self_reaction {
-                self_reaction.contains(&emoji)
+            let is_from_self = if let Some(self_reactions) = self_reactions {
+                self_reactions.contains(&emoji)
            } else {
                false
            };
--- a/deltachat-jsonrpc/src/api/types/webxdc.rs
+++ b/deltachat-jsonrpc/src/api/types/webxdc.rs
@@ -37,10 +37,6 @@ pub struct WebxdcMessageInfo {
    internet_access: bool,
    /// Address to be used for `window.webxdc.selfAddr` in JS land.
    self_addr: String,
-    /// Define if the local user is the one who initially shared the webxdc application in the chat.
-    is_app_sender: bool,
-    /// Define if the app runs in a broadcasting context.
-    is_broadcast: bool,
    /// Milliseconds to wait before calling `sendUpdate()` again since the last call.
    /// Should be exposed to `window.sendUpdateInterval` in JS land.
    send_update_interval: usize,
@@ -64,8 +60,6 @@ impl WebxdcMessageInfo {
            request_integration: _,
            internet_access,
            self_addr,
-            is_app_sender,
-            is_broadcast,
            send_update_interval,
            send_update_max_size,
        } = message.get_webxdc_info(context).await?;
@@ -78,8 +72,6 @@ impl WebxdcMessageInfo {
            source_code_url: maybe_empty_string_to_option(source_code_url),
            internet_access,
            self_addr,
-            is_app_sender,
-            is_broadcast,
            send_update_interval,
            send_update_max_size,
        })
--- a/deltachat-jsonrpc/src/lib.rs
+++ b/deltachat-jsonrpc/src/lib.rs
@@ -85,7 +85,7 @@ mod tests {
            assert_eq!(result, response.to_owned());
        }
        {
-            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":""}]}"#;
+            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":"","smtp_certificate_checks":""}]}"#;
            let response = r#"{"jsonrpc":"2.0","id":2,"result":null}"#;
            session.handle_incoming(request).await;
            let result = receiver.recv().await?;
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.50.0-dev"
+  "version": "2.44.0-dev"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -302,6 +302,9 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            // TODO: reuse commands definition in main.rs.
            "imex" => println!(
                "====================Import/Export commands==\n\
+                 initiate-key-transfer\n\
+                 get-setupcodebegin <msg-id>\n\
+                 continue-key-transfer <msg-id> <setup-code>\n\
                 has-backup\n\
                 export-backup\n\
                 import-backup <backup-file>\n\
@@ -345,6 +348,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 chatinfo\n\
                 sendlocations <seconds>\n\
                 setlocation <lat> <lng>\n\
+                 dellocations\n\
                 getlocations [<contact-id>]\n\
                 send <text>\n\
                 send-sync <text>\n\
@@ -404,6 +408,34 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 ============================================="
            ),
        },
+        "initiate-key-transfer" => match initiate_key_transfer(&context).await {
+            Ok(setup_code) => {
+                println!("Setup code for the transferred setup message: {setup_code}",)
+            }
+            Err(err) => bail!("Failed to generate setup code: {err}"),
+        },
+        "get-setupcodebegin" => {
+            ensure!(!arg1.is_empty(), "Argument <msg-id> missing.");
+            let msg_id: MsgId = MsgId::new(arg1.parse()?);
+            let msg = Message::load_from_db(&context, msg_id).await?;
+            if msg.is_setupmessage() {
+                let setupcodebegin = msg.get_setupcodebegin(&context).await;
+                println!(
+                    "The setup code for setup message {} starts with: {}",
+                    msg_id,
+                    setupcodebegin.unwrap_or_default(),
+                );
+            } else {
+                bail!("{msg_id} is no setup message.",);
+            }
+        }
+        "continue-key-transfer" => {
+            ensure!(
+                !arg1.is_empty() && !arg2.is_empty(),
+                "Arguments <msg-id> <setup-code> expected"
+            );
+            continue_key_transfer(&context, MsgId::new(arg1.parse()?), arg2).await?;
+        }
        "has-backup" => {
            has_backup(&context, blobdir).await?;
        }
@@ -573,7 +605,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                    );
                }
            }
-            if location::is_sending(&context).await? {
+            if location::is_sending_locations_to_chat(&context, None).await? {
                println!("Location streaming enabled.");
            }
            println!("{cnt} chats");
@@ -622,6 +654,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                &context,
                sel_chat.get_id(),
                chat::MessageListOptions {
+                    info_only: false,
                    add_daymarker: true,
                },
            )
@@ -780,7 +813,11 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu

            println!(
                "Location streaming: {}",
-                location::is_sending_to_chat(&context, sel_chat.as_ref().unwrap().get_id()).await?,
+                location::is_sending_locations_to_chat(
+                    &context,
+                    Some(sel_chat.as_ref().unwrap().get_id())
+                )
+                .await?,
            );
        }
        "getlocations" => {
@@ -820,7 +857,12 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            ensure!(!arg1.is_empty(), "No timeout given.");

            let seconds = arg1.parse()?;
-            location::send_to_chat(&context, sel_chat.as_ref().unwrap().get_id(), seconds).await?;
+            location::send_locations_to_chat(
+                &context,
+                sel_chat.as_ref().unwrap().get_id(),
+                seconds,
+            )
+            .await?;
            println!(
                "Locations will be sent to Chat#{} for {} seconds. Use 'setlocation <lat> <lng>' to play around.",
                sel_chat.as_ref().unwrap().get_id(),
@@ -842,6 +884,9 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                println!("Success, streaming can be stopped.");
            }
        }
+        "dellocations" => {
+            location::delete_all(&context).await?;
+        }
        "send" => {
            ensure!(sel_chat.is_some(), "No chat selected.");
            ensure!(!arg1.is_empty(), "No message text given.");
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -149,7 +149,10 @@ impl Completer for DcHelper {
    }
 }

-const IMEX_COMMANDS: [&str; 10] = [
+const IMEX_COMMANDS: [&str; 13] = [
+    "initiate-key-transfer",
+    "get-setupcodebegin",
+    "continue-key-transfer",
    "has-backup",
    "export-backup",
    "import-backup",
@@ -176,7 +179,7 @@ const DB_COMMANDS: [&str; 11] = [
    "housekeeping",
 ];

-const CHAT_COMMANDS: [&str; 39] = [
+const CHAT_COMMANDS: [&str; 40] = [
    "listchats",
    "listarchived",
    "start-realtime",
@@ -194,6 +197,7 @@ const CHAT_COMMANDS: [&str; 39] = [
    "chatinfo",
    "sendlocations",
    "setlocation",
+    "dellocations",
    "getlocations",
    "send",
    "send-sync",
--- a/deltachat-rpc-client/examples/echobot_no_hooks.py
+++ b/deltachat-rpc-client/examples/echobot_no_hooks.py
@@ -13,7 +13,7 @@ def main():
    with Rpc() as rpc:
        deltachat = DeltaChat(rpc)
        system_info = deltachat.get_system_info()
-        logging.info(f"Running deltachat core {system_info['deltachat_core_version']}")
+        logging.info("Running deltachat core %s", system_info["deltachat_core_version"])

        accounts = deltachat.get_all_accounts()
        account = accounts[0] if accounts else deltachat.add_account()
@@ -21,30 +21,36 @@ def main():
        account.set_config("bot", "1")
        if not account.is_configured():
            logging.info("Account is not configured, configuring")
-            account.add_or_update_transport({"addr": sys.argv[1], "password": sys.argv[2]})
+            account.set_config("addr", sys.argv[1])
+            account.set_config("mail_pw", sys.argv[2])
+            account.configure()
            logging.info("Configured")
        else:
            logging.info("Account is already configured")
            deltachat.start_io()

-        qr = account.get_qr_code()
-        logging.info(f"Invite link: {qr}")
-        while True:
-            event = account.wait_for_event()
-            if event.kind == EventType.INFO:
-                logging.info(event["msg"])
-            elif event.kind == EventType.WARNING:
-                logging.warning(event["msg"])
-            elif event.kind == EventType.ERROR:
-                logging.error(event["msg"])
-            elif event.kind == EventType.INCOMING_MSG:
-                logging.info("Got an incoming message")
-                message = account.get_message_by_id(event.msg_id)
+        def process_messages():
+            for message in account.get_next_messages():
                snapshot = message.get_snapshot()
                if snapshot.from_id != SpecialContactId.SELF and not snapshot.is_bot and not snapshot.is_info:
                    snapshot.chat.send_text(snapshot.text)
                snapshot.message.mark_seen()

+        # Process old messages.
+        process_messages()
+
+        while True:
+            event = account.wait_for_event()
+            if event["kind"] == EventType.INFO:
+                logging.info("%s", event["msg"])
+            elif event["kind"] == EventType.WARNING:
+                logging.warning("%s", event["msg"])
+            elif event["kind"] == EventType.ERROR:
+                logging.error("%s", event["msg"])
+            elif event["kind"] == EventType.INCOMING_MSG:
+                logging.info("Got an incoming message")
+                process_messages()
+

 if __name__ == "__main__":
    logging.basicConfig(level=logging.INFO)
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/_utils.py
@@ -1,5 +1,4 @@
 import argparse
-import functools
 import os
 import re
 import sys
@@ -190,6 +189,9 @@ class futuremethod:  # noqa: N801
        self._func = func

    def __get__(self, instance, owner=None):
+        if instance is None:
+            return self
+
        def future(*args):
            generator = self._func(instance, *args)
            res = next(generator)
@@ -202,7 +204,6 @@ class futuremethod:  # noqa: N801

            return f

-        @functools.wraps(self._func)
        def wrapper(*args):
            f = future(*args)
            return f()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -5,6 +5,7 @@ from __future__ import annotations
 import json
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Optional, Union
+from warnings import warn

 from ._utils import AttrDict, futuremethod
 from .chat import Chat
@@ -391,7 +392,8 @@ class Account:
        """Return the list of fresh messages, newest messages first.

        This call is intended for displaying notifications.
-        If you are writing a bot, process "incoming message" events instead.
+        If you are writing a bot, use `get_fresh_messages_in_arrival_order()` instead,
+        to process oldest messages first.
        """
        fresh_msg_ids = self._rpc.get_fresh_msgs(self.id)
        return [Message(self, msg_id) for msg_id in fresh_msg_ids]
@@ -403,15 +405,7 @@ class Account:

    @futuremethod
    def wait_next_messages(self) -> list[Message]:
-        """(deprecated) Wait for new messages and return a list of them. Meant for bots.
-
-        Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
-        even if it is not fully downloaded yet.
-        The bot needs to wait for the message to be fully downloaded.
-        Since this is usually not the desired behavior,
-        bots should instead use the `EventType.INCOMING_MSG`
-        event for getting notified about new messages.
-        """
+        """Wait for new messages and return a list of them."""
        next_msg_ids = yield self._rpc.wait_next_msgs.future(self.id)
        return [Message(self, msg_id) for msg_id in next_msg_ids]

@@ -461,6 +455,16 @@ class Account:
        """Wait for reaction change event."""
        return self.wait_for_event(EventType.REACTIONS_CHANGED)

+    def get_fresh_messages_in_arrival_order(self) -> list[Message]:
+        """Return fresh messages list sorted in the order of their arrival, with ascending IDs."""
+        warn(
+            "get_fresh_messages_in_arrival_order is deprecated, use get_next_messages instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        fresh_msg_ids = sorted(self._rpc.get_fresh_msgs(self.id))
+        return [Message(self, msg_id) for msg_id in fresh_msg_ids]
+
    def export_backup(self, path, passphrase: str = "") -> None:
        """Export backup."""
        self._rpc.export_backup(self.id, str(path), passphrase)
@@ -479,11 +483,11 @@ class Account:
        passphrase = ""  # Importing passphrase-protected keys is currently not supported.
        self._rpc.import_self_keys(self.id, str(path), passphrase)

+    def initiate_autocrypt_key_transfer(self) -> None:
+        """Send Autocrypt Setup Message."""
+        return self._rpc.initiate_autocrypt_key_transfer(self.id)
+
    def ice_servers(self) -> list:
        """Return ICE servers for WebRTC configuration."""
        ice_servers_json = self._rpc.ice_servers(self.id)
        return json.loads(ice_servers_json)
-
-    def is_sending_locations(self) -> bool:
-        """Return True if sending locations to any chat."""
-        return self._rpc.is_sending_locations(self.id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
@@ -164,7 +164,7 @@ class Chat:
        return Message(self.account, msg_id)

    def send_sticker(self, path: str) -> Message:
-        """Deprecated as of 2026-04; use `send_message` with `Viewtype.STICKER` instead."""
+        """Send an sticker and return the resulting Message instance."""
        msg_id = self._rpc.send_sticker(self.account.id, self.id, path)
        return Message(self.account, msg_id)

@@ -206,9 +206,9 @@ class Chat:
        snapshot["message"] = Message(self.account, snapshot.id)
        return snapshot

-    def get_messages(self, add_daymarker: bool = False) -> list[Message]:
+    def get_messages(self, info_only: bool = False, add_daymarker: bool = False) -> list[Message]:
        """Get the list of messages in this chat."""
-        msgs = self._rpc.get_message_ids(self.account.id, self.id, False, add_daymarker)
+        msgs = self._rpc.get_message_ids(self.account.id, self.id, info_only, add_daymarker)
        return [Message(self.account, msg_id) for msg_id in msgs]

    def get_fresh_message_count(self) -> int:
@@ -219,10 +219,6 @@ class Chat:
        """Mark all messages in this chat as noticed."""
        self._rpc.marknoticed_chat(self.account.id, self.id)

-    def mark_fresh(self) -> None:
-        """Mark the last incoming message in the chat as fresh."""
-        self._rpc.markfresh_chat(self.account.id, self.id)
-
    def add_contact(self, *contact: Union[int, str, Contact, "Account"]) -> None:
        """Add contacts to this group."""
        from .account import Account
@@ -277,16 +273,6 @@ class Chat:
        """Remove profile image of this chat."""
        self._rpc.set_chat_profile_image(self.account.id, self.id, None)

-    def send_locations(self, seconds) -> None:
-        """Enable location streaming in the chat for the given number of seconds.
-
-        Pass 0 to disable location streaming."""
-        self._rpc.send_locations_to_chat(self.account.id, self.id, seconds)
-
-    def is_sending_locations(self) -> bool:
-        """Return True if sending locations to this chat."""
-        return self._rpc.is_sending_locations_to_chat(self.account.id, self.id)
-
    def get_locations(
        self,
        contact: Optional[Contact] = None,
--- a/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
@@ -59,11 +59,3 @@ class DeltaChat:
    def set_translations(self, translations: dict[str, str]) -> None:
        """Set stock translation strings."""
        self.rpc.set_stock_strings(translations)
-
-    def set_location(self, latitude, longitude, accuracy) -> bool:
-        """Set location, return True if location streaming should continue."""
-        return self.rpc.set_location(latitude, longitude, accuracy)
-
-    def stop_sending_locations(self) -> None:
-        """Stop sending locations to all chats."""
-        return self.rpc.stop_sending_locations()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -25,14 +25,7 @@ class Message:
        return self.account._rpc

    def send_reaction(self, *reaction: str) -> "Message":
-        """
-        Sends a reaction to message.
-
-        A reaction is a string that represents an emoji.
-        You can call this function again to change the emoji;
-        the last sent reaction overrides all previously sent reactions.
-        It is possible to remove the reaction by sending an empty string.
-        """
+        """Send a reaction to this message."""
        msg_id = self._rpc.send_reaction(self.account.id, self.id, reaction)
        return Message(self.account, msg_id)

@@ -79,6 +72,14 @@ class Message:
        """Return True if the message exists."""
        return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))

+    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
+        """Continue the Autocrypt Setup Message key transfer.
+
+        This function can be called on received Autocrypt Setup Message
+        to import the key encrypted with the provided setup code.
+        """
+        self._rpc.continue_autocrypt_key_transfer(self.account.id, self.id, setup_code)
+
    def send_webxdc_status_update(self, update: Union[dict, str], description: str) -> None:
        """Send a webxdc status update. This message must be a webxdc."""
        if not isinstance(update, str):
--- a/deltachat-rpc-client/tests/test_folders.py
+++ b/deltachat-rpc-client/tests/test_folders.py
@@ -1,26 +1,104 @@
+import logging
 import re
+import time

+import pytest
 from imap_tools import AND, U

-from deltachat_rpc_client import EventType
+from deltachat_rpc_client import Contact, EventType, Message


-def test_moved_markseen(acfactory, direct_imap, log):
-    """Test that message already moved to DeltaChat folder is marked as seen."""
-    ac1 = acfactory.get_online_account()
+def test_move_works(acfactory, direct_imap):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("DeltaChat")
+    ac2.set_config("mvbox_move", "1")
+    ac2.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+
+    # Message is moved to the movebox
+    ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+    # Message is downloaded
+    msg = ac2.wait_for_incoming_msg().get_snapshot()
+    assert msg.text == "message1"
+
+
+def test_reactions_for_a_reordering_move(acfactory, direct_imap):
+    """When a batch of messages is moved from Inbox to DeltaChat folder with a single MOVE command,
+    their UIDs may be reordered (e.g. Gmail is known for that) which led to that messages were
+    processed by receive_imf in the wrong order, and, particularly, reactions were processed before
+    messages they refer to and thus dropped.
+    """
+    (ac1,) = acfactory.get_online_accounts(1)

    addr, password = acfactory.get_credentials()
    ac2 = acfactory.get_unconfigured_account()
    ac2.add_or_update_transport({"addr": addr, "password": password})
-    ac2.bring_online()
-
-    log.section("ac2: creating DeltaChat folder")
    ac2_direct_imap = direct_imap(ac2)
    ac2_direct_imap.create_folder("DeltaChat")
+    ac2.set_config("mvbox_move", "1")
+    assert ac2.is_configured()
+
+    ac2.bring_online()
+    chat1 = acfactory.get_accepted_chat(ac1, ac2)
+    ac2.stop_io()
+
+    logging.info("sending message + reaction from ac1 to ac2")
+    msg1 = chat1.send_text("hi")
+    msg1.wait_until_delivered()
+    # It's is sad, but messages must differ in their INTERNALDATEs to be processed in the correct
+    # order by DC, and most (if not all) mail servers provide only seconds precision.
+    time.sleep(1.1)
+    react_str = "\N{THUMBS UP SIGN}"
+    msg1.send_reaction(react_str).wait_until_delivered()
+
+    logging.info("moving messages to ac2's DeltaChat folder in the reverse order")
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.connect()
+    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()], reverse=True):
+        ac2_direct_imap.conn.move(uid, "DeltaChat")
+
+    logging.info("receiving messages by ac2")
+    ac2.start_io()
+    msg2 = Message(ac2, ac2.wait_for_reactions_changed().msg_id)
+    assert msg2.get_snapshot().text == msg1.get_snapshot().text
+    reactions = msg2.get_reactions()
+    contacts = [Contact(ac2, int(i)) for i in reactions.reactions_by_contact]
+    assert len(contacts) == 1
+    assert contacts[0].get_snapshot().address == ac1.get_config("addr")
+    assert list(reactions.reactions_by_contact.values())[0] == [react_str]
+
+
+def test_move_works_on_self_sent(acfactory, direct_imap):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+
+    # Create and enable movebox.
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder("DeltaChat")
+    ac1.set_config("mvbox_move", "1")
+    ac1.set_config("bcc_self", "1")
+    ac1.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message2")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message3")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+
+def test_moved_markseen(acfactory, direct_imap):
+    """Test that message already moved to DeltaChat folder is marked as seen."""
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("DeltaChat")
+    ac2.set_config("mvbox_move", "1")
    ac2.set_config("delete_server_after", "0")
    ac2.set_config("sync_msgs", "0")  # Do not send a sync message when accepting a contact request.
-
-    ac2.add_or_update_transport({"addr": addr, "password": password, "imapFolder": "DeltaChat"})
    ac2.bring_online()

    ac2.stop_io()
@@ -30,7 +108,6 @@ def test_moved_markseen(acfactory, direct_imap, log):
        idle2.wait_for_new_message()

    # Emulate moving of the message to DeltaChat folder by Sieve rule.
-    log.section("ac2: moving message into DeltaChat folder")
    ac2_direct_imap.conn.move(["*"], "DeltaChat")
    ac2_direct_imap.select_folder("DeltaChat")
    assert len(list(ac2_direct_imap.conn.fetch("*", mark_seen=False))) == 1
@@ -54,11 +131,17 @@ def test_moved_markseen(acfactory, direct_imap, log):
    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True, uid=U(1, "*")), mark_seen=False))) == 1


-def test_markseen_message_and_mdn(acfactory, direct_imap):
+@pytest.mark.parametrize("mvbox_move", [True, False])
+def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
    ac1, ac2 = acfactory.get_online_accounts(2)

    for ac in ac1, ac2:
        ac.set_config("delete_server_after", "0")
+        if mvbox_move:
+            ac_direct_imap = direct_imap(ac)
+            ac_direct_imap.create_folder("DeltaChat")
+            ac.set_config("mvbox_move", "1")
+            ac.bring_online()

    # Do not send BCC to self, we only want to test MDN on ac1.
    ac1.set_config("bcc_self", "0")
@@ -67,7 +150,10 @@ def test_markseen_message_and_mdn(acfactory, direct_imap):
    msg = ac2.wait_for_incoming_msg()
    msg.mark_seen()

-    rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")
+    if mvbox_move:
+        rex = re.compile("Marked messages [0-9]+ in folder DeltaChat as seen.")
+    else:
+        rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")

    for ac in ac1, ac2:
        while True:
@@ -75,11 +161,12 @@ def test_markseen_message_and_mdn(acfactory, direct_imap):
            if event.kind == EventType.INFO and rex.search(event.msg):
                break

+    folder = "mvbox" if mvbox_move else "inbox"
    ac1_direct_imap = direct_imap(ac1)
    ac2_direct_imap = direct_imap(ac2)

-    ac1_direct_imap.select_folder("INBOX")
-    ac2_direct_imap.select_folder("INBOX")
+    ac1_direct_imap.select_config_folder(folder)
+    ac2_direct_imap.select_config_folder(folder)

    # Check that the mdn is marked as seen
    assert len(list(ac1_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1
--- a/deltachat-rpc-client/tests/test_key_transfer.py
+++ b/deltachat-rpc-client/tests/test_key_transfer.py
@@ -0,0 +1,49 @@
+import pytest
+
+from deltachat_rpc_client import EventType
+from deltachat_rpc_client.rpc import JsonRpcError
+
+
+def wait_for_autocrypt_setup_message(account):
+    while True:
+        event = account.wait_for_event()
+        if event.kind == EventType.MSGS_CHANGED and event.msg_id != 0:
+            msg_id = event.msg_id
+            msg = account.get_message_by_id(msg_id)
+            if msg.get_snapshot().is_setupmessage:
+                return msg
+
+
+def test_autocrypt_setup_message_key_transfer(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    # Test that entering wrong code returns an error.
+    with pytest.raises(JsonRpcError):
+        msg.continue_autocrypt_key_transfer("7037-0673-6287-3013-4095-7956-5617-6806-6756")
+
+    msg.continue_autocrypt_key_transfer(setup_code)
+
+
+def test_ac_setup_message_twice(acfactory):
+    alice1 = acfactory.get_online_account()
+
+    alice2 = acfactory.get_unconfigured_account()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
+    alice2.bring_online()
+
+    # Send the first Autocrypt Setup Message and ignore it.
+    _setup_code = alice1.initiate_autocrypt_key_transfer()
+    wait_for_autocrypt_setup_message(alice2)
+
+    # Send the second Autocrypt Setup Message and import it.
+    setup_code = alice1.initiate_autocrypt_key_transfer()
+    msg = wait_for_autocrypt_setup_message(alice2)
+
+    msg.continue_autocrypt_key_transfer(setup_code)
--- a/deltachat-rpc-client/tests/test_location.py
+++ b/deltachat-rpc-client/tests/test_location.py
@@ -1,32 +0,0 @@
-def test_set_location(dc, acfactory) -> None:
-    # Try setting location without any accounts.
-    assert not dc.set_location(1.0, 2.0, 0.1)
-
-    # Create one account that does not stream,
-    # set location.
-    acfactory.new_configured_account()
-    assert not dc.set_location(3.0, 4.0, 0.1)
-
-
-def test_send_locations_to_chat(dc, acfactory):
-    alice, bob = acfactory.get_online_accounts(2)
-
-    assert not alice.is_sending_locations()
-    alice_chat_bob = alice.create_chat(bob)
-    assert not alice_chat_bob.is_sending_locations()
-
-    # Test starting and stopping location streaming in a chat.
-    alice_chat_bob.send_locations(3600)
-    assert alice.is_sending_locations()
-    assert alice_chat_bob.is_sending_locations()
-    alice_chat_bob.send_locations(0)
-    assert not alice.is_sending_locations()
-    assert not alice_chat_bob.is_sending_locations()
-
-    # Test stop_sending_locations() for all accounts and chats.
-    alice_chat_bob.send_locations(3600)
-    assert alice.is_sending_locations()
-    assert alice_chat_bob.is_sending_locations()
-    dc.stop_sending_locations()
-    assert not alice.is_sending_locations()
-    assert not alice_chat_bob.is_sending_locations()
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -1,7 +1,7 @@
 import pytest

 from deltachat_rpc_client import EventType
-from deltachat_rpc_client.const import ChatType, DownloadState
+from deltachat_rpc_client.const import DownloadState
 from deltachat_rpc_client.rpc import JsonRpcError


@@ -9,6 +9,12 @@ def test_add_second_address(acfactory) -> None:
    account = acfactory.new_configured_account()
    assert len(account.list_transports()) == 1

+    # When the first transport is created,
+    # mvbox_move and only_fetch_mvbox should be disabled.
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("only_fetch_mvbox") == "0"
+    assert account.get_config("show_emails") == "2"
+
    qr = acfactory.get_account_qr()
    account.add_transport_from_qr(qr)
    assert len(account.list_transports()) == 2
@@ -26,6 +32,44 @@ def test_add_second_address(acfactory) -> None:
    account.delete_transport(second_addr)
    assert len(account.list_transports()) == 2

+    # Enabling mvbox_move or only_fetch_mvbox
+    # is not allowed when multi-transport is enabled.
+    for option in ["mvbox_move", "only_fetch_mvbox"]:
+        with pytest.raises(JsonRpcError):
+            account.set_config(option, "1")
+
+    # show_emails does not matter for multi-relay, can be set to anything
+    account.set_config("show_emails", "0")
+
+
+@pytest.mark.parametrize("key", ["mvbox_move", "only_fetch_mvbox"])
+def test_no_second_transport_with_mvbox(acfactory, key) -> None:
+    """Test that second transport cannot be configured if mvbox is used."""
+    account = acfactory.new_configured_account()
+    assert len(account.list_transports()) == 1
+
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("only_fetch_mvbox") == "0"
+
+    qr = acfactory.get_account_qr()
+    account.set_config(key, "1")
+
+    with pytest.raises(JsonRpcError):
+        account.add_transport_from_qr(qr)
+
+
+def test_second_transport_without_classic_emails(acfactory) -> None:
+    """Test that second transport can be configured if classic emails are not fetched."""
+    account = acfactory.new_configured_account()
+    assert len(account.list_transports()) == 1
+
+    assert account.get_config("show_emails") == "2"
+
+    qr = acfactory.get_account_qr()
+    account.set_config("show_emails", "0")
+
+    account.add_transport_from_qr(qr)
+

 def test_change_address(acfactory) -> None:
    """Test Alice configuring a second transport and setting it as a primary one."""
@@ -103,13 +147,44 @@ def test_download_on_demand(acfactory) -> None:
        assert msg.get_snapshot().download_state == dstate


+@pytest.mark.parametrize("is_chatmail", ["0", "1"])
+def test_mvbox_move_first_transport(acfactory, is_chatmail) -> None:
+    """Test that mvbox_move is disabled by default even for non-chatmail accounts.
+    Disabling mvbox_move is required to be able to setup a second transport.
+    """
+    account = acfactory.get_unconfigured_account()
+
+    account.set_config("fix_is_chatmail", "1")
+    account.set_config("is_chatmail", is_chatmail)
+
+    # The default value when the setting is unset is "1".
+    # This is not changed for compatibility with old databases
+    # imported from backups.
+    assert account.get_config("mvbox_move") == "1"
+
+    qr = acfactory.get_account_qr()
+    account.add_transport_from_qr(qr)
+
+    # Once the first transport is set up,
+    # mvbox_move is disabled.
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("is_chatmail") == is_chatmail
+
+
 def test_reconfigure_transport(acfactory) -> None:
-    """Test that reconfiguring the transport works."""
+    """Test that reconfiguring the transport works
+    even if settings not supported for multi-transport
+    like mvbox_move are enabled."""
    account = acfactory.get_online_account()
+    account.set_config("mvbox_move", "1")

    [transport] = account.list_transports()
    account.add_or_update_transport(transport)

+    # Reconfiguring the transport should not reset
+    # the settings as if when configuring the first transport.
+    assert account.get_config("mvbox_move") == "1"
+

 def test_transport_synchronization(acfactory, log) -> None:
    """Test synchronization of transports between devices."""
@@ -150,9 +225,6 @@ def test_transport_synchronization(acfactory, log) -> None:
    log.section("ac1 changes the primary transport")
    ac1.set_config("configured_addr", transport3["addr"])

-    # One event for updated `add_timestamp` of the new primary transport,
-    # one event for the `configured_addr` update.
-    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
    [transport1, transport3] = ac1_clone.list_transports()
    assert ac1_clone.get_config("configured_addr") == addr3
@@ -243,10 +315,11 @@ def test_transport_limit(acfactory) -> None:
    account.add_transport_from_qr(qr)


-def test_message_info_imap_urls(acfactory) -> None:
+def test_message_info_imap_urls(acfactory, log) -> None:
    """Test that message info contains IMAP URLs of where the message was received."""
    alice, bob = acfactory.get_online_accounts(2)

+    log.section("Alice adds ac1 clone removes second transport")
    qr = acfactory.get_account_qr()
    for i in range(3):
        alice.add_transport_from_qr(qr)
@@ -254,6 +327,9 @@ def test_message_info_imap_urls(acfactory) -> None:
        for _ in range(i + 1):
            alice.bring_online()

+    new_alice_addr = alice.list_transports()[2]["addr"]
+    alice.set_config("configured_addr", new_alice_addr)
+
    # Enable multi-device mode so messages are not deleted immediately.
    alice.set_config("bcc_self", "1")

@@ -261,53 +337,12 @@ def test_message_info_imap_urls(acfactory) -> None:
    # This is where he will send the message.
    bob_chat = bob.create_chat(alice)

-    # Alice switches to another transport and removes the rest of the transports.
-    new_alice_addr = alice.list_transports()[1]["addr"]
-    alice.set_config("configured_addr", new_alice_addr)
-    removed_addrs = []
-    for transport in alice.list_transports():
-        if transport["addr"] != new_alice_addr:
-            alice.delete_transport(transport["addr"])
-            removed_addrs.append(transport["addr"])
-    alice.stop_io()
-    alice.start_io()
+    # Alice changes the transport again.
+    alice.set_config("configured_addr", alice.list_transports()[3]["addr"])

    bob_chat.send_text("Hello!")

    msg = alice.wait_for_incoming_msg()
-    msg_info = msg.get_info()
-    assert new_alice_addr in msg_info
-    for removed_addr in removed_addrs:
-        assert removed_addr not in msg_info
-    assert f"{new_alice_addr}/INBOX" in msg_info
-
-
-def test_remove_primary_transport(acfactory, log) -> None:
-    """Test that after removing the primary relay, Alice can still receive messages."""
-    alice, bob = acfactory.get_online_accounts(2)
-    qr = acfactory.get_account_qr()
-
-    alice.add_transport_from_qr(qr)
-    alice.bring_online()
-
-    bob_chat = bob.create_chat(alice)
-    alice.create_chat(bob)
-
-    log.section("Alice sets up second transport")
-    [transport1, transport2] = alice.list_transports()
-    alice.set_config("configured_addr", transport2["addr"])
-
-    bob_chat.send_text("Hello!")
-    msg1 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg1.text == "Hello!"
-
-    log.section("Alice removes the primary relay")
-    alice.delete_transport(transport1["addr"])
-    alice.stop_io()
-    alice.start_io()
-
-    bob_chat.send_text("Hello again!")
-    msg2 = alice.wait_for_incoming_msg().get_snapshot()
-    assert msg2.text == "Hello again!"
-    assert msg2.chat.get_basic_snapshot().chat_type == ChatType.SINGLE
-    assert msg2.chat == alice.create_chat(bob)
+    for alice_transport in alice.list_transports():
+        addr = alice_transport["addr"]
+        assert (addr == new_alice_addr) == (addr in msg.get_info())
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -273,9 +273,6 @@ def test_chat(acfactory) -> None:
    assert group.get_messages()
    group.get_fresh_message_count()
    group.mark_noticed()
-    assert group.get_fresh_message_count() == 0
-    group.mark_fresh()
-    assert group.get_fresh_message_count() > 0
    assert group.get_contacts()
    assert group.get_past_contacts() == []
    group.remove_contact(alice_contact_bob)
@@ -1047,7 +1044,6 @@ def test_no_old_msg_is_fresh(acfactory):
    assert ac1.create_chat(ac2).get_fresh_message_count() == 1
    assert len(list(ac1.get_fresh_messages())) == 1

-    ac1_clone.wait_for_incoming_msg_event()
    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)

    logging.info("Send a message from ac1_clone to ac2 and check that ac1 marks the first message as 'noticed'")
--- a/deltachat-rpc-client/tests/test_webxdc.py
+++ b/deltachat-rpc-client/tests/test_webxdc.py
@@ -18,8 +18,6 @@ def test_webxdc(acfactory) -> None:
        "sourceCodeUrl": None,
        "summary": None,
        "selfAddr": webxdc_info["selfAddr"],
-        "isAppSender": False,
-        "isBroadcast": False,
        "sendUpdateInterval": 1000,
        "sendUpdateMaxSize": 18874368,
    }
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/README.md
+++ b/deltachat-rpc-server/npm-package/README.md
@@ -18,7 +18,7 @@ import { startDeltaChat } from "@deltachat/stdio-rpc-server";
 import { C } from "@deltachat/jsonrpc-client";

 async function main() {
-    const dc = startDeltaChat("deltachat-data");
+    const dc = await startDeltaChat("deltachat-data");
    console.log(await dc.rpc.getSystemInfo());
    dc.close()
 }
--- a/deltachat-rpc-server/npm-package/index.d.ts
+++ b/deltachat-rpc-server/npm-package/index.d.ts
@@ -15,7 +15,7 @@ export interface SearchOptions {
 */
 export function getRPCServerPath(
  options?: Partial<SearchOptions>
-): string;
+): Promise<string>;



@@ -33,15 +33,8 @@ export interface StartOptions {
 * @param directory directory for accounts folder
 * @param options 
 */
-export function startDeltaChat(directory: string, options?: Partial<SearchOptions & StartOptions> ): DeltaChatOverJsonRpcServer
+export function startDeltaChat(directory: string, options?: Partial<SearchOptions & StartOptions> ): Promise<DeltaChatOverJsonRpcServer>

-export class DeltaChatOverJsonRpc extends StdioDeltaChat {
-  constructor(
-    directory: string,
-    options?: Partial<SearchOptions & StartOptions>
-  );
-  readonly pathToServerBinary: string;
-}

 export namespace FnTypes {
    export type getRPCServerPath = typeof getRPCServerPath
--- a/deltachat-rpc-server/npm-package/index.js
+++ b/deltachat-rpc-server/npm-package/index.js
@@ -1,6 +1,6 @@
 //@ts-check
 import { spawn } from "node:child_process";
-import { statSync } from "node:fs";
+import { stat } from "node:fs/promises";
 import os from "node:os";
 import process from "node:process";
 import { ENV_VAR_NAME, PATH_EXECUTABLE_NAME } from "./src/const.js";
@@ -36,7 +36,7 @@ function findRPCServerInNodeModules() {
 }

 /** @type {import("./index").FnTypes.getRPCServerPath} */
-export function getRPCServerPath(options = {}) {
+export async function getRPCServerPath(options = {}) {
  const { takeVersionFromPATH, disableEnvPath } = {
    takeVersionFromPATH: false,
    disableEnvPath: false,
@@ -45,7 +45,7 @@ export function getRPCServerPath(options = {}) {
  // 1. check if it is set as env var
  if (process.env[ENV_VAR_NAME] && !disableEnvPath) {
    try {
-      if (!statSync(process.env[ENV_VAR_NAME]).isFile()) {
+      if (!(await stat(process.env[ENV_VAR_NAME])).isFile()) {
        throw new Error(
          `expected ${ENV_VAR_NAME} to point to the deltachat-rpc-server executable`
        );
@@ -68,49 +68,41 @@ export function getRPCServerPath(options = {}) {
 import { StdioDeltaChat } from "@deltachat/jsonrpc-client";

 /** @type {import("./index").FnTypes.startDeltaChat} */
-export function startDeltaChat(directory, options = {}) {
-  return new DeltaChatOverJsonRpc(directory, options);
-}
-
-export class DeltaChatOverJsonRpc extends StdioDeltaChat {
-  /**
-   *
-   * @param {string} directory
-   * @param {Partial<import("./index").SearchOptions & import("./index").StartOptions>} options
-   */
-  constructor(directory, options = {}) {
-    const pathToServerBinary = getRPCServerPath(options);
-    const server = spawn(pathToServerBinary, {
-      env: {
-        RUST_LOG: process.env.RUST_LOG,
-        DC_ACCOUNTS_PATH: directory,
-      },
-      stdio: ["pipe", "pipe", options.muteStdErr ? "ignore" : "inherit"],
-    });
-
-    server.on("error", (err) => {
-      throw new Error(
-        FAILED_TO_START_SERVER_EXECUTABLE(pathToServerBinary, err)
-      );
-    });
-    let shouldClose = false;
-
-    server.on("exit", () => {
-      if (shouldClose) {
-        return;
-      }
-      throw new Error("Server quit");
-    });
-
-    super(server.stdin, server.stdout, true);
-
-    this.close = () => {
-      shouldClose = true;
-      if (!server.kill()) {
-        console.log("server termination failed");
-      }
-    };
-
-    this.pathToServerBinary = pathToServerBinary;
-  }
+export async function startDeltaChat(directory, options = {}) {
+  const pathToServerBinary = await getRPCServerPath(options);
+  const server = spawn(pathToServerBinary, {
+    env: {
+      RUST_LOG: process.env.RUST_LOG,
+      DC_ACCOUNTS_PATH: directory,
+    },
+    stdio: ["pipe", "pipe", options.muteStdErr ? "ignore" : "inherit"],
+  });
+
+  server.on("error", (err) => {
+    throw new Error(FAILED_TO_START_SERVER_EXECUTABLE(pathToServerBinary, err));
+  });
+  let shouldClose = false;
+
+  server.on("exit", () => {
+    if (shouldClose) {
+      return;
+    }
+    throw new Error("Server quit");
+  });
+
+  /** @type {import('./index').DeltaChatOverJsonRpcServer} */
+  //@ts-expect-error
+  const dc = new StdioDeltaChat(server.stdin, server.stdout, true);
+
+  dc.close = () => {
+    shouldClose = true;
+    if (!server.kill()) {
+      console.log("server termination failed");
+    }
+  };
+
+  //@ts-expect-error
+  dc.pathToServerBinary = pathToServerBinary;
+
+  return dc;
 }
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.50.0-dev"
+  "version": "2.44.0-dev"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -17,33 +17,6 @@ ignore = [
    # It is a transitive dependency of iroh 0.35.0,
    # this should be fixed by upgrading to iroh 1.0 once it is released.
    "RUSTSEC-2025-0134",
-
-    # rustls-webpki v0.102.8
-    # We cannot upgrade to >=0.103.10 because
-    # it is a transitive dependency of iroh 0.35.0
-    # which depends on ^0.102.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0049>
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0098>
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0099>
-    "RUSTSEC-2026-0049",
-    "RUSTSEC-2026-0098",
-    "RUSTSEC-2026-0099",
-
-    # Panic in CRL signature checks.
-    # We do not check CRL and cannot update rustls-webpki 0.102.8 
-    # which is a dependency of iroh 0.35.0.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0104>
-    "RUSTSEC-2026-0104",
-
-    # hickory-proto 0.25.2 unbounded loop in DNSSEC code.
-    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0118>
-    "RUSTSEC-2026-0118",
-
-    # hickory-proto 0.25.2 quadratic complexity issue.
-    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
-    # <https://rustsec.org/advisories/RUSTSEC-2026-0119>
-    "RUSTSEC-2026-0119"
 ]

 [bans]
@@ -54,8 +27,6 @@ ignore = [
 skip = [
     { name = "async-channel", version = "1.9.0" },
     { name = "bitflags", version = "1.3.2" },
-     { name = "constant_time_eq", version = "0.3.1" },
-     { name = "cpufeatures", version = "0.2.17" },
     { name = "derive_more-impl", version = "1.0.0" },
     { name = "derive_more", version = "1.0.0" },
     { name = "event-listener", version = "2.5.3" },
@@ -70,7 +41,6 @@ skip = [
     { name = "rand_core", version = "0.6.4" },
     { name = "rand", version = "0.8.5" },
     { name = "rustix", version = "0.38.44" },
-     { name = "rustls-webpki", version = "0.102.8" },
     { name = "serdect", version = "0.2.0" },
     { name = "socket2", version = "0.5.9" },
     { name = "spin", version = "0.9.8" },
--- a/draft/aeap-mvp.md
+++ b/draft/aeap-mvp.md
@@ -0,0 +1,127 @@
+AEAP MVP
+========
+
+Changes to the UIs
+------------------
+
+- The secondary self addresses (see below) are shown in the UI, but not editable.
+
+- When the user changed the email address in the configure screen, show a dialog to the user, either directly explaining things or with a link to the FAQ (see "Other" below)
+
+Changes in the core
+-------------------
+
+- [x] We have one primary self address and any number of secondary self addresses. `is_self_addr()` checks all of them.
+
+- [x] If the user does a reconfigure and changes the email address, the previous address is added as a secondary self address.
+
+  - don't forget to deduplicate secondary self addresses in case the user switches back and forth between addresses).
+
+  - The key stays the same.
+
+- [x] No changes for 1:1 chats, there simply is a new one. (This works since, contrary to group messages, messages sent to a 1:1 chat are not assigned to the group chat but always to the 1:1 chat with the sender. So it's not a problem that the new messages might be put into the old chat if they are a reply to a message there.)
+
+- [ ] When sending a message: If any of the secondary self addrs is in the chat's member list, remove it locally (because we just transitioned away from it). We add a log message for this (alternatively, a system message in the chat would be more visible).
+
+- [x] ([#3385](https://github.com/deltachat/deltachat-core-rust/pull/3385)) When receiving a message: If the key exists, but belongs to another address (we may want to benchmark this)
+  AND there is a `Chat-Version` header\
+  AND the message is signed correctly
+  AND the From address is (also) in the encrypted (and therefore signed) headers <sup>[[1]](#myfootnote1)</sup>\
+  AND the message timestamp is newer than the contact's `lastseen` (to prevent changing the address back when messages arrive out of order) (this condition is not that important since we will have eventual consistency even without it):
+
+  Replace the contact in _all_ groups, possibly deduplicate the members list, and add a system message to all of these chats.
+  
+  - Note that we can't simply compare the keys byte-by-byte, since the UID may have changed, or the sender may have rotated the key and signed the new key with the old one.
+
+<a name="myfootnote1">[1]</a>: Without this check, an attacker could replay a message from Alice to Bob. Then Bob's device would do an AEAP transition from Alice's to the attacker's address, allowing for easier phishing.
+
+<details>
+<summary>More details about this</summary>
+Suppose Alice sends a message to Evil (or to a group with both Evil and Bob). Evil then forwards the message to Bob, changing the From and To headers (and if necessary Message-Id) and replacing `addr=alice@example.org;` in the autocrypt header with `addr=evil@example.org;`.
+
+Then Bob's device sees that there is a message which is signed by Alice's key and comes from Evil's address and would do the AEAP transition, i.e. replace Alice with Evil in all groups and show a message "Alice changed their address from alice@example.org to evil@example.org". Disadvantages for Evil are that Bob's message will be shown on Alice's device, possibly creating confusion/suspicion, and that the usual "Setup changed for..." message will be shown the next time Evil sends a message (because Evil doesn't know Alice's private key).
+
+Possible mitigations:
+- if we make the AEAP device message sth. like "Automatically removed alice@example.org and added evil@example.org", then this will create more suspicion, making the phishing harder (we didn't talk about what what the wording should be at all yet).
+- Add something similar to replay protection to our Autocrypt implementation. This could be done e.g. by adding a second `From` header to the protected headers. If it's present, the receiver then requires it to be the same as the outer `From`, and if it's not present, we don't do AEAP --> **That's what we implemented**
+
+Note that usually a mail is signed by a key that has a UID matching the from address.
+
+  That's not mandatory for Autocrypt (and in fact, we just keep the old UID when changing the self address, so with AEAP the UID will actually be different than the from address sometimes)
+
+  https://autocrypt.org/level1.html#openpgp-based-key-data says:
+  > The content of the user id packet is only decorative
+
+</details>
+
+### Notes:
+  
+- We treat protected and non-protected chats the same
+- We leave the aeap transition statement away since it seems not to be needed, makes things harder on the sending side, wastes some network traffic, and is worse for privacy (since more people know what old addresses you had).
+- As soon as we encrypt read receipts, sending a read receipt will be enough to tell a lot of people that you transitioned
+- AEAP will make the problem of inconsistent group state worse, both because it doesn't work if the message is unencrypted (even if the design allowed it, it would be problematic security-wise) and because some chat partners may have gotten the transition and some not. We should do something against this at some point in the future, like asking the user whether they want to add/remove the members to restore consistent group state.
+
+#### Downsides of this design:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+
+#### Upsides:
+- With this approach, it's easy to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- Faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.
+
+### Alternatives and old discussions/plans:
+
+- Change the contact instead of rewriting the group member lists. This seems to call for more trouble since we will end up with multiple contacts having the same email address.
+
+- If needed, we could add a header a) indicating that the sender did an address transition or b) listing all the secondary (old) addresses.  For now, there is no big enough benefit to warrant introducing another header and its processing on the receiver side (including all the necessary checks and handling of error cases). Instead, we only check for the `Chat-Version` header to prevent accidental transitions when an MUA user sends a message from another email address with the same key.
+
+- The condition for a transition temporarily was:
+
+  > When receiving a message: If we are going to assign a message to a chat, but the sender is not a member of this chat\
+  > AND the signing key is the same as the direct (non-gossiped) key of one of the chat members\
+  > AND ...
+
+  However, this would mean that in 1:1 messages can't trigger a transition, since we don't assign private messages to the parent chat, but always to the 1:1 chat with the sender.
+  
+<details>
+<summary>Some previous state of the discussion, which temporarily lived in an issue description</summary>
+Summarizing the discussions from https://github.com/deltachat/deltachat-core-rust/pull/2896, mostly quoting @hpk42:
+
+1. (DONE) At the time of configure we push the current primary to become a secondary. 
+
+2. When a message is sent out to a chat, and the message is encrypted, and we have secondary addresses, then we 
+  a) add a protected "AEAP-Replacement" header that contains all secondary addresses 
+  b) if any of the secondary addresses is in the chat's member list, we remove it and leave a system message that we did so
+3. When an encrypted message with a replacement header is received, replace the e-mail address of all secondary contacts (if they exist) with the new primary and drop a sysmessage in all chats the secondary is member off.  This might (in edge cases) result in chats that have two or more contacts with the same e-mail address.  We might ignore this for a first release and just log a warning.  Let's maybe not get hung up on this case before everything else works. 
+
+Notes: 
+- for now we will send out aeap replacement headers forever, there is no termination condition other than lack of secondary addresses.  I think that's fine for now.  Later on we might introduce options to remove secondary addresses but i wouldn't do this for a first release/PR. 
+- the design is resilient against changing e-mail providers from A to B to C and then back to A, with partially updated chats and diverging views from recipients/contacts on this transition.  In the end, you will have a primary and some secondaries, and when you start sending out messages everybody will eventually synchronize when they receive the current state of primaries/secondaries. 
+- of course on incoming message for need to check for each stated secondary address in the replacement header that it uses the same signature as the signature we verified as valid with the incoming message  **-->  Also we have to somehow make sure that the signing key was not just gossiped from some random other person in some group.**
+- there are no extra flags/columns in the database needed (i hope) 
+
+#### Downsides of the chosen approach:
+- Inconsistent group state: Suppose Alice does an AEAP transition and sends a 1:1 message to Bob, so Bob rewrites Alice's contact. Alice, Bob and Charlie are together in a group. Before Alice writes to this group, Bob and Charlie will have different membership lists, and Bob will send messages to Alice's new address, while Charlie will send them to her old address.
+- There will be multiple contacts with the same address in the database. We will have to do something against this at some point.
+
+The most obvious alternative would be to create a new contact with the new address and replace the old contact in the groups.
+
+#### Upsides:
+- With this approach, it's easier to switch to a model where the info about the transition is encoded in the PGP key. Since the key is gossiped, the information about the transition will spread virally.
+- (Also, less important: Slightly faster transition: If you send a message to e.g. "Delta Chat Dev", all members of the "sub-group" "delta android" will know of your transition.)
+- It's easier to implement (if too many problems turn up, we can still switch to another approach and didn't waste that much development time.)
+
+[full messages](https://github.com/deltachat/deltachat-core-rust/pull/2896#discussion_r852002161)
+  
+_end of the previous state of the discussion_  
+
+</details>
+  
+Other
+-----
+
+- The user is responsible that messages to the old address arrive at the new address, for example by configuring the old provider to forward all emails to the new one.
+
+Notes during implementing
+========================
+
+- As far as I understand the code, unencrypted messages are unsigned. So, the transition only works if both sides have the other side's key.
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.50.0-dev"
+version = "2.44.0-dev"
 license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -553,6 +553,17 @@ class Account:
    def imex(self, path: str, imex_cmd: int, passphrase: Optional[str] = None) -> None:
        lib.dc_imex(self._dc_context, imex_cmd, as_dc_charpointer(path), as_dc_charpointer(passphrase))

+    def initiate_key_transfer(self) -> str:
+        """return setup code after a Autocrypt setup message
+        has been successfully sent to our own e-mail address ("self-sent message").
+        If sending out was unsuccessful, a RuntimeError is raised.
+        """
+        self.check_is_configured()
+        res = lib.dc_initiate_key_transfer(self._dc_context)
+        if res == ffi.NULL:
+            raise RuntimeError("could not send out autocrypt setup message")
+        return from_dc_charpointer(res)
+
    def get_setup_contact_qr(self) -> str:
        """get/create Setup-Contact QR Code as ascii-string.

--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -167,6 +167,14 @@ class Message:
        """return True if this message is a system/info message."""
        return bool(lib.dc_msg_is_info(self._dc_msg))

+    def is_setup_message(self):
+        """return True if this message is a setup message."""
+        return lib.dc_msg_is_setupmessage(self._dc_msg)
+
+    def get_setupcodebegin(self) -> str:
+        """return the first characters of a setup code in a setup message."""
+        return from_dc_charpointer(lib.dc_msg_get_setupcodebegin(self._dc_msg))
+
    def is_encrypted(self):
        """return True if this message was encrypted."""
        return bool(lib.dc_msg_get_showpadlock(self._dc_msg))
@@ -190,6 +198,12 @@ class Message:
        """Get a message summary as a single line of text. Typically used for notifications."""
        return from_dc_charpointer(lib.dc_msg_get_summarytext(self._dc_msg, width))

+    def continue_key_transfer(self, setup_code):
+        """extract key and use it as primary key for this account."""
+        res = lib.dc_continue_key_transfer(self.account._dc_context, self.id, as_dc_charpointer(setup_code))
+        if res == 0:
+            raise ValueError("Importing the key from Autocrypt Setup Message failed")
+
    @props.with_doc
    def time_sent(self):
        """UTC time when the message was sent.
@@ -254,6 +268,10 @@ class Message:
        """Quote setter."""
        lib.dc_msg_set_quote(self._dc_msg, quoted_message._dc_msg)

+    def force_plaintext(self) -> None:
+        """Force the message to be sent in plain text."""
+        lib.dc_msg_force_plaintext(self._dc_msg)
+
    @property
    def error(self) -> Optional[str]:
        """Error message."""
--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -433,6 +433,7 @@ class ACFactory:
        if self.pytestconfig.getoption("--strict-tls"):
            # Enable strict certificate checks for online accounts
            configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT)
+            configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT)

        assert "addr" in configdict and "mail_pw" in configdict
        return configdict
@@ -504,6 +505,7 @@ class ACFactory:
                "addr": cloned_from.get_config("addr"),
                "mail_pw": cloned_from.get_config("mail_pw"),
                "imap_certificate_checks": cloned_from.get_config("imap_certificate_checks"),
+                "smtp_certificate_checks": cloned_from.get_config("smtp_certificate_checks"),
            }
        configdict.update(kwargs)
        ac = self._get_cached_account(addr=configdict["addr"]) if cache else None
@@ -520,6 +522,7 @@ class ACFactory:
        ac = self.get_unconfigured_account()
        assert "addr" in configdict and "mail_pw" in configdict, configdict
        configdict.setdefault("bcc_self", False)
+        configdict.setdefault("mvbox_move", False)
        configdict.setdefault("sync_msgs", False)
        configdict.setdefault("delete_server_after", 0)
        ac.update_config(configdict)
--- a/python/tests/test_0_complex_or_slow.py
+++ b/python/tests/test_0_complex_or_slow.py
@@ -288,7 +288,6 @@ def test_use_new_verified_group_after_going_online(acfactory, data, tmp_path, lp
    assert open(contact.get_profile_image(), "rb").read() == open(avatar_path, "rb").read()

    lp.sec("ac2_offl: sending message")
-    chat2.accept()
    msg_out = chat2.send_text("hello")

    lp.sec("ac1: receiving message")
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -52,19 +52,19 @@ class TestOfflineAccountBasic:

    def test_set_config_int_conversion(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.set_config("bcc_self", False)
-        assert ac1.get_config("bcc_self") == "0"
-        ac1.set_config("bcc_self", True)
-        assert ac1.get_config("bcc_self") == "1"
-        ac1.set_config("bcc_self", 0)
-        assert ac1.get_config("bcc_self") == "0"
-        ac1.set_config("bcc_self", 1)
-        assert ac1.get_config("bcc_self") == "1"
+        ac1.set_config("mvbox_move", False)
+        assert ac1.get_config("mvbox_move") == "0"
+        ac1.set_config("mvbox_move", True)
+        assert ac1.get_config("mvbox_move") == "1"
+        ac1.set_config("mvbox_move", 0)
+        assert ac1.get_config("mvbox_move") == "0"
+        ac1.set_config("mvbox_move", 1)
+        assert ac1.get_config("mvbox_move") == "1"

    def test_update_config(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.update_config({"bcc_self": True})
-        assert ac1.get_config("bcc_self") == "1"
+        ac1.update_config({"mvbox_move": False})
+        assert ac1.get_config("mvbox_move") == "0"

    def test_has_bccself(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2026-04-13
+2026-02-27
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -48,3 +48,19 @@ the build machine (ask your friendly sysadmin on #deltachat Libera Chat) to type

 This will **rsync** your current checkout to the remote build machine 
 (no need to commit before) and then run either rust or python tests. 
+
+# coredeps Dockerfile
+
+`coredeps/Dockerfile` specifies an image that contains all 
+of Delta Chat's core dependencies. It is used to
+build python wheels (binary packages for Python).
+
+You can build the docker images yourself locally
+to avoid the relatively large download:
+ 
+    cd scripts  # where all CI things are 
+    docker build -t deltachat/coredeps coredeps
+
+Additionally, you can install qemu and build arm64 docker image on x86\_64 machine:
+    apt-get install qemu binfmt-support qemu-user-static
+    docker build -t deltachat/coredeps-arm64 --build-arg BASEIMAGE=quay.io/pypa/manylinux2014_aarch64 coredeps
--- a/scripts/check-dev-version.py
+++ b/scripts/check-dev-version.py
@@ -1,23 +0,0 @@
-#!/usr/bin/env python3
-#
-# Script to check that current version ends with -dev.
-# Meant to be run in CI to check that PRs are made against the -dev version.
-# If the version is not -dev, it was forgotten to be updated
-# after making a release.
-
-from pathlib import Path
-import tomllib
-import sys
-
-
-def main():
-    with Path("Cargo.toml").open("rb") as fp:
-        cargo_toml = tomllib.load(fp)
-    version = cargo_toml["package"]["version"]
-    if not version.endswith("-dev"):
-        print(f"Current version {version} does not end with -dev", file=sys.stderr)
-        sys.exit(1)
-
-
-if __name__ == "__main__":
-    main()
--- a/scripts/concourse/README.md
+++ b/scripts/concourse/README.md
@@ -0,0 +1,26 @@
+# Concourse CI pipeline
+
+`docs_wheels.yml` is a pipeline for [Concourse CI](https://concourse-ci.org/)
+that builds C documentation, Python documentation, Python wheels for `x86_64`
+and `aarch64` and Python source packages, and uploads them.
+
+To setup the pipeline run
+```
+fly -t <your-target> set-pipeline -c docs_wheels.yml -p docs_wheels -l secret.yml
+```
+where `secret.yml` contains the following secrets:
+```
+c.delta.chat:
+  private_key: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    ...
+    -----END OPENSSH PRIVATE KEY-----
+devpi:
+  login: dc
+  password: ...
+```
+
+Secrets can be read from the password manager:
+```
+fly -t b1 set-pipeline -c docs_wheels.yml -p docs_wheels -l <(pass show delta/b1.delta.chat/secret.yml)
+```
--- a/scripts/concourse/docs_wheels.yml
+++ b/scripts/concourse/docs_wheels.yml
@@ -0,0 +1,305 @@
+resources:
+  - name: deltachat-core-rust
+    type: git
+    icon: github
+    source:
+      branch: main
+      uri: https://github.com/chatmail/core.git
+
+  - name: deltachat-core-rust-release
+    type: git
+    icon: github
+    source:
+      branch: main
+      uri: https://github.com/chatmail/core.git
+      tag_filter: "v*"
+
+jobs:
+  - name: python-x86_64
+    plan:
+      - get: deltachat-core-rust
+      - get: deltachat-core-rust-release
+        trigger: true
+
+      # Build manylinux image with additional dependencies
+      - task: build-coredeps
+        privileged: true
+        config:
+          inputs:
+            # Building the latest, not tagged coredeps
+            - name: deltachat-core-rust
+          image_resource:
+            source:
+              repository: concourse/oci-build-task
+            type: registry-image
+          outputs:
+            - name: coredeps-image
+              path: image
+          params:
+            CONTEXT: deltachat-core-rust/scripts/coredeps
+            UNPACK_ROOTFS: "true"
+            BUILD_ARG_BASEIMAGE: quay.io/pypa/manylinux2014_x86_64
+          platform: linux
+          caches:
+            - path: cache
+          run:
+            path: build
+
+      # Use built image to build python wheels
+      - task: build-wheels
+        image: coredeps-image
+        config:
+          inputs:
+            - name: deltachat-core-rust-release
+              path: .
+          outputs:
+            # Binary wheels
+            - name: py-wheels
+              path: ./python/.docker-tox/wheelhouse/
+          platform: linux
+          run:
+            path: bash
+            args:
+              - -exc
+              - |
+                scripts/run_all.sh
+
+      # Upload x86_64 wheels and source packages
+      - task: upload-wheels
+        config:
+          inputs:
+            - name: py-wheels
+          image_resource:
+            type: registry-image
+            source:
+              repository: debian
+          platform: linux
+          run:
+            path: sh
+            args:
+              - -ec
+              - |
+                apt-get update -y
+                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
+                python3 -m venv env
+                env/bin/pip install --upgrade pip
+                env/bin/pip install devpi
+                env/bin/devpi use https://m.devpi.net/dc/master
+                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
+                env/bin/devpi upload py-wheels/*manylinux201*
+
+  - name: python-aarch64
+    plan:
+      - get: deltachat-core-rust
+      - get: deltachat-core-rust-release
+        trigger: true
+
+      # Build manylinux image with additional dependencies
+      - task: build-coredeps
+        privileged: true
+        config:
+          inputs:
+            # Building the latest, not tagged coredeps
+            - name: deltachat-core-rust
+          image_resource:
+            source:
+              repository: concourse/oci-build-task
+            type: registry-image
+          outputs:
+            - name: coredeps-image
+              path: image
+          params:
+            CONTEXT: deltachat-core-rust/scripts/coredeps
+            UNPACK_ROOTFS: "true"
+            BUILD_ARG_BASEIMAGE: quay.io/pypa/manylinux2014_aarch64
+          platform: linux
+          caches:
+            - path: cache
+          run:
+            path: build
+
+      # Use built image to build python wheels
+      - task: build-wheels
+        image: coredeps-image
+        config:
+          inputs:
+            - name: deltachat-core-rust-release
+              path: .
+          outputs:
+            - name: py-wheels
+              path: ./python/.docker-tox/wheelhouse/
+          platform: linux
+          run:
+            path: bash
+            args:
+              - -exc
+              - |
+                scripts/run_all.sh
+
+      # Upload aarch64 wheels
+      - task: upload-wheels
+        config:
+          inputs:
+            - name: py-wheels
+          image_resource:
+            type: registry-image
+            source:
+              repository: debian
+          platform: linux
+          run:
+            path: sh
+            args:
+              - -ec
+              - |
+                apt-get update -y
+                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
+                python3 -m venv env
+                env/bin/pip install --upgrade pip
+                env/bin/pip install devpi
+                env/bin/devpi use https://m.devpi.net/dc/master
+                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
+                env/bin/devpi upload py-wheels/*manylinux201*
+
+  - name: python-musl-x86_64
+    plan:
+      - get: deltachat-core-rust
+      - get: deltachat-core-rust-release
+        trigger: true
+
+      # Build manylinux image with additional dependencies
+      - task: build-coredeps
+        privileged: true
+        config:
+          inputs:
+            # Building the latest, not tagged coredeps
+            - name: deltachat-core-rust
+          image_resource:
+            source:
+              repository: concourse/oci-build-task
+            type: registry-image
+          outputs:
+            - name: coredeps-image
+              path: image
+          params:
+            CONTEXT: deltachat-core-rust/scripts/coredeps
+            UNPACK_ROOTFS: "true"
+            BUILD_ARG_BASEIMAGE: quay.io/pypa/musllinux_1_1_x86_64
+          platform: linux
+          caches:
+            - path: cache
+          run:
+            path: build
+
+      # Use built image to build python wheels
+      - task: build-wheels
+        image: coredeps-image
+        config:
+          inputs:
+            - name: deltachat-core-rust-release
+              path: .
+          outputs:
+            - name: py-wheels
+              path: ./python/.docker-tox/wheelhouse/
+          platform: linux
+          run:
+            path: bash
+            args:
+              - -exc
+              - |
+                scripts/run_all.sh
+
+      # Upload musl x86_64 wheels
+      - task: upload-wheels
+        config:
+          inputs:
+            - name: py-wheels
+          image_resource:
+            type: registry-image
+            source:
+              repository: debian
+          platform: linux
+          run:
+            path: sh
+            args:
+              - -ec
+              - |
+                apt-get update -y
+                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
+                python3 -m venv env
+                env/bin/pip install --upgrade pip
+                env/bin/pip install devpi
+                env/bin/devpi use https://m.devpi.net/dc/master
+                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
+                env/bin/devpi upload py-wheels/*musllinux_1_1_x86_64*
+
+  - name: python-musl-aarch64
+    plan:
+      - get: deltachat-core-rust
+      - get: deltachat-core-rust-release
+        trigger: true
+
+      # Build manylinux image with additional dependencies
+      - task: build-coredeps
+        privileged: true
+        config:
+          inputs:
+            # Building the latest, not tagged coredeps
+            - name: deltachat-core-rust
+          image_resource:
+            source:
+              repository: concourse/oci-build-task
+            type: registry-image
+          outputs:
+            - name: coredeps-image
+              path: image
+          params:
+            CONTEXT: deltachat-core-rust/scripts/coredeps
+            UNPACK_ROOTFS: "true"
+            BUILD_ARG_BASEIMAGE: quay.io/pypa/musllinux_1_1_aarch64
+          platform: linux
+          caches:
+            - path: cache
+          run:
+            path: build
+
+      # Use built image to build python wheels
+      - task: build-wheels
+        image: coredeps-image
+        config:
+          inputs:
+            - name: deltachat-core-rust-release
+              path: .
+          outputs:
+            - name: py-wheels
+              path: ./python/.docker-tox/wheelhouse/
+          platform: linux
+          run:
+            path: bash
+            args:
+              - -exc
+              - |
+                scripts/run_all.sh
+
+      # Upload musl aarch64 wheels
+      - task: upload-wheels
+        config:
+          inputs:
+            - name: py-wheels
+          image_resource:
+            type: registry-image
+            source:
+              repository: debian
+          platform: linux
+          run:
+            path: sh
+            args:
+              - -ec
+              - |
+                apt-get update -y
+                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
+                python3 -m venv env
+                env/bin/pip install --upgrade pip
+                env/bin/pip install devpi
+                env/bin/devpi use https://m.devpi.net/dc/master
+                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
+                env/bin/devpi upload py-wheels/*musllinux_1_1_aarch64*
--- a/scripts/coredeps/Dockerfile
+++ b/scripts/coredeps/Dockerfile
@@ -0,0 +1,9 @@
+ARG BASEIMAGE=quay.io/pypa/manylinux2014_x86_64
+#ARG BASEIMAGE=quay.io/pypa/musllinux_1_1_x86_64
+#ARG BASEIMAGE=quay.io/pypa/manylinux2014_aarch64
+
+FROM $BASEIMAGE
+RUN pipx install tox
+COPY install-rust.sh /scripts/
+RUN /scripts/install-rust.sh
+RUN if command -v yum; then yum install -y perl-IPC-Cmd; fi
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Install Rust
+#
+# Path from https://forge.rust-lang.org/infra/other-installation-methods.html
+#
+# Avoid using rustup here as it depends on reading /proc/self/exe and
+# has problems running under QEMU.
+RUST_VERSION=1.94.0
+
+ARCH="$(uname -m)"
+test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
+
+curl "https://static.rust-lang.org/dist/rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC.tar.gz" | tar xz
+cd "rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC"
+./install.sh --prefix=/usr --components=rustc,cargo,"rust-std-$ARCH-unknown-linux-$LIBC"
+rustc --version
+cd ..
+rm -fr "rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC"
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=ad097ee40579c884e7757de2d3bb0a51f481a32a
+REV=996c4bc82be5a7404f70b185ff062da33bfa98d9

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
--- a/spec.md
+++ b/spec.md
@@ -39,24 +39,9 @@ Messages SHOULD be encrypted by the
 [Autocrypt](https://autocrypt.org/level1.html) standard;
 `prefer-encrypt=mutual` MAY be set by default.

-Meta data SHOULD be encrypted
-by the [Header Protection](https://www.rfc-editor.org/rfc/rfc9788.html) standard
-with the following [Header Confidentiality Policy](https://www.rfc-editor.org/rfc/rfc9788.html#name-header-confidentiality-poli):
-```
-hcp_chat(name, val_in) → val_out:
-    if lower(name) is 'from':
-        assert that val_in is an RFC 5322 mailbox
-        return the RFC 5322 addr-spec part of val_in
-    else if lower(name) is 'to':
-        return '"hidden-recipients": ;'
-    else if lower(name) is 'date':
-        return the UTC form of a random date within the last 7 days
-    else if lower(name) is 'subject':
-        return '[...]'
-    else if lower(name) is in ['message-id', 'chat-is-post-message']:
-        return val_in
-    return null
-```
+Meta data (at least the subject and all chat-headers) SHOULD be encrypted
+by the [Protected Headers](https://tools.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html) standard.
+

 # Outgoing messages

--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -8,7 +8,6 @@ use std::sync::Arc;
 use anyhow::{Context as _, Result, bail, ensure};
 use async_channel::{self, Receiver, Sender};
 use futures::FutureExt as _;
-use futures::future;
 use futures_lite::FutureExt as _;
 use serde::{Deserialize, Serialize};
 use tokio::fs;
@@ -23,7 +22,6 @@ use tokio::time::{Duration, sleep};

 use crate::context::{Context, ContextBuilder};
 use crate::events::{Event, EventEmitter, EventType, Events};
-use crate::location;
 use crate::log::warn;
 use crate::push::PushSubscriber;
 use crate::stock_str::StockStrings;
@@ -538,38 +536,6 @@ impl Accounts {
        self.push_subscriber.set_device_token(token).await;
        Ok(())
    }
-
-    /// Sets location for all accounts.
-    ///
-    /// Returns true if location should still be streamed.
-    pub async fn set_location(&self, latitude: f64, longitude: f64, accuracy: f64) -> Result<bool> {
-        let continue_streaming = future::try_join_all(self.accounts.iter().map(
-            |(account_id, account)| async move {
-                location::set(account, latitude, longitude, accuracy)
-                    .await
-                    .with_context(|| format!("Failed to set location for account {account_id}"))
-            },
-        ))
-        .await?
-        .into_iter()
-        .any(|continue_streaming| continue_streaming);
-        Ok(continue_streaming)
-    }
-
-    /// Stops sending locations to all chats.
-    pub async fn stop_sending_locations(&self) -> Result<()> {
-        future::try_join_all(
-            self.accounts
-                .iter()
-                .map(|(account_id, account)| async move {
-                    location::stop_sending(account).await.with_context(|| {
-                        format!("Failed to stop sending locations for account {account_id}")
-                    })
-                }),
-        )
-        .await?;
-        Ok(())
-    }
 }

 /// Configuration file name.
@@ -720,27 +686,13 @@ impl Config {
        file.write_all(toml::to_string_pretty(&self.inner)?.as_bytes())
            .await
            .context("failed to write a tmp config")?;
-
-        // We use `sync_all()` and not `sync_data()` here.
-        // This translates to `fsync()` instead of `fdatasync()`.
-        // `fdatasync()` may be insufficient for newely created files
-        // and may not even synchronize the file size on some operating systems,
-        // resulting in a truncated file.
-        file.sync_all()
+        file.sync_data()
            .await
            .context("failed to sync a tmp config")?;
        drop(file);
        fs::rename(&tmp_path, &self.file)
            .await
            .context("failed to rename config")?;
-        // Sync the rename().
-        #[cfg(not(windows))]
-        {
-            let parent = self.file.parent().context("No parent directory")?;
-            let parent_file = fs::File::open(parent).await?;
-            parent_file.sync_all().await?;
-        }
-
        Ok(())
    }

@@ -1283,11 +1235,13 @@ mod tests {
        let account1 = accounts.get_account(1).context("failed to get account 1")?;
        let account2 = accounts.get_account(2).context("failed to get account 2")?;

-        assert_eq!(stock_str::no_messages(&account1), "No messages.");
-        assert_eq!(stock_str::no_messages(&account2), "No messages.");
-        account1.set_stock_translation(StockMessage::NoMessages, "foobar".to_string())?;
-        assert_eq!(stock_str::no_messages(&account1), "foobar");
-        assert_eq!(stock_str::no_messages(&account2), "foobar");
+        assert_eq!(stock_str::no_messages(&account1).await, "No messages.");
+        assert_eq!(stock_str::no_messages(&account2).await, "No messages.");
+        account1
+            .set_stock_translation(StockMessage::NoMessages, "foobar".to_string())
+            .await?;
+        assert_eq!(stock_str::no_messages(&account1).await, "foobar");
+        assert_eq!(stock_str::no_messages(&account2).await, "foobar");

        Ok(())
    }
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -4,8 +4,9 @@

 use std::collections::BTreeMap;
 use std::fmt;
+use std::str::FromStr;

-use anyhow::{Context as _, Result, bail};
+use anyhow::{Context as _, Error, Result, bail};

 use crate::key::{DcKey, SignedPublicKey};

@@ -27,8 +28,10 @@ impl fmt::Display for EncryptPreference {
    }
 }

-impl EncryptPreference {
-    fn new(s: &str) -> Result<Self> {
+impl FromStr for EncryptPreference {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self> {
        match s {
            "mutual" => Ok(EncryptPreference::Mutual),
            "nopreference" => Ok(EncryptPreference::NoPreference),
@@ -82,8 +85,10 @@ impl fmt::Display for Aheader {
    }
 }

-impl Aheader {
-    pub(crate) fn from_str(s: &str) -> Result<Self> {
+impl FromStr for Aheader {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self> {
        let mut attributes: BTreeMap<String, String> = s
            .split(';')
            .filter_map(|a| {
@@ -111,7 +116,7 @@ impl Aheader {

        let prefer_encrypt = attributes
            .remove("prefer-encrypt")
-            .and_then(|raw| EncryptPreference::new(&raw).ok())
+            .and_then(|raw| raw.parse().ok())
            .unwrap_or_default();

        let verified = attributes.remove("_verified").is_some();
@@ -139,9 +144,8 @@ mod tests {

    #[test]
    fn test_from_str() -> Result<()> {
-        let h = Aheader::from_str(&format!(
-            "addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}"
-        ))?;
+        let h: Aheader =
+            format!("addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}").parse()?;

        assert_eq!(h.addr, "me@mail.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::Mutual);
@@ -153,7 +157,7 @@ mod tests {
    #[test]
    fn test_from_str_reset() -> Result<()> {
        let raw = format!("addr=reset@example.com; prefer-encrypt=reset; keydata={RAWKEY}");
-        let h = Aheader::from_str(&raw)?;
+        let h: Aheader = raw.parse()?;

        assert_eq!(h.addr, "reset@example.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
@@ -163,7 +167,7 @@ mod tests {
    #[test]
    fn test_from_str_non_critical() -> Result<()> {
        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; keydata={RAWKEY}");
-        let h = Aheader::from_str(&raw)?;
+        let h: Aheader = raw.parse()?;

        assert_eq!(h.addr, "me@mail.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
@@ -173,7 +177,7 @@ mod tests {
    #[test]
    fn test_from_str_superflous_critical() {
        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; other=me; keydata={RAWKEY}");
-        assert!(Aheader::from_str(&raw).is_err());
+        assert!(raw.parse::<Aheader>().is_err());
    }

    #[test]
--- a/src/authres.rs
+++ b/src/authres.rs
@@ -0,0 +1,561 @@
+//! Parsing and handling of the Authentication-Results header.
+//! See the comment on [`handle_authres`] for more.
+
+use std::borrow::Cow;
+use std::collections::BTreeSet;
+use std::fmt;
+use std::sync::LazyLock;
+
+use anyhow::Result;
+use deltachat_contact_tools::EmailAddress;
+use mailparse::MailHeaderMap;
+use mailparse::ParsedMail;
+
+use crate::config::Config;
+use crate::context::Context;
+use crate::headerdef::HeaderDef;
+
+/// `authres` is short for the Authentication-Results header, defined in
+/// <https://datatracker.ietf.org/doc/html/rfc8601>, which contains info
+/// about whether DKIM and SPF passed.
+///
+/// To mitigate From forgery, we remember for each sending domain whether it is known
+/// to have valid DKIM. If an email from such a domain comes with invalid DKIM,
+/// we don't allow changing the autocrypt key.
+///
+/// See <https://github.com/deltachat/deltachat-core-rust/issues/3507>.
+pub(crate) async fn handle_authres(
+    context: &Context,
+    mail: &ParsedMail<'_>,
+    from: &str,
+) -> Result<DkimResults> {
+    let from_domain = match EmailAddress::new(from) {
+        Ok(email) => email.domain,
+        Err(e) => {
+            return Err(anyhow::format_err!("invalid email {from}: {e:#}"));
+        }
+    };
+
+    let authres = parse_authres_headers(&mail.get_headers(), &from_domain);
+    update_authservid_candidates(context, &authres).await?;
+    compute_dkim_results(context, authres).await
+}
+
+#[derive(Debug)]
+pub(crate) struct DkimResults {
+    /// Whether DKIM passed for this particular e-mail.
+    pub dkim_passed: bool,
+}
+
+impl fmt::Display for DkimResults {
+    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
+        write!(fmt, "DKIM Results: Passed={}", self.dkim_passed)?;
+        Ok(())
+    }
+}
+
+type AuthservId = String;
+
+#[derive(Debug, PartialEq)]
+enum DkimResult {
+    /// The header explicitly said that DKIM passed
+    Passed,
+    /// The header explicitly said that DKIM failed
+    Failed,
+    /// The header didn't say anything about DKIM; this might mean that it wasn't
+    /// checked, but it might also mean that it failed. This is because some providers
+    /// (e.g. ik.me, mail.ru, posteo.de) don't add `dkim=none` to their
+    /// Authentication-Results if there was no DKIM.
+    Nothing,
+}
+
+type ParsedAuthresHeaders = Vec<(AuthservId, DkimResult)>;
+
+fn parse_authres_headers(
+    headers: &mailparse::headers::Headers<'_>,
+    from_domain: &str,
+) -> ParsedAuthresHeaders {
+    let mut res = Vec::new();
+    for header_value in headers.get_all_values(HeaderDef::AuthenticationResults.into()) {
+        let header_value = remove_comments(&header_value);
+
+        if let Some(mut authserv_id) = header_value.split(';').next() {
+            if authserv_id.contains(char::is_whitespace) || authserv_id.is_empty() {
+                // Outlook violates the RFC by not adding an authserv-id at all, which we notice
+                // because there is whitespace in the first identifier before the ';'.
+                // Authentication-Results-parsing still works securely because they remove incoming
+                // Authentication-Results headers.
+                // We just use an arbitrary authserv-id, it will work for Outlook, and in general,
+                // with providers not implementing the RFC correctly, someone can trick us
+                // into thinking that an incoming email is DKIM-correct, anyway.
+                // The most important thing here is that we have some valid `authserv_id`.
+                authserv_id = "invalidAuthservId";
+            }
+            let dkim_passed = parse_one_authres_header(&header_value, from_domain);
+            res.push((authserv_id.to_string(), dkim_passed));
+        }
+    }
+
+    res
+}
+
+/// The headers can contain comments that look like this:
+/// ```text
+/// Authentication-Results: (this is a comment) gmx.net; (another; comment) dkim=pass;
+/// ```
+fn remove_comments(header: &str) -> Cow<'_, str> {
+    // In Pomsky, this is:
+    //     "(" Codepoint* lazy ")"
+    // See https://playground.pomsky-lang.org/?text=%22(%22%20Codepoint*%20lazy%20%22)%22
+    static RE: LazyLock<regex::Regex> =
+        LazyLock::new(|| regex::Regex::new(r"\([\s\S]*?\)").unwrap());
+
+    RE.replace_all(header, " ")
+}
+
+/// Parses a single Authentication-Results header, like:
+///
+/// ```text
+/// Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com
+/// ```
+fn parse_one_authres_header(header_value: &str, from_domain: &str) -> DkimResult {
+    if let Some((before_dkim_part, dkim_to_end)) = header_value.split_once("dkim=") {
+        // Check that the character right before `dkim=` is a space or a tab
+        // so that we wouldn't e.g. mistake `notdkim=pass` for `dkim=pass`
+        if before_dkim_part.ends_with(' ') || before_dkim_part.ends_with('\t') {
+            let dkim_part = dkim_to_end.split(';').next().unwrap_or_default();
+            let dkim_parts: Vec<_> = dkim_part.split_whitespace().collect();
+            if let Some(&"pass") = dkim_parts.first() {
+                // DKIM headers contain a header.d or header.i field
+                // that says which domain signed. We have to check ourselves
+                // that this is the same domain as in the From header.
+                let header_d: &str = &format!("header.d={}", &from_domain);
+                let header_i: &str = &format!("header.i=@{}", &from_domain);
+
+                if dkim_parts.contains(&header_d) || dkim_parts.contains(&header_i) {
+                    // We have found a `dkim=pass` header!
+                    return DkimResult::Passed;
+                }
+            } else {
+                // dkim=fail, dkim=none, ...
+                return DkimResult::Failed;
+            }
+        }
+    }
+
+    DkimResult::Nothing
+}
+
+/// ## About authserv-ids
+///
+/// After having checked DKIM, our email server adds an Authentication-Results header.
+///
+/// Now, an attacker could just add an Authentication-Results header that says dkim=pass
+/// in order to make us think that DKIM was correct in their From-forged email.
+///
+/// In order to prevent this, each email server adds its authserv-id to the
+/// Authentication-Results header, e.g. Testrun's authserv-id is `testrun.org`, Gmail's
+/// is `mx.google.com`. When Testrun gets a mail delivered from outside, it will then
+/// remove any Authentication-Results headers whose authserv-id is also `testrun.org`.
+///
+/// We need to somehow find out the authserv-id(s) of our email server, so that
+/// we can use the Authentication-Results with the right authserv-id.
+///
+/// ## What this function does
+///
+/// When receiving an email, this function is called and updates the candidates for
+/// our server's authserv-id, i.e. what we think our server's authserv-id is.
+///
+/// Usually, every incoming email has Authentication-Results  with our server's
+/// authserv-id, so, the intersection of the existing authserv-ids and the incoming
+/// authserv-ids for our server's authserv-id is a good guess for our server's
+/// authserv-id. When this intersection is empty, we assume that the authserv-id has
+/// changed and start over with the new authserv-ids.
+///
+/// See [`handle_authres`].
+async fn update_authservid_candidates(
+    context: &Context,
+    authres: &ParsedAuthresHeaders,
+) -> Result<()> {
+    let mut new_ids: BTreeSet<&str> = authres
+        .iter()
+        .map(|(authserv_id, _dkim_passed)| authserv_id.as_str())
+        .collect();
+    if new_ids.is_empty() {
+        // The incoming message doesn't contain any authentication results, maybe it's a
+        // self-sent or a mailer-daemon message
+        return Ok(());
+    }
+
+    let old_config = context.get_config(Config::AuthservIdCandidates).await?;
+    let old_ids = parse_authservid_candidates_config(&old_config);
+    let intersection: BTreeSet<&str> = old_ids.intersection(&new_ids).copied().collect();
+    if !intersection.is_empty() {
+        new_ids = intersection;
+    }
+    // If there were no AuthservIdCandidates previously, just start with
+    // the ones from the incoming email
+
+    if old_ids != new_ids {
+        let new_config = new_ids.into_iter().collect::<Vec<_>>().join(" ");
+        context
+            .set_config_internal(Config::AuthservIdCandidates, Some(&new_config))
+            .await?;
+    }
+    Ok(())
+}
+
+/// Use the parsed authres and the authservid candidates to compute whether DKIM passed
+/// and whether a keychange should be allowed.
+///
+/// We track in the `sending_domains` table whether we get positive Authentication-Results
+/// for mails from a contact (meaning that their provider properly authenticates against
+/// our provider).
+///
+/// Once a contact is known to come with positive Authentication-Resutls (dkim: pass),
+/// we don't accept Autocrypt key changes if they come with negative Authentication-Results.
+async fn compute_dkim_results(
+    context: &Context,
+    mut authres: ParsedAuthresHeaders,
+) -> Result<DkimResults> {
+    let mut dkim_passed = false;
+
+    let ids_config = context.get_config(Config::AuthservIdCandidates).await?;
+    let ids = parse_authservid_candidates_config(&ids_config);
+
+    // Remove all foreign authentication results
+    authres.retain(|(authserv_id, _dkim_passed)| ids.contains(authserv_id.as_str()));
+
+    if authres.is_empty() {
+        // If the authentication results are empty, then our provider doesn't add them
+        // and an attacker could just add their own Authentication-Results, making us
+        // think that DKIM passed. So, in this case, we can as well assume that DKIM passed.
+        dkim_passed = true;
+    } else {
+        for (_authserv_id, current_dkim_passed) in authres {
+            match current_dkim_passed {
+                DkimResult::Passed => {
+                    dkim_passed = true;
+                    break;
+                }
+                DkimResult::Failed => {
+                    dkim_passed = false;
+                    break;
+                }
+                DkimResult::Nothing => {
+                    // Continue looking for an Authentication-Results header
+                }
+            }
+        }
+    }
+
+    Ok(DkimResults { dkim_passed })
+}
+
+fn parse_authservid_candidates_config(config: &Option<String>) -> BTreeSet<&str> {
+    config
+        .as_deref()
+        .map(|c| c.split_whitespace().collect())
+        .unwrap_or_default()
+}
+
+#[cfg(test)]
+mod tests {
+    use tokio::fs;
+    use tokio::io::AsyncReadExt;
+
+    use super::*;
+    use crate::mimeparser;
+    use crate::test_utils::TestContext;
+    use crate::test_utils::TestContextManager;
+    use crate::tools;
+
+    #[test]
+    fn test_remove_comments() {
+        let header = "Authentication-Results: mx3.messagingengine.com;
+    dkim=pass (1024-bit rsa key sha256) header.d=riseup.net;"
+            .to_string();
+        assert_eq!(
+            remove_comments(&header),
+            "Authentication-Results: mx3.messagingengine.com;
+    dkim=pass   header.d=riseup.net;"
+        );
+
+        let header = ") aaa (".to_string();
+        assert_eq!(remove_comments(&header), ") aaa (");
+
+        let header = "((something weird) no comment".to_string();
+        assert_eq!(remove_comments(&header), "  no comment");
+
+        let header = "🎉(🎉(🎉))🎉(".to_string();
+        assert_eq!(remove_comments(&header), "🎉 )🎉(");
+
+        // Comments are allowed to include whitespace
+        let header = "(com\n\t\r\nment) no comment (comment)".to_string();
+        assert_eq!(remove_comments(&header), "  no comment  ");
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_parse_authentication_results() -> Result<()> {
+        let t = TestContext::new().await;
+        t.configure_addr("alice@gmx.net").await;
+        let bytes = b"Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com
+Authentication-Results:  gmx.net; dkim=pass header.i=@amazonses.com";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
+        assert_eq!(
+            actual,
+            vec![
+                ("gmx.net".to_string(), DkimResult::Passed),
+                ("gmx.net".to_string(), DkimResult::Nothing)
+            ]
+        );
+
+        let bytes = b"Authentication-Results:  gmx.net; notdkim=pass header.i=@slack.com
+Authentication-Results:  gmx.net; notdkim=pass header.i=@amazonses.com";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
+        assert_eq!(
+            actual,
+            vec![
+                ("gmx.net".to_string(), DkimResult::Nothing),
+                ("gmx.net".to_string(), DkimResult::Nothing)
+            ]
+        );
+
+        let bytes = b"Authentication-Results:  gmx.net; dkim=pass header.i=@amazonses.com";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
+        assert_eq!(actual, vec![("gmx.net".to_string(), DkimResult::Nothing)],);
+
+        // Weird Authentication-Results from Outlook without an authserv-id
+        let bytes = b"Authentication-Results: spf=pass (sender IP is 40.92.73.85)
+    smtp.mailfrom=hotmail.com; dkim=pass (signature was verified)
+    header.d=hotmail.com;dmarc=pass action=none
+    header.from=hotmail.com;compauth=pass reason=100";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "hotmail.com");
+        // At this point, the most important thing to test is that there are no
+        // authserv-ids with whitespace in them.
+        assert_eq!(
+            actual,
+            vec![("invalidAuthservId".to_string(), DkimResult::Passed)]
+        );
+
+        let bytes = b"Authentication-Results:  gmx.net; dkim=none header.i=@slack.com
+Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
+        assert_eq!(
+            actual,
+            vec![
+                ("gmx.net".to_string(), DkimResult::Failed),
+                ("gmx.net".to_string(), DkimResult::Passed)
+            ]
+        );
+
+        // ';' in comments
+        let bytes = b"Authentication-Results: mx1.riseup.net;
+	dkim=pass (1024-bit key; unprotected) header.d=yandex.ru header.i=@yandex.ru header.a=rsa-sha256 header.s=mail header.b=avNJu6sw;
+	dkim-atps=neutral";
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "yandex.ru");
+        assert_eq!(
+            actual,
+            vec![("mx1.riseup.net".to_string(), DkimResult::Passed)]
+        );
+
+        let bytes = br#"Authentication-Results: box.hispanilandia.net;
+	dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq";
+	dkim-atps=neutral
+Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org
+Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#;
+        let mail = mailparse::parse_mail(bytes)?;
+        let actual = parse_authres_headers(&mail.get_headers(), "disroot.org");
+        assert_eq!(
+            actual,
+            vec![
+                ("box.hispanilandia.net".to_string(), DkimResult::Failed),
+                ("box.hispanilandia.net".to_string(), DkimResult::Nothing),
+                ("box.hispanilandia.net".to_string(), DkimResult::Nothing),
+            ]
+        );
+
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_update_authservid_candidates() -> Result<()> {
+        let t = TestContext::new_alice().await;
+
+        update_authservid_candidates_test(&t, &["mx3.messagingengine.com"]).await;
+        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
+        assert_eq!(candidates, "mx3.messagingengine.com");
+
+        // "mx4.messagingengine.com" seems to be the new authserv-id, DC should accept it
+        update_authservid_candidates_test(&t, &["mx4.messagingengine.com"]).await;
+        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
+        assert_eq!(candidates, "mx4.messagingengine.com");
+
+        // A message without any Authentication-Results headers shouldn't remove all
+        // candidates since it could be a mailer-daemon message or so
+        update_authservid_candidates_test(&t, &[]).await;
+        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
+        assert_eq!(candidates, "mx4.messagingengine.com");
+
+        update_authservid_candidates_test(&t, &["mx4.messagingengine.com", "someotherdomain.com"])
+            .await;
+        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
+        assert_eq!(candidates, "mx4.messagingengine.com");
+
+        Ok(())
+    }
+
+    /// Calls update_authservid_candidates(), meant for using in a test.
+    ///
+    /// update_authservid_candidates() only looks at the keys of its
+    /// `authentication_results` parameter. So, this function takes `incoming_ids`
+    /// and adds some AuthenticationResults to get the HashMap we need.
+    async fn update_authservid_candidates_test(context: &Context, incoming_ids: &[&str]) {
+        let v = incoming_ids
+            .iter()
+            .map(|id| (id.to_string(), DkimResult::Passed))
+            .collect();
+        update_authservid_candidates(context, &v).await.unwrap()
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_realworld_authentication_results() -> Result<()> {
+        let mut test_failed = false;
+
+        let dir = tools::read_dir("test-data/message/dkimchecks-2022-09-28/".as_ref())
+            .await
+            .unwrap();
+        let mut bytes = Vec::new();
+        for entry in dir {
+            if !entry.file_type().await.unwrap().is_dir() {
+                continue;
+            }
+            let self_addr = entry.file_name().into_string().unwrap();
+            let self_domain = EmailAddress::new(&self_addr).unwrap().domain;
+            let authres_parsing_works = [
+                "ik.me",
+                "web.de",
+                "posteo.de",
+                "gmail.com",
+                "hotmail.com",
+                "mail.ru",
+                "aol.com",
+                "yahoo.com",
+                "icloud.com",
+                "fastmail.com",
+                "mail.de",
+                "outlook.com",
+                "gmx.de",
+                "testrun.org",
+            ]
+            .contains(&self_domain.as_str());
+
+            let t = TestContext::new().await;
+            t.configure_addr(&self_addr).await;
+            if !authres_parsing_works {
+                println!("========= Receiving as {} =========", &self_addr);
+            }
+
+            // Simulate receiving all emails once, so that we have the correct authserv-ids
+            let mut dir = tools::read_dir(&entry.path()).await.unwrap();
+
+            // The ordering in which the emails are received can matter;
+            // the test _should_ pass for every ordering.
+            dir.sort_by_key(|d| d.file_name());
+            //rand::seq::SliceRandom::shuffle(&mut dir[..], &mut rand::rng());
+
+            for entry in &dir {
+                let mut file = fs::File::open(entry.path()).await?;
+                bytes.clear();
+                file.read_to_end(&mut bytes).await.unwrap();
+
+                let mail = mailparse::parse_mail(&bytes)?;
+                let from = &mimeparser::get_from(&mail.headers).unwrap().addr;
+
+                let res = handle_authres(&t, &mail, from).await?;
+                let from_domain = EmailAddress::new(from).unwrap().domain;
+
+                // delta.blinzeln.de and gmx.de have invalid DKIM, so the DKIM check should fail
+                let expected_result = (from_domain != "delta.blinzeln.de") && (from_domain != "gmx.de")
+                    // These are (fictional) forged emails where the attacker added a fake
+                    // Authentication-Results before sending the email
+                    && from != "forged-authres-added@example.com"
+                    // Other forged emails
+                    && !from.starts_with("forged");
+
+                if res.dkim_passed != expected_result {
+                    if authres_parsing_works {
+                        println!(
+                            "!!!!!! FAILURE Receiving {:?} wrong result: !!!!!!",
+                            entry.path(),
+                        );
+                        test_failed = true;
+                    }
+                    println!("From {}: {}", from_domain, res.dkim_passed);
+                }
+            }
+        }
+
+        assert!(!test_failed);
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_handle_authres() {
+        let t = TestContext::new().await;
+
+        // Even if the format is wrong and parsing fails, handle_authres() shouldn't
+        // return an Err because this would prevent the message from being added
+        // to the database and downloaded again and again
+        let bytes = b"From: invalid@from.com
+Authentication-Results: dkim=";
+        let mail = mailparse::parse_mail(bytes).unwrap();
+        handle_authres(&t, &mail, "invalid@rom.com").await.unwrap();
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_authres_in_mailinglist_ignored() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = tcm.alice().await;
+        let bob = tcm.bob().await;
+
+        // Bob knows his server's authserv-id
+        bob.set_config(Config::AuthservIdCandidates, Some("example.net"))
+            .await?;
+
+        let alice_bob_chat = alice.create_chat(&bob).await;
+        let mut sent = alice.send_text(alice_bob_chat.id, "hellooo").await;
+        sent.payload
+            .insert_str(0, "List-Post: <mailto:deltachat-community.example.net>\n");
+        sent.payload
+            .insert_str(0, "Authentication-Results: example.net; dkim=fail\n");
+        let rcvd = bob.recv_msg(&sent).await;
+        assert!(rcvd.error.is_none());
+
+        // Do the same without the mailing list header, this time the failed
+        // authres isn't ignored
+        let mut sent = alice
+            .send_text(alice_bob_chat.id, "hellooo without mailing list")
+            .await;
+        sent.payload
+            .insert_str(0, "Authentication-Results: example.net; dkim=fail\n");
+        let rcvd = bob.recv_msg(&sent).await;
+
+        // The message info should contain a warning:
+        assert!(
+            rcvd.id
+                .get_info(&bob)
+                .await
+                .unwrap()
+                .contains("DKIM Results: Passed=false")
+        );
+
+        Ok(())
+    }
+}
--- a/src/blob.rs
+++ b/src/blob.rs
@@ -10,8 +10,8 @@ use anyhow::{Context as _, Result, ensure, format_err};
 use base64::Engine as _;
 use futures::StreamExt;
 use image::ImageReader;
+use image::codecs::jpeg::JpegEncoder;
 use image::{DynamicImage, GenericImage, GenericImageView, ImageFormat, Pixel, Rgba};
-use image::{codecs::jpeg::JpegEncoder, metadata::Orientation};
 use num_traits::FromPrimitive;
 use tokio::{fs, task};
 use tokio_stream::wrappers::ReadDirStream;
@@ -284,6 +284,10 @@ impl<'a> BlobObject<'a> {
    ///
    /// Recoding is only done for [`Viewtype::Image`]. For [`Viewtype::File`], if it's a correct
    /// image, `*viewtype` is set to [`Viewtype::Image`].
+    ///
+    /// On some platforms images are passed to Core as [`Viewtype::Sticker`]. We recheck if the
+    /// image is a true sticker assuming that it must have at least one fully transparent corner,
+    /// otherwise `*viewtype` is set to [`Viewtype::Image`].
    pub async fn check_or_recode_image(
        &mut self,
        context: &Context,
@@ -358,10 +362,7 @@ impl<'a> BlobObject<'a> {
                return Ok(name);
            }
            let mut img = imgreader.decode().context("image decode failure")?;
-            let orientation = exif
-                .as_ref()
-                .map(|exif| exif_orientation(exif, context))
-                .unwrap_or(Orientation::NoTransforms);
+            let orientation = exif.as_ref().map(|exif| exif_orientation(exif, context));
            let mut encoded = Vec::new();

            if *vt == Viewtype::Sticker {
@@ -380,7 +381,13 @@ impl<'a> BlobObject<'a> {
                    return Ok(name);
                }
            }
-            img.apply_orientation(orientation);
+
+            img = match orientation {
+                Some(90) => img.rotate90(),
+                Some(180) => img.rotate180(),
+                Some(270) => img.rotate270(),
+                _ => img,
+            };

            // max_wh is the maximum image width and height, i.e. the resolution-limit.
            // target_wh target-resolution for resizing the image.
@@ -461,7 +468,7 @@ impl<'a> BlobObject<'a> {
                            ));
                        }

-                        target_wh = target_wh * 7 / 8;
+                        target_wh = target_wh * 2 / 3;
                    } else {
                        info!(
                            context,
@@ -544,17 +551,18 @@ fn image_metadata(file: &std::fs::File) -> Result<(u64, Option<exif::Exif>)> {
    Ok((len, exif))
 }

-fn exif_orientation(exif: &exif::Exif, context: &Context) -> Orientation {
-    if let Some(orientation) = exif.get_field(exif::Tag::Orientation, exif::In::PRIMARY)
-        && let Some(val) = orientation.value.get_uint(0)
-        && let Ok(val) = TryInto::<u8>::try_into(val)
-    {
-        return Orientation::from_exif(val).unwrap_or({
-            warn!(context, "Exif orientation value ignored: {val:?}.");
-            Orientation::NoTransforms
-        });
+fn exif_orientation(exif: &exif::Exif, context: &Context) -> i32 {
+    if let Some(orientation) = exif.get_field(exif::Tag::Orientation, exif::In::PRIMARY) {
+        // possible orientation values are described at http://sylvana.net/jpegcrop/exif_orientation.html
+        // we only use rotation, in practise, flipping is not used.
+        match orientation.value.get_uint(0) {
+            Some(3) => return 180,
+            Some(6) => return 90,
+            Some(8) => return 270,
+            other => warn!(context, "Exif orientation value ignored: {other:?}."),
+        }
    }
-    Orientation::NoTransforms
+    0
 }

 /// All files in the blobdir.
--- a/src/blob/blob_tests.rs
+++ b/src/blob/blob_tests.rs
@@ -305,7 +305,7 @@ async fn test_recode_image_2() {
        has_exif: true,
        original_width: 2000,
        original_height: 1800,
-        orientation: Some(Orientation::Rotate270),
+        orientation: 270,
        compressed_width: 1800,
        compressed_height: 2000,
        ..Default::default()
@@ -336,28 +336,6 @@ async fn test_recode_image_2() {
    assert_correct_rotation(&img_rotated);
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_recode_image_vflipped() {
-    let bytes = include_bytes!("../../test-data/image/rectangle200x180-vflipped.jpg");
-    let img_rotated = SendImageCheckMediaquality {
-        viewtype: Viewtype::Image,
-        media_quality_config: "0",
-        bytes,
-        extension: "jpg",
-        has_exif: true,
-        original_width: 200,
-        original_height: 180,
-        orientation: Some(Orientation::FlipVertical),
-        compressed_width: 200,
-        compressed_height: 180,
-        ..Default::default()
-    }
-    .test()
-    .await
-    .unwrap();
-    assert_correct_rotation(&img_rotated);
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_recode_image_bad_exif() {
    // `exiftool` reports for this file "Bad offset for IFD0 XResolution", still Exif must be
@@ -445,6 +423,7 @@ async fn test_recode_image_balanced_png() {
    .await
    .unwrap();

+    // This will be sent as Image, see [`BlobObject::check_or_recode_image()`] for explanation.
    SendImageCheckMediaquality {
        viewtype: Viewtype::Sticker,
        media_quality_config: "0",
@@ -452,7 +431,6 @@ async fn test_recode_image_balanced_png() {
        extension: "png",
        original_width: 1920,
        original_height: 1080,
-        res_viewtype: Some(Viewtype::Sticker),
        compressed_width: 1920,
        compressed_height: 1080,
        ..Default::default()
@@ -552,7 +530,7 @@ struct SendImageCheckMediaquality<'a> {
    pub(crate) has_exif: bool,
    pub(crate) original_width: u32,
    pub(crate) original_height: u32,
-    pub(crate) orientation: Option<Orientation>,
+    pub(crate) orientation: i32,
    pub(crate) res_viewtype: Option<Viewtype>,
    pub(crate) compressed_width: u32,
    pub(crate) compressed_height: u32,
@@ -568,7 +546,7 @@ impl SendImageCheckMediaquality<'_> {
        let has_exif = self.has_exif;
        let original_width = self.original_width;
        let original_height = self.original_height;
-        let orientation = self.orientation.unwrap_or(Orientation::NoTransforms);
+        let orientation = self.orientation;
        let res_viewtype = self.res_viewtype.unwrap_or(Viewtype::Image);
        let compressed_width = self.compressed_width;
        let compressed_height = self.compressed_height;
@@ -734,6 +712,8 @@ async fn test_send_gif_as_sticker() -> Result<()> {
    let chat = alice.get_self_chat().await;
    let sent = alice.send_msg(chat.id, &mut msg).await;
    let msg = Message::load_from_db(alice, sent.sender_msg_id).await?;
+    // Message::force_sticker() wasn't used, still Viewtype::Sticker is preserved because of the
+    // extension.
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
    Ok(())
 }
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -11,7 +11,7 @@ use crate::context::{Context, WeakContext};
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
 use crate::log::warn;
-use crate::message::{Message, MsgId, Viewtype, markseen_msgs};
+use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::net::dns::lookup_host_with_cache;
 use crate::param::Param;
@@ -104,11 +104,13 @@ impl CallInfo {
        };

        if self.is_incoming() {
-            let incoming_call_str = stock_str::incoming_call(context, self.has_video_initially());
+            let incoming_call_str =
+                stock_str::incoming_call(context, self.has_video_initially()).await;
            self.update_text(context, &format!("{incoming_call_str}\n{duration}"))
                .await?;
        } else {
-            let outgoing_call_str = stock_str::outgoing_call(context, self.has_video_initially());
+            let outgoing_call_str =
+                stock_str::outgoing_call(context, self.has_video_initially()).await;
            self.update_text(context, &format!("{outgoing_call_str}\n{duration}"))
                .await?;
        }
@@ -205,7 +207,7 @@ impl Context {
        );
        ensure!(!chat.is_self_talk(), "Cannot call self");

-        let outgoing_call_str = stock_str::outgoing_call(self, has_video_initially);
+        let outgoing_call_str = stock_str::outgoing_call(self, has_video_initially).await;
        let mut call = Message {
            viewtype: Viewtype::Call,
            text: outgoing_call_str,
@@ -247,7 +249,6 @@ impl Context {
        if chat.is_contact_request() {
            chat.id.accept(self).await?;
        }
-        markseen_msgs(self, vec![call_id]).await?;

        // send an acceptance message around: to the caller as well as to the other devices of the callee
        let mut msg = Message {
@@ -264,7 +265,6 @@ impl Context {
        self.emit_event(EventType::IncomingCallAccepted {
            msg_id: call.msg.id,
            chat_id: call.msg.chat_id,
-            from_this_device: true,
        });
        self.emit_msgs_changed(call.msg.chat_id, call_id);
        Ok(())
@@ -283,12 +283,11 @@ impl Context {
        if !call.is_accepted() {
            if call.is_incoming() {
                call.mark_as_ended(self).await?;
-                markseen_msgs(self, vec![call_id]).await?;
-                let declined_call_str = stock_str::declined_call(self);
+                let declined_call_str = stock_str::declined_call(self).await;
                call.update_text(self, &declined_call_str).await?;
            } else {
                call.mark_as_canceled(self).await?;
-                let canceled_call_str = stock_str::canceled_call(self);
+                let canceled_call_str = stock_str::canceled_call(self).await;
                call.update_text(self, &canceled_call_str).await?;
            }
        } else {
@@ -331,11 +330,11 @@ impl Context {
        if !call.is_accepted() && !call.is_ended() {
            if call.is_incoming() {
                call.mark_as_canceled(&context).await?;
-                let missed_call_str = stock_str::missed_call(&context);
+                let missed_call_str = stock_str::missed_call(&context).await;
                call.update_text(&context, &missed_call_str).await?;
            } else {
                call.mark_as_ended(&context).await?;
-                let canceled_call_str = stock_str::canceled_call(&context);
+                let canceled_call_str = stock_str::canceled_call(&context).await;
                call.update_text(&context, &canceled_call_str).await?;
            }
            context.emit_msgs_changed(call.msg.chat_id, call_id);
@@ -361,12 +360,12 @@ impl Context {

            if call.is_incoming() {
                if call.is_stale() {
-                    let missed_call_str = stock_str::missed_call(self);
+                    let missed_call_str = stock_str::missed_call(self).await;
                    call.update_text(self, &missed_call_str).await?;
                    self.emit_incoming_msg(call.msg.chat_id, call_id); // notify missed call
                } else {
                    let incoming_call_str =
-                        stock_str::incoming_call(self, call.has_video_initially());
+                        stock_str::incoming_call(self, call.has_video_initially()).await;
                    call.update_text(self, &incoming_call_str).await?;
                    self.emit_msgs_changed(call.msg.chat_id, call_id); // ringing calls are not additionally notified
                    let can_call_me = match who_can_call_me(self).await? {
@@ -407,7 +406,8 @@ impl Context {
                    ));
                }
            } else {
-                let outgoing_call_str = stock_str::outgoing_call(self, call.has_video_initially());
+                let outgoing_call_str =
+                    stock_str::outgoing_call(self, call.has_video_initially()).await;
                call.update_text(self, &outgoing_call_str).await?;
                self.emit_msgs_changed(call.msg.chat_id, call_id);
            }
@@ -430,7 +430,6 @@ impl Context {
                        self.emit_event(EventType::IncomingCallAccepted {
                            msg_id: call.msg.id,
                            chat_id: call.msg.chat_id,
-                            from_this_device: false,
                        });
                    } else {
                        let accept_call_info = mime_message
@@ -459,22 +458,22 @@ impl Context {
                        if call.is_incoming() {
                            if from_id == ContactId::SELF {
                                call.mark_as_ended(self).await?;
-                                let declined_call_str = stock_str::declined_call(self);
+                                let declined_call_str = stock_str::declined_call(self).await;
                                call.update_text(self, &declined_call_str).await?;
                            } else {
                                call.mark_as_canceled(self).await?;
-                                let missed_call_str = stock_str::missed_call(self);
+                                let missed_call_str = stock_str::missed_call(self).await;
                                call.update_text(self, &missed_call_str).await?;
                            }
                        } else {
                            // outgoing
                            if from_id == ContactId::SELF {
                                call.mark_as_canceled(self).await?;
-                                let canceled_call_str = stock_str::canceled_call(self);
+                                let canceled_call_str = stock_str::canceled_call(self).await;
                                call.update_text(self, &canceled_call_str).await?;
                            } else {
                                call.mark_as_ended(self).await?;
-                                let declined_call_str = stock_str::declined_call(self);
+                                let declined_call_str = stock_str::declined_call(self).await;
                                call.update_text(self, &declined_call_str).await?;
                            }
                        }
--- a/src/calls/calls_tests.rs
+++ b/src/calls/calls_tests.rs
@@ -2,7 +2,6 @@ use super::*;
 use crate::chat::forward_msgs;
 use crate::config::Config;
 use crate::constants::DC_CHAT_ID_TRASH;
-use crate::message::MessageState;
 use crate::receive_imf::receive_imf;
 use crate::test_utils::{TestContext, TestContextManager};

@@ -116,28 +115,9 @@ async fn accept_call() -> Result<CallSetup> {
    // Bob accepts the incoming call
    bob.accept_incoming_call(bob_call.id, ACCEPT_INFO.to_string())
        .await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Incoming video call").await?;
    bob.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: true,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let sent2 = bob.pop_sent_msg().await;
    let info = bob
@@ -151,15 +131,7 @@ async fn accept_call() -> Result<CallSetup> {
    bob2.recv_msg_trash(&sent2).await;
    assert_text(&bob, bob_call.id, "Incoming video call").await?;
    bob2.evtracker
-        .get_matching(|evt| {
-            matches!(
-                evt,
-                EventType::IncomingCallAccepted {
-                    from_this_device: false,
-                    ..
-                }
-            )
-        })
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
        .await;
    let info = bob2
        .load_call_by_id(bob2_call.id)
@@ -228,20 +200,9 @@ async fn test_accept_call_callee_ends() -> Result<()> {
        bob2_call,
        ..
    } = accept_call().await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);

    // Bob has accepted the call and also ends it
    bob.end_call(bob_call.id).await?;
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Incoming video call\n<1 minute").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -367,18 +328,8 @@ async fn test_callee_rejects_call() -> Result<()> {
    } = setup_call().await?;

    // Bob has accepted Alice before, but does not want to talk with Alice
+    bob_call.chat_id.accept(&bob).await?;
    bob.end_call(bob_call.id).await?;
-    assert_eq!(bob_call.id.get_state(&bob).await?, MessageState::InSeen);
-    // Bob sends an MDN to Alice.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, bob_call.from_id)
-            )
-            .await?,
-        1
-    );
    assert_text(&bob, bob_call.id, "Declined call").await?;
    bob.evtracker
        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
@@ -419,35 +370,6 @@ async fn test_callee_rejects_call() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_callee_sees_contact_request_call() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    let alice_chat = alice.create_chat(bob).await;
-    alice
-        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string(), true)
-        .await?;
-    let sent1 = alice.pop_sent_msg().await;
-    let bob_call = bob.recv_msg(&sent1).await;
-    // Bob can't end_call() because the contact request isn't accepted, but he can mark the call as
-    // seen.
-    markseen_msgs(bob, vec![bob_call.id]).await?;
-    assert_eq!(bob_call.id.get_state(bob).await?, MessageState::InSeen);
-    // Bob sends an MDN only to self so that an unaccepted contact can't know anything.
-    assert_eq!(
-        bob.sql
-            .count(
-                "SELECT COUNT(*) FROM smtp_mdns WHERE msg_id=? AND from_id=?",
-                (bob_call.id, ContactId::SELF)
-            )
-            .await?,
-        1
-    );
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_caller_cancels_call() -> Result<()> {
    // Alice calls Bob
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -1,11 +1,12 @@
 //! # Chat module.

 use std::cmp;
-use std::collections::{BTreeSet, HashMap};
+use std::collections::{BTreeSet, HashMap, HashSet};
 use std::fmt;
 use std::io::Cursor;
 use std::marker::Sync;
 use std::path::{Path, PathBuf};
+use std::str::FromStr;
 use std::time::Duration;

 use anyhow::{Context as _, Result, anyhow, bail, ensure};
@@ -22,9 +23,8 @@ use crate::chatlist_events;
 use crate::color::str_to_color;
 use crate::config::Config;
 use crate::constants::{
-    self, Blocked, Chattype, DC_CHAT_ID_ALLDONE_HINT, DC_CHAT_ID_ARCHIVED_LINK,
-    DC_CHAT_ID_LAST_SPECIAL, DC_CHAT_ID_TRASH, DC_RESEND_USER_AVATAR_DAYS, EDITED_PREFIX,
-    TIMESTAMP_SENT_TOLERANCE,
+    Blocked, Chattype, DC_CHAT_ID_ALLDONE_HINT, DC_CHAT_ID_ARCHIVED_LINK, DC_CHAT_ID_LAST_SPECIAL,
+    DC_CHAT_ID_TRASH, DC_RESEND_USER_AVATAR_DAYS, EDITED_PREFIX, TIMESTAMP_SENT_TOLERANCE,
 };
 use crate::contact::{self, Contact, ContactId, Origin};
 use crate::context::Context;
@@ -34,7 +34,7 @@ use crate::download::{
 };
 use crate::ephemeral::{Timer as EphemeralTimer, start_chat_ephemeral_timers};
 use crate::events::EventType;
-use crate::key::{Fingerprint, self_fingerprint};
+use crate::key::self_fingerprint;
 use crate::location;
 use crate::log::{LogExt, warn};
 use crate::logged_debug_assert;
@@ -42,7 +42,6 @@ use crate::message::{self, Message, MessageState, MsgId, Viewtype};
 use crate::mimefactory::{MimeFactory, RenderedEmail};
 use crate::mimeparser::SystemMessage;
 use crate::param::{Param, Params};
-use crate::pgp::addresses_from_public_key;
 use crate::receive_imf::ReceivedMsg;
 use crate::smtp::{self, send_msg_to_smtp};
 use crate::stock_str;
@@ -476,18 +475,13 @@ impl ChatId {

    /// Adds message "Messages are end-to-end encrypted".
    pub(crate) async fn add_e2ee_notice(self, context: &Context, timestamp: i64) -> Result<()> {
-        let text = stock_str::messages_e2ee_info_msg(context);
-
-        // Sort this notice to the very beginning of the chat.
-        // We don't want any message to appear before this notice
-        // which is normally added when encrypted chat is created.
-        let sort_timestamp = 0;
+        let text = stock_str::messages_e2ee_info_msg(context).await;
        add_info_msg_with_cmd(
            context,
            self,
            &text,
            SystemMessage::ChatE2ee,
-            Some(sort_timestamp),
+            Some(timestamp),
            timestamp,
            None,
            None,
@@ -497,27 +491,6 @@ impl ChatId {
        Ok(())
    }

-    /// Adds info message to the beginning of the chat.
-    ///
-    /// Used for messages such as
-    /// "Others will only see this group after you sent a first message."
-    pub(crate) async fn add_start_info_message(self, context: &Context, text: &str) -> Result<()> {
-        let sort_timestamp = 0;
-        add_info_msg_with_cmd(
-            context,
-            self,
-            text,
-            SystemMessage::Unknown,
-            Some(sort_timestamp),
-            time(),
-            None,
-            None,
-            None,
-        )
-        .await?;
-        Ok(())
-    }
-
    /// Archives or unarchives a chat.
    pub async fn set_visibility(self, context: &Context, visibility: ChatVisibility) -> Result<()> {
        self.set_visibility_ex(context, Sync, visibility).await
@@ -695,7 +668,7 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
        }

        if chat.is_self_talk() {
-            let mut msg = Message::new_text(stock_str::self_deleted_msg_body(context));
+            let mut msg = Message::new_text(stock_str::self_deleted_msg_body(context).await);
            add_device_msg(context, None, Some(&mut msg)).await?;
        }
        chatlist_events::emit_chatlist_changed(context);
@@ -951,17 +924,6 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            .unwrap_or(0))
    }

-    /// Returns timestamp of us joining the chat if we are the member of the chat.
-    pub(crate) async fn join_timestamp(self, context: &Context) -> Result<Option<i64>> {
-        context
-            .sql
-            .query_get_value(
-                "SELECT add_timestamp FROM chats_contacts WHERE chat_id=? AND contact_id=?",
-                (self, ContactId::SELF),
-            )
-            .await
-    }
-
    /// Returns timestamp of the latest message in the chat,
    /// including hidden messages or a draft if there is one.
    pub(crate) async fn get_timestamp(self, context: &Context) -> Result<Option<i64>> {
@@ -1188,13 +1150,14 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
    /// prefer plaintext emails.
    ///
    /// To get more verbose summary for a contact, including its key fingerprint, use [`Contact::get_encrinfo`].
+    #[expect(clippy::arithmetic_side_effects)]
    pub async fn get_encryption_info(self, context: &Context) -> Result<String> {
        let chat = Chat::load_from_db(context, self).await?;
        if !chat.is_encrypted(context).await? {
-            return Ok(stock_str::encr_none(context));
+            return Ok(stock_str::encr_none(context).await);
        }

-        let mut ret = stock_str::messages_are_e2ee(context) + "\n";
+        let mut ret = stock_str::messages_are_e2ee(context).await + "\n";

        for &contact_id in get_chat_contacts(context, self)
            .await?
@@ -1210,15 +1173,9 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            );
            let fingerprint = contact
                .fingerprint()
-                .context("Contact does not have a fingerprint in encrypted chat")?
-                .human_readable();
-            if let Some(public_key) = contact.public_key(context).await? {
-                if let Some(relay_addrs) = addresses_from_public_key(&public_key) {
-                    let relays = relay_addrs.join(",");
-                    ret += &format!("\n{addr}({relays})\n{fingerprint}\n");
-                } else {
-                    ret += &format!("\n{addr}\n{fingerprint}\n");
-                }
+                .context("Contact does not have a fingerprint in encrypted chat")?;
+            if contact.public_key(context).await?.is_some() {
+                ret += &format!("\n{addr}\n{fingerprint}\n");
            } else {
                ret += &format!("\n{addr}\n(key missing)\n{fingerprint}\n");
            }
@@ -1249,11 +1206,15 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
    /// corresponding event in case of a system message (usually the current system time).
    /// `always_sort_to_bottom` makes this adjust the returned timestamp up so that the message goes
    /// to the chat bottom.
+    /// `received` -- whether the message is received. Otherwise being sent.
+    /// `incoming` -- whether the message is incoming.
    pub(crate) async fn calc_sort_timestamp(
        self,
        context: &Context,
        message_timestamp: i64,
        always_sort_to_bottom: bool,
+        received: bool,
+        incoming: bool,
    ) -> Result<i64> {
        let mut sort_timestamp = cmp::min(message_timestamp, smeared_time(context));

@@ -1273,6 +1234,38 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
                    (self, MessageState::OutDraft),
                )
                .await?
+        } else if received {
+            // Received messages shouldn't mingle with just sent ones and appear somewhere in the
+            // middle of the chat, so we go after the newest non fresh message.
+            //
+            // But if a received outgoing message is older than some seen message, better sort the
+            // received message purely by timestamp. We could place it just before that seen
+            // message, but anyway the user may not notice it.
+            //
+            // NB: Received outgoing messages may break sorting of fresh incoming ones, but this
+            // shouldn't happen frequently. Seen incoming messages don't really break sorting of
+            // fresh ones, they rather mean that older incoming messages are actually seen as well.
+            context
+                .sql
+                .query_row_optional(
+                    "SELECT MAX(timestamp), MAX(IIF(state=?,timestamp_sent,0))
+                     FROM msgs
+                     WHERE chat_id=? AND hidden=0 AND state>?
+                     HAVING COUNT(*) > 0",
+                    (MessageState::InSeen, self, MessageState::InFresh),
+                    |row| {
+                        let ts: i64 = row.get(0)?;
+                        let ts_sent_seen: i64 = row.get(1)?;
+                        Ok((ts, ts_sent_seen))
+                    },
+                )
+                .await?
+                .and_then(|(ts, ts_sent_seen)| {
+                    match incoming || ts_sent_seen <= message_timestamp {
+                        true => Some(ts),
+                        false => None,
+                    }
+                })
        } else {
            None
        };
@@ -1283,16 +1276,7 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            sort_timestamp = last_msg_time;
        }

-        if let Some(join_timestamp) = self.join_timestamp(context).await? {
-            // If we are the member of the chat, don't add messages
-            // before the timestamp of us joining it.
-            // This is needed to avoid sorting "Member added"
-            // or automatically sent bot welcome messages
-            // above SecureJoin system messages.
-            Ok(std::cmp::max(sort_timestamp, join_timestamp))
-        } else {
-            Ok(sort_timestamp)
-        }
+        Ok(sort_timestamp)
    }
 }

@@ -1402,7 +1386,7 @@ impl Chat {
            .context(format!("Failed loading chat {chat_id} from database"))?;

        if chat.id.is_archived_link() {
-            chat.name = stock_str::archived_chats(context);
+            chat.name = stock_str::archived_chats(context).await;
        } else {
            if chat.typ == Chattype::Single && chat.name.is_empty() {
                // chat.name is set to contact.display_name on changes,
@@ -1426,9 +1410,9 @@ impl Chat {
                chat.name = chat_name;
            }
            if chat.param.exists(Param::Selftalk) {
-                chat.name = stock_str::saved_messages(context);
+                chat.name = stock_str::saved_messages(context).await;
            } else if chat.param.exists(Param::Devicetalk) {
-                chat.name = stock_str::device_messages(context);
+                chat.name = stock_str::device_messages(context).await;
            }
        }

@@ -1752,6 +1736,7 @@ impl Chat {
    ///
    /// If `update_msg_id` is set, that record is reused;
    /// if `update_msg_id` is None, a new record is created.
+    #[expect(clippy::arithmetic_side_effects)]
    async fn prepare_msg_raw(
        &mut self,
        context: &Context,
@@ -2315,10 +2300,15 @@ pub(crate) async fn update_special_chat_names(context: &Context) -> Result<()> {
    update_special_chat_name(
        context,
        ContactId::DEVICE,
-        stock_str::device_messages(context),
+        stock_str::device_messages(context).await,
+    )
+    .await?;
+    update_special_chat_name(
+        context,
+        ContactId::SELF,
+        stock_str::saved_messages(context).await,
    )
    .await?;
-    update_special_chat_name(context, ContactId::SELF, stock_str::saved_messages(context)).await?;
    Ok(())
 }

@@ -2467,7 +2457,10 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
            .with_context(|| format!("attachment missing for message of type #{}", msg.viewtype))?;
        let mut maybe_image = false;

-        if msg.viewtype == Viewtype::File || msg.viewtype == Viewtype::Image {
+        if msg.viewtype == Viewtype::File
+            || msg.viewtype == Viewtype::Image
+            || msg.viewtype == Viewtype::Sticker && !msg.param.exists(Param::ForceSticker)
+        {
            // Correct the type, take care not to correct already very special
            // formats as GIF or VOICE.
            //
@@ -2475,7 +2468,12 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
            // - from FILE to AUDIO/VIDEO/IMAGE
            // - from FILE/IMAGE to GIF */
            if let Some((better_type, _)) = message::guess_msgtype_from_suffix(msg) {
-                if better_type == Viewtype::Image {
+                if msg.viewtype == Viewtype::Sticker {
+                    if better_type != Viewtype::Image {
+                        // UIs don't want conversions of `Sticker` to anything other than `Image`.
+                        msg.param.set_int(Param::ForceSticker, 1);
+                    }
+                } else if better_type == Viewtype::Image {
                    maybe_image = true;
                } else if better_type != Viewtype::Webxdc
                    || context
@@ -2495,7 +2493,10 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
        if msg.viewtype == Viewtype::Vcard {
            msg.try_set_vcard(context, &blob.to_abs_path()).await?;
        }
-        if msg.viewtype == Viewtype::File && maybe_image || msg.viewtype == Viewtype::Image {
+        if msg.viewtype == Viewtype::File && maybe_image
+            || msg.viewtype == Viewtype::Image
+            || msg.viewtype == Viewtype::Sticker && !msg.param.exists(Param::ForceSticker)
+        {
            let new_name = blob
                .check_or_recode_image(context, msg.get_filename(), &mut msg.viewtype)
                .await?;
@@ -2616,7 +2617,7 @@ pub async fn send_msg(context: &Context, chat_id: ChatId, msg: &mut Message) ->
    if msg.state != MessageState::Undefined && msg.state != MessageState::OutPreparing {
        msg.param.remove(Param::GuaranteeE2ee);
        msg.param.remove(Param::ForcePlaintext);
-        // create_send_msg_jobs() will update `param` in the db.
+        msg.update_param(context).await?;
    }

    // protect all system messages against RTLO attacks
@@ -2721,19 +2722,7 @@ async fn prepare_send_msg(
        None
    };

-    if matches!(
-        msg.state,
-        MessageState::Undefined | MessageState::OutPreparing
-    )
-        // Legacy SecureJoin "v*-request" messages are unencrypted.
-        && msg.param.get_cmd() != SystemMessage::SecurejoinMessage
-        && chat.is_encrypted(context).await?
-    {
-        msg.param.set_int(Param::GuaranteeE2ee, 1);
-        if !msg.id.is_unset() {
-            msg.update_param(context).await?;
-        }
-    }
+    // ... then change the MessageState in the message object
    msg.state = MessageState::OutPending;

    msg.timestamp_sort = create_smeared_timestamp(context);
@@ -2779,13 +2768,15 @@ async fn render_mime_message_and_pre_message(

        let mut mimefactory_post_msg = mimefactory.clone();
        mimefactory_post_msg.set_as_post_message();
-        let rendered_msg = Box::pin(mimefactory_post_msg.render(context))
+        let rendered_msg = mimefactory_post_msg
+            .render(context)
            .await
            .context("Failed to render post-message")?;

        let mut mimefactory_pre_msg = mimefactory;
        mimefactory_pre_msg.set_as_pre_message_for(&rendered_msg);
-        let rendered_pre_msg = Box::pin(mimefactory_pre_msg.render(context))
+        let rendered_pre_msg = mimefactory_pre_msg
+            .render(context)
            .await
            .context("pre-message failed to render")?;

@@ -2800,7 +2791,7 @@ async fn render_mime_message_and_pre_message(

        Ok((Some(rendered_pre_msg), rendered_msg))
    } else {
-        Ok((None, Box::pin(mimefactory.render(context)).await?))
+        Ok((None, mimefactory.render(context).await?))
    }
 }

@@ -2847,12 +2838,19 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
    let lowercase_from = from.to_lowercase();

    recipients.retain(|x| x.to_lowercase() != lowercase_from);
-
-    // Default Webxdc integrations are hidden messages and must not be sent out:
-    if (msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden)
-        // This may happen eg. for groups with only SELF and bcc_self disabled:
-        || (!context.get_config_bool(Config::BccSelf).await? && recipients.is_empty())
+    if context.get_config_bool(Config::BccSelf).await?
+        || msg.param.get_cmd() == SystemMessage::AutocryptSetupMessage
    {
+        smtp::add_self_recipients(context, &mut recipients, needs_encryption).await?;
+    }
+
+    // Default Webxdc integrations are hidden messages and must not be sent out
+    if msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden {
+        recipients.clear();
+    }
+
+    if recipients.is_empty() {
+        // may happen eg. for groups with only SELF and bcc_self disabled
        info!(
            context,
            "Message {} has no recipient, skipping smtp-send.", msg.id
@@ -2891,10 +2889,6 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        );
    }

-    if context.get_config_bool(Config::BccSelf).await? {
-        smtp::add_self_recipients(context, &mut recipients, rendered_msg.is_encrypted).await?;
-    }
-
    if needs_encryption && !rendered_msg.is_encrypted {
        /* unrecoverable */
        message::set_msg_failed(
@@ -2929,26 +2923,11 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        msg.param.remove(Param::GuaranteeE2ee);
    }
    msg.subject.clone_from(&rendered_msg.subject);
-    // Sort the message to the bottom. Employ `msgs_index7` to compute `timestamp`.
    context
        .sql
        .execute(
-            "
-UPDATE msgs SET
-    timestamp=(
-        SELECT MAX(timestamp) FROM msgs INDEXED BY msgs_index7 WHERE
-            -- From `InFresh` to `OutMdnRcvd` inclusive except `OutDraft`.
-            state IN(10,13,16,18,20,24,26,28) AND
-            hidden IN(0,1) AND
-            chat_id=? AND
-            id<=?
-    ),
-    pre_rfc724_mid=?, subject=?, param=?
-WHERE id=?
-            ",
+            "UPDATE msgs SET pre_rfc724_mid=?, subject=?, param=? WHERE id=?",
            (
-                msg.chat_id,
-                msg.id,
                &msg.pre_rfc724_mid,
                &msg.subject,
                msg.param.to_string(),
@@ -3013,6 +2992,7 @@ pub async fn send_text_msg(
 }

 /// Sends chat members a request to edit the given message's text.
+#[expect(clippy::arithmetic_side_effects)]
 pub async fn send_edit_request(context: &Context, msg_id: MsgId, new_text: String) -> Result<()> {
    let mut original_msg = Message::load_from_db(context, msg_id).await?;
    ensure!(
@@ -3085,7 +3065,7 @@ async fn donation_request_maybe(context: &Context) -> Result<()> {
    let ts = if ts == 0 || msg_cnt.await? < 100 {
        now.saturating_add(secs_between_checks)
    } else {
-        let mut msg = Message::new_text(stock_str::donation_request(context));
+        let mut msg = Message::new_text(stock_str::donation_request(context).await);
        add_device_msg(context, None, Some(&mut msg)).await?;
        i64::MAX
    };
@@ -3097,6 +3077,9 @@ async fn donation_request_maybe(context: &Context) -> Result<()> {
 /// Chat message list request options.
 #[derive(Debug)]
 pub struct MessageListOptions {
+    /// Return only info messages.
+    pub info_only: bool,
+
    /// Add day markers before each date regarding the local timezone.
    pub add_daymarker: bool,
 }
@@ -3107,27 +3090,56 @@ pub async fn get_chat_msgs(context: &Context, chat_id: ChatId) -> Result<Vec<Cha
        context,
        chat_id,
        MessageListOptions {
+            info_only: false,
            add_daymarker: false,
        },
    )
    .await
 }

-/// Returns messages belonging to the chat according to the given options,
-/// sorted by oldest message first.
+/// Returns messages belonging to the chat according to the given options.
 #[expect(clippy::arithmetic_side_effects)]
 pub async fn get_chat_msgs_ex(
    context: &Context,
    chat_id: ChatId,
    options: MessageListOptions,
 ) -> Result<Vec<ChatItem>> {
-    let MessageListOptions { add_daymarker } = options;
-    let process_row = |row: &rusqlite::Row| {
-        Ok((
-            row.get::<_, i64>("timestamp")?,
-            row.get::<_, MsgId>("id")?,
-            false,
-        ))
+    let MessageListOptions {
+        info_only,
+        add_daymarker,
+    } = options;
+    let process_row = if info_only {
+        |row: &rusqlite::Row| {
+            // is_info logic taken from Message.is_info()
+            let params = row.get::<_, String>("param")?;
+            let (from_id, to_id) = (
+                row.get::<_, ContactId>("from_id")?,
+                row.get::<_, ContactId>("to_id")?,
+            );
+            let is_info_msg: bool = from_id == ContactId::INFO
+                || to_id == ContactId::INFO
+                || match Params::from_str(&params) {
+                    Ok(p) => {
+                        let cmd = p.get_cmd();
+                        cmd != SystemMessage::Unknown && cmd != SystemMessage::AutocryptSetupMessage
+                    }
+                    _ => false,
+                };
+
+            Ok((
+                row.get::<_, i64>("timestamp")?,
+                row.get::<_, MsgId>("id")?,
+                !is_info_msg,
+            ))
+        }
+    } else {
+        |row: &rusqlite::Row| {
+            Ok((
+                row.get::<_, i64>("timestamp")?,
+                row.get::<_, MsgId>("id")?,
+                false,
+            ))
+        }
    };
    let process_rows = |rows: rusqlite::AndThenRows<_>| {
        // It is faster to sort here rather than
@@ -3162,18 +3174,39 @@ pub async fn get_chat_msgs_ex(
        Ok(ret)
    };

-    let items = context
-        .sql
-        .query_map(
-            "SELECT m.id AS id, m.timestamp AS timestamp
+    let items = if info_only {
+        context
+            .sql
+            .query_map(
+        // GLOB is used here instead of LIKE because it is case-sensitive
+                "SELECT m.id AS id, m.timestamp AS timestamp, m.param AS param, m.from_id AS from_id, m.to_id AS to_id
+               FROM msgs m
+              WHERE m.chat_id=?
+                AND m.hidden=0
+                AND (
+                    m.param GLOB '*\nS=*' OR param GLOB 'S=*'
+                    OR m.from_id == ?
+                    OR m.to_id == ?
+                );",
+                (chat_id, ContactId::INFO, ContactId::INFO),
+                process_row,
+                process_rows,
+            )
+            .await?
+    } else {
+        context
+            .sql
+            .query_map(
+                "SELECT m.id AS id, m.timestamp AS timestamp
               FROM msgs m
              WHERE m.chat_id=?
                AND m.hidden=0;",
-            (chat_id,),
-            process_row,
-            process_rows,
-        )
-        .await?;
+                (chat_id,),
+                process_row,
+                process_rows,
+            )
+            .await?
+    };
    Ok(items)
 }

@@ -3367,38 +3400,6 @@ pub(crate) async fn mark_old_messages_as_noticed(
    Ok(())
 }

-/// Marks last incoming message in a chat as fresh.
-pub async fn markfresh_chat(context: &Context, chat_id: ChatId) -> Result<()> {
-    let affected_rows = context
-        .sql
-        .execute(
-            "UPDATE msgs
-                SET state=?1
-              WHERE id=(SELECT id
-                          FROM msgs
-                         WHERE state IN (?1, ?2, ?3) AND hidden=0 AND chat_id=?4
-                      ORDER BY timestamp DESC, id DESC
-                         LIMIT 1)
-                AND state!=?1",
-            (
-                MessageState::InFresh,
-                MessageState::InNoticed,
-                MessageState::InSeen,
-                chat_id,
-            ),
-        )
-        .await?;
-
-    if affected_rows == 0 {
-        return Ok(());
-    }
-
-    context.emit_msgs_changed_without_msg_id(chat_id);
-    chatlist_events::emit_chatlist_item_changed(context, chat_id);
-
-    Ok(())
-}
-
 /// Returns all database message IDs of the given types.
 ///
 /// If `chat_id` is None, return messages from any chat.
@@ -3586,12 +3587,12 @@ pub(crate) async fn create_group_ex(
    {
        let text = if !grpid.is_empty() {
            // Add "Others will only see this group after you sent a first message." message.
-            stock_str::new_group_send_first_message(context)
+            stock_str::new_group_send_first_message(context).await
        } else {
            // Add "Messages in this chat use classic email and are not encrypted." message.
-            stock_str::chat_unencrypted_explanation(context)
+            stock_str::chat_unencrypted_explanation(context).await
        };
-        chat_id.add_start_info_message(context, &text).await?;
+        add_info_msg(context, chat_id, &text).await?;
    }
    if let (true, true) = (sync.into(), !grpid.is_empty()) {
        let id = SyncId::Grpid(grpid);
@@ -3722,7 +3723,7 @@ pub(crate) async fn update_chat_contacts_table(
    context: &Context,
    timestamp: i64,
    id: ChatId,
-    contacts: &BTreeSet<ContactId>,
+    contacts: &HashSet<ContactId>,
 ) -> Result<()> {
    context
        .sql
@@ -3948,47 +3949,9 @@ pub(crate) async fn add_contact_to_chat_ex(
    if sync.into() {
        chat.sync_contacts(context).await.log_err(context).ok();
    }
-    if chat.typ == Chattype::OutBroadcast {
-        resend_last_msgs(context, chat.id, &contact)
-            .await
-            .log_err(context)
-            .ok();
-    }
    Ok(true)
 }

-async fn resend_last_msgs(context: &Context, chat_id: ChatId, to_contact: &Contact) -> Result<()> {
-    let msgs: Vec<MsgId> = context
-        .sql
-        .query_map_vec(
-            "
-SELECT id
-FROM msgs
-WHERE chat_id=?
-    AND hidden=0
-    AND NOT ( -- Exclude info and system messages
-        param GLOB '*\nS=*' OR param GLOB 'S=*'
-        OR from_id=?
-        OR to_id=?
-    )
-    AND type!=?
-ORDER BY timestamp DESC, id DESC LIMIT ?",
-            (
-                chat_id,
-                ContactId::INFO,
-                ContactId::INFO,
-                Viewtype::Webxdc,
-                constants::N_MSGS_TO_NEW_BROADCAST_MEMBER,
-            ),
-            |row: &rusqlite::Row| Ok(row.get::<_, MsgId>(0)?),
-        )
-        .await?
-        .into_iter()
-        .rev()
-        .collect();
-    resend_msgs_ex(context, &msgs, to_contact.fingerprint()).await
-}
-
 /// Returns true if an avatar should be attached in the given chat.
 ///
 /// This function does not check if the avatar is set.
@@ -4128,56 +4091,61 @@ pub async fn remove_contact_from_chat(
        delete_broadcast_secret(context, chat_id).await?;
    }

-    ensure!(
-        matches!(
-            chat.typ,
-            Chattype::Group | Chattype::OutBroadcast | Chattype::InBroadcast
-        ),
-        "Cannot remove members from non-group chats."
-    );
+    if matches!(
+        chat.typ,
+        Chattype::Group | Chattype::OutBroadcast | Chattype::InBroadcast
+    ) {
+        if !chat.is_self_in_chat(context).await? {
+            let err_msg = format!(
+                "Cannot remove contact {contact_id} from chat {chat_id}: self not in group."
+            );
+            context.emit_event(EventType::ErrorSelfNotInGroup(err_msg.clone()));
+            bail!("{err_msg}");
+        } else {
+            let mut sync = Nosync;

-    if !chat.is_self_in_chat(context).await? {
-        let err_msg =
-            format!("Cannot remove contact {contact_id} from chat {chat_id}: self not in group.");
-        context.emit_event(EventType::ErrorSelfNotInGroup(err_msg.clone()));
-        bail!("{err_msg}");
-    }
+            if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
+                remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
+            } else {
+                remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
+            }

-    let mut sync = Nosync;
+            // We do not return an error if the contact does not exist in the database.
+            // This allows to delete dangling references to deleted contacts
+            // in case of the database becoming inconsistent due to a bug.
+            if let Some(contact) = Contact::get_by_id_optional(context, contact_id).await? {
+                if chat.is_promoted() {
+                    let addr = contact.get_addr();
+                    let fingerprint = contact.fingerprint().map(|f| f.hex());

-    if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
-        remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
-    } else {
-        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
-    }
-
-    // We do not return an error if the contact does not exist in the database.
-    // This allows to delete dangling references to deleted contacts
-    // in case of the database becoming inconsistent due to a bug.
-    if let Some(contact) = Contact::get_by_id_optional(context, contact_id).await? {
-        if chat.is_promoted() {
-            let addr = contact.get_addr();
-            let fingerprint = contact.fingerprint().map(|f| f.hex());
-
-            let res =
-                send_member_removal_msg(context, &chat, contact_id, addr, fingerprint.as_deref())
+                    let res = send_member_removal_msg(
+                        context,
+                        &chat,
+                        contact_id,
+                        addr,
+                        fingerprint.as_deref(),
+                    )
                    .await;

-            if contact_id == ContactId::SELF {
-                res?;
-            } else if let Err(e) = res {
-                warn!(
-                    context,
-                    "remove_contact_from_chat({chat_id}, {contact_id}): send_msg() failed: {e:#}."
-                );
+                    if contact_id == ContactId::SELF {
+                        res?;
+                    } else if let Err(e) = res {
+                        warn!(
+                            context,
+                            "remove_contact_from_chat({chat_id}, {contact_id}): send_msg() failed: {e:#}."
+                        );
+                    }
+                } else {
+                    sync = Sync;
+                }
+            }
+            context.emit_event(EventType::ChatModified(chat_id));
+            if sync.into() {
+                chat.sync_contacts(context).await.log_err(context).ok();
            }
-        } else {
-            sync = Sync;
        }
-    }
-    context.emit_event(EventType::ChatModified(chat_id));
-    if sync.into() {
-        chat.sync_contacts(context).await.log_err(context).ok();
+    } else {
+        bail!("Cannot remove members from non-group chats.");
    }

    Ok(())
@@ -4194,7 +4162,7 @@ async fn send_member_removal_msg(

    if contact_id == ContactId::SELF {
        if chat.typ == Chattype::InBroadcast {
-            msg.text = stock_str::msg_you_left_broadcast(context);
+            msg.text = stock_str::msg_you_left_broadcast(context).await;
        } else {
            msg.text = stock_str::msg_group_left_local(context, ContactId::SELF).await;
        }
@@ -4355,7 +4323,7 @@ async fn rename_ex(
            {
                msg.viewtype = Viewtype::Text;
                msg.text = if chat.typ == Chattype::OutBroadcast {
-                    stock_str::msg_broadcast_name_changed(context, &chat.name, &new_name)
+                    stock_str::msg_broadcast_name_changed(context, &chat.name, &new_name).await
                } else {
                    stock_str::msg_grp_name(context, &chat.name, &new_name, ContactId::SELF).await
                };
@@ -4420,7 +4388,7 @@ pub async fn set_chat_profile_image(
        chat.param.remove(Param::ProfileImage);
        msg.param.remove(Param::Arg);
        msg.text = if chat.typ == Chattype::OutBroadcast {
-            stock_str::msg_broadcast_img_changed(context)
+            stock_str::msg_broadcast_img_changed(context).await
        } else {
            stock_str::msg_grp_img_deleted(context, ContactId::SELF).await
        };
@@ -4434,7 +4402,7 @@ pub async fn set_chat_profile_image(
        chat.param.set(Param::ProfileImage, image_blob.as_name());
        msg.param.set(Param::Arg, image_blob.as_name());
        msg.text = if chat.typ == Chattype::OutBroadcast {
-            stock_str::msg_broadcast_img_changed(context)
+            stock_str::msg_broadcast_img_changed(context).await
        } else {
            stock_str::msg_grp_img_changed(context, ContactId::SELF).await
        };
@@ -4586,6 +4554,7 @@ pub async fn save_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
 /// the copy contains a reference to the original message
 /// as well as to the original chat in case the original message gets deleted.
 /// Returns data needed to add a `SaveMessage` sync item.
+#[expect(clippy::arithmetic_side_effects)]
 pub(crate) async fn save_copy_in_self_talk(
    context: &Context,
    src_msg_id: MsgId,
@@ -4652,26 +4621,10 @@ pub(crate) async fn save_copy_in_self_talk(
    Ok(msg.rfc724_mid)
 }

-/// Resends given messages to members of the corresponding chats.
+/// Resends given messages with the same Message-ID.
 ///
 /// This is primarily intended to make existing webxdcs available to new chat members.
 pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
-    resend_msgs_ex(context, msg_ids, None).await
-}
-
-/// Resends given messages to a contact with fingerprint `to_fingerprint` or, if it's `None`, to
-/// members of the corresponding chats.
-///
-/// NB: Actually `to_fingerprint` is only passed for `OutBroadcast` chats when a new member is
-/// added. Regarding webxdcs: It is not trivial to resend only the own status updates,
-/// and it is not trivial to resend them only to the newly-joined member,
-/// so that for now, [`resend_last_msgs`] does not automatically resend webxdcs at all.
-pub(crate) async fn resend_msgs_ex(
-    context: &Context,
-    msg_ids: &[MsgId],
-    to_fingerprint: Option<Fingerprint>,
-) -> Result<()> {
-    let to_fingerprint = to_fingerprint.map(|f| f.hex());
    let mut msgs: Vec<Message> = Vec::new();
    for msg_id in msg_ids {
        let msg = Message::load_from_db(context, *msg_id).await?;
@@ -4690,17 +4643,10 @@ pub(crate) async fn resend_msgs_ex(
            | MessageState::OutFailed
            | MessageState::OutDelivered
            | MessageState::OutMdnRcvd => {
-                // Broadcast owners shouldn't see spinners on messages being auto-re-sent to new
-                // subscribers (otherwise big channel owners will see spinners most of the time).
-                if to_fingerprint.is_none() {
-                    message::update_msg_state(context, msg.id, MessageState::OutPending).await?;
-                }
+                message::update_msg_state(context, msg.id, MessageState::OutPending).await?
            }
            msg_state => bail!("Unexpected message state {msg_state}"),
        }
-        if let Some(to_fingerprint) = &to_fingerprint {
-            msg.param.set(Param::Arg4, to_fingerprint.clone());
-        }
        if create_send_msg_jobs(context, &mut msg).await?.is_empty() {
            continue;
        }
@@ -4712,8 +4658,7 @@ pub(crate) async fn resend_msgs_ex(
            chat_id: msg.chat_id,
            msg_id: msg.id,
        });
-        // The event only matters if the message is last in the chat.
-        // But it's probably too expensive check, and UIs anyways need to debounce.
+        // note(treefit): only matters if it is the last message in chat (but probably to expensive to check, debounce also solves it)
        chatlist_events::emit_chatlist_item_changed(context, msg.chat_id);

        if msg.viewtype == Viewtype::Webxdc {
@@ -4906,6 +4851,8 @@ pub async fn was_device_msg_ever_added(context: &Context, label: &str) -> Result
 //   no wrong information are shown in the device chat
 // - deletion in `devmsglabels` makes sure,
 //   deleted messages are reset and useful messages can be added again
+// - we reset the config-option `QuotaExceeding`
+//   that is used as a helper to drive the corresponding device message.
 pub(crate) async fn delete_and_reset_all_device_msgs(context: &Context) -> Result<()> {
    context
        .sql
@@ -4921,6 +4868,9 @@ pub(crate) async fn delete_and_reset_all_device_msgs(context: &Context) -> Resul
            (),
        )
        .await?;
+    context
+        .set_config_internal(Config::QuotaExceeding, None)
+        .await?;
    Ok(())
 }

@@ -4958,8 +4908,15 @@ pub(crate) async fn add_info_msg_with_cmd(
        ts
    } else {
        let sort_to_bottom = true;
+        let (received, incoming) = (false, false);
        chat_id
-            .calc_sort_timestamp(context, smeared_time(context), sort_to_bottom)
+            .calc_sort_timestamp(
+                context,
+                smeared_time(context),
+                sort_to_bottom,
+                received,
+                incoming,
+            )
            .await?
    };

@@ -5037,7 +4994,7 @@ async fn set_contacts_by_addrs(context: &Context, id: ChatId, addrs: &[String])
        chat.typ == Chattype::OutBroadcast,
        "{id} is not a broadcast list",
    );
-    let mut contacts = BTreeSet::new();
+    let mut contacts = HashSet::new();
    for addr in addrs {
        let contact_addr = ContactAddress::new(addr)?;
        let contact = Contact::add_or_lookup(context, "", &contact_addr, Origin::Hidden)
@@ -5045,7 +5002,7 @@ async fn set_contacts_by_addrs(context: &Context, id: ChatId, addrs: &[String])
            .0;
        contacts.insert(contact);
    }
-    let contacts_old = BTreeSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
+    let contacts_old = HashSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
    if contacts == contacts_old {
        return Ok(());
    }
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -3,11 +3,11 @@ use std::sync::Arc;
 use super::*;
 use crate::Event;
 use crate::chatlist::get_archived_cnt;
-use crate::constants::{DC_GCL_ARCHIVED_ONLY, DC_GCL_NO_SPECIALS, N_MSGS_TO_NEW_BROADCAST_MEMBER};
+use crate::constants::{DC_GCL_ARCHIVED_ONLY, DC_GCL_NO_SPECIALS};
 use crate::ephemeral::Timer;
 use crate::headerdef::HeaderDef;
 use crate::imex::{ImexMode, has_backup, imex};
-use crate::message::{Message, MessengerMessage, delete_msgs};
+use crate::message::{MessengerMessage, delete_msgs};
 use crate::mimeparser::{self, MimeMessage};
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
@@ -806,7 +806,7 @@ async fn test_self_talk() -> Result<()> {
    assert!(chat.visibility == ChatVisibility::Normal);
    assert!(!chat.is_device_talk());
    assert!(chat.can_send(&t).await?);
-    assert_eq!(chat.name, stock_str::saved_messages(&t));
+    assert_eq!(chat.name, stock_str::saved_messages(&t).await);
    assert!(chat.get_profile_image(&t).await?.is_some());

    let msg_id = send_text_msg(&t, chat.id, "foo self".to_string()).await?;
@@ -866,6 +866,7 @@ async fn test_add_device_msg_unlabelled() {
    assert_eq!(msg1.from_id, ContactId::DEVICE);
    assert_eq!(msg1.to_id, ContactId::SELF);
    assert!(!msg1.is_info());
+    assert!(!msg1.is_setupmessage());

    let msg2 = message::Message::load_from_db(&t, msg2_id.unwrap()).await;
    assert!(msg2.is_ok());
@@ -898,6 +899,7 @@ async fn test_add_device_msg_labelled() -> Result<()> {
    assert_eq!(msg1.from_id, ContactId::DEVICE);
    assert_eq!(msg1.to_id, ContactId::SELF);
    assert!(!msg1.is_info());
+    assert!(!msg1.is_setupmessage());

    // check device chat
    let chat_id = msg1.chat_id;
@@ -911,7 +913,7 @@ async fn test_add_device_msg_labelled() -> Result<()> {
    assert!(!chat.can_send(&t).await?);
    assert!(chat.why_cant_send(&t).await? == Some(CantSendReason::DeviceChat));

-    assert_eq!(chat.name, stock_str::device_messages(&t));
+    assert_eq!(chat.name, stock_str::device_messages(&t).await);
    let device_msg_icon = chat.get_profile_image(&t).await?.unwrap();
    assert_eq!(
        device_msg_icon.metadata()?.len(),
@@ -1329,54 +1331,6 @@ async fn test_marknoticed_all_chats() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_markfresh_chat() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    // alice sends a message to Bob
-    let alice_chat = alice.create_chat(bob).await;
-    let sent_msg1 = alice.send_text(alice_chat.id, "hi bob!").await;
-
-    // bob received the message, fresh count is 1
-    let bob_msg1 = bob.recv_msg(&sent_msg1).await;
-    let bob_chat_id = bob_msg1.chat_id;
-    bob_chat_id.accept(bob).await?;
-    assert_eq!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
-
-    // alice sends another message to bob, fresh count is 2
-    let sent_msg2 = alice.send_text(alice_chat.id, "howdy?").await;
-    let bob_msg2 = bob.recv_msg(&sent_msg2).await;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    assert_eq!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 2);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 2);
-
-    // bob marks the chat as noticed, messages are no longer fresh, fresh count is 0
-    marknoticed_chat(bob, bob_chat_id).await?;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
-    assert_ne!(bob_msg1.state, MessageState::InFresh);
-    assert_ne!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 0);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 0);
-
-    // bob marks the chat as fresh again, fresh count is 1 again
-    markfresh_chat(bob, bob_chat_id).await?;
-    let bob_msg1 = Message::load_from_db(bob, bob_msg1.id).await?;
-    let bob_msg2 = Message::load_from_db(bob, bob_msg2.id).await?;
-    assert_ne!(bob_msg1.state, MessageState::InFresh);
-    assert_eq!(bob_msg2.state, MessageState::InFresh);
-    assert_eq!(bob_chat_id.get_fresh_msg_cnt(bob).await?, 1);
-    assert_eq!(bob.get_fresh_msgs().await?.len(), 1);
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_archive_fresh_msgs() -> Result<()> {
    let t = TestContext::new_alice().await;
@@ -2032,6 +1986,12 @@ async fn test_classic_email_chat() -> Result<()> {
    let msgs = get_chat_msgs(&alice, chat_id).await?;
    assert_eq!(msgs.len(), 1);

+    // Alice disables receiving classic emails.
+    alice
+        .set_config(Config::ShowEmails, Some("0"))
+        .await
+        .unwrap();
+
    // Already received classic email should still be in the chat.
    assert_eq!(chat_id.get_fresh_msg_cnt(&alice).await?, 1);

@@ -2069,7 +2029,13 @@ async fn test_chat_get_color_encrypted() -> Result<()> {
    Ok(())
 }

-async fn test_sticker(filename: &str, bytes: &[u8], w: i32, h: i32) -> Result<()> {
+async fn test_sticker(
+    filename: &str,
+    bytes: &[u8],
+    res_viewtype: Viewtype,
+    w: i32,
+    h: i32,
+) -> Result<()> {
    let alice = TestContext::new_alice().await;
    let bob = TestContext::new_bob().await;
    let alice_chat = alice.create_chat(&bob).await;
@@ -2085,7 +2051,7 @@ async fn test_sticker(filename: &str, bytes: &[u8], w: i32, h: i32) -> Result<()

    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.chat_id, bob_chat.id);
-    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
+    assert_eq!(msg.get_viewtype(), res_viewtype);
    assert_eq!(msg.get_filename().unwrap(), filename);
    assert_eq!(msg.get_width(), w);
    assert_eq!(msg.get_height(), h);
@@ -2099,6 +2065,7 @@ async fn test_sticker_png() -> Result<()> {
    test_sticker(
        "sticker.png",
        include_bytes!("../../test-data/image/logo.png"),
+        Viewtype::Sticker,
        135,
        135,
    )
@@ -2110,6 +2077,7 @@ async fn test_sticker_jpeg() -> Result<()> {
    test_sticker(
        "sticker.jpg",
        include_bytes!("../../test-data/image/avatar1000x1000.jpg"),
+        Viewtype::Image,
        1000,
        1000,
    )
@@ -2117,33 +2085,10 @@ async fn test_sticker_jpeg() -> Result<()> {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_sticker_gif() -> Result<()> {
-    test_sticker(
-        "sticker.gif",
-        include_bytes!("../../test-data/image/logo.gif"),
-        135,
-        135,
-    )
-    .await
-}
-
-/// Tests that stickers are sent as stickers.
-///
-/// Previously there was heuristic that stickers
-/// were sometimes turned into non-stickers,
-/// e.g. when it looked like UI sent
-/// a screenshot dragged from the gallery into chat
-/// as a sticker.
-///
-/// We have no such heuristic anymore,
-/// if such heuristic is needed on some platform,
-/// UI code should implement it.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_sticker_no_heuristics() {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let alice_chat = alice.create_chat(bob).await;
+async fn test_sticker_jpeg_force() {
+    let alice = TestContext::new_alice().await;
+    let bob = TestContext::new_bob().await;
+    let alice_chat = alice.create_chat(&bob).await;

    let file = alice.get_blobdir().join("sticker.jpg");
    tokio::fs::write(
@@ -2153,38 +2098,53 @@ async fn test_sticker_no_heuristics() {
    .await
    .unwrap();

-    // Send a sticker.
+    // Images without force_sticker should be turned into [Viewtype::Image]
    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
+    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
        .unwrap();
-    let file = msg.get_file(alice).unwrap();
+    let file = msg.get_file(&alice).unwrap();
+    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
+    let msg = bob.recv_msg(&sent_msg).await;
+    assert_eq!(msg.get_viewtype(), Viewtype::Image);
+
+    // Images with `force_sticker = true` should keep [Viewtype::Sticker]
+    let mut msg = Message::new(Viewtype::Sticker);
+    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
+        .unwrap();
+    msg.force_sticker();
    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);

-    // Send a sticker reusing the file.
+    // Images with `force_sticker = true` should keep [Viewtype::Sticker]
+    // even on drafted messages
    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
-        .unwrap();
-    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
-    let msg = bob.recv_msg(&sent_msg).await;
-    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
-
-    // Set sticker as a draft, then send it.
-    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
+    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
        .unwrap();
+    msg.force_sticker();
    alice_chat
        .id
-        .set_draft(alice, Some(&mut msg))
+        .set_draft(&alice, Some(&mut msg))
        .await
        .unwrap();
-    let mut msg = alice_chat.id.get_draft(alice).await.unwrap().unwrap();
+    let mut msg = alice_chat.id.get_draft(&alice).await.unwrap().unwrap();
    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_sticker_gif() -> Result<()> {
+    test_sticker(
+        "sticker.gif",
+        include_bytes!("../../test-data/image/logo.gif"),
+        Viewtype::Sticker,
+        135,
+        135,
+    )
+    .await
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_sticker_forward() -> Result<()> {
    // create chats
@@ -2686,49 +2646,6 @@ async fn test_resend_own_message() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_resend_doesnt_resort_msg() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let alice_grp = create_group(alice, "").await?;
-    let sent1 = alice.send_text(alice_grp, "hi").await;
-    let sent1_ts = Message::load_from_db(alice, sent1.sender_msg_id)
-        .await?
-        .timestamp_sort;
-
-    SystemTime::shift(Duration::from_secs(60));
-    add_contact_to_chat(alice, alice_grp, alice.add_or_lookup_contact_id(bob).await).await?;
-    let sent2 = alice
-        .send_text(
-            alice_grp,
-            "Let's test resending, there are very few tests on it",
-        )
-        .await;
-    let resent_msg_id = sent1.sender_msg_id;
-    resend_msgs(alice, &[resent_msg_id]).await?;
-    assert_eq!(
-        resent_msg_id.get_state(alice).await?,
-        MessageState::OutPending
-    );
-    alice.pop_sent_msg().await;
-    assert_eq!(
-        resent_msg_id.get_state(alice).await?,
-        MessageState::OutDelivered
-    );
-    assert_eq!(
-        Message::load_from_db(alice, sent1.sender_msg_id)
-            .await?
-            .timestamp_sort,
-        sent1_ts
-    );
-    assert_eq!(
-        alice.get_last_msg_id_in(alice_grp).await,
-        sent2.sender_msg_id
-    );
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_resend_foreign_message_fails() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -2829,7 +2746,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&vc_pubkey).await;
-        assert!(parsed_by_bob.decryption_error.is_some());
+        assert!(parsed_by_bob.decrypting_failed);

        charlie.recv_msg_trash(&vc_pubkey).await;
    }
@@ -2842,15 +2759,6 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
            "alice@example.org charlie@example.net"
        );

-        // Check additionally that subscribers don't send "Chat-Group-Name*" headers.
-        let parsed = alice.parse_msg(&request_with_auth).await;
-        assert!(parsed.get_header(HeaderDef::ChatGroupName).is_none());
-        assert!(
-            parsed
-                .get_header(HeaderDef::ChatGroupNameTimestamp)
-                .is_none()
-        );
-
        alice.recv_msg_trash(&request_with_auth).await;
    }

@@ -2867,7 +2775,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&member_added).await;
-        assert!(parsed_by_bob.decryption_error.is_some());
+        assert!(parsed_by_bob.decrypting_failed);

        let rcvd = charlie.recv_msg(&member_added).await;
        assert_eq!(rcvd.param.get_cmd(), SystemMessage::MemberAddedToGroup);
@@ -2882,7 +2790,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&hi_msg).await;
-        assert!(parsed_by_bob.decryption_error.is_none());
+        assert_eq!(parsed_by_bob.decrypting_failed, false);
    }

    tcm.section("Alice removes Charlie. Bob must not see it.");
@@ -2899,7 +2807,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&member_removed).await;
-        assert!(parsed_by_bob.decryption_error.is_some());
+        assert!(parsed_by_bob.decrypting_failed);

        let rcvd = charlie.recv_msg(&member_removed).await;
        assert_eq!(rcvd.param.get_cmd(), SystemMessage::MemberRemovedFromGroup);
@@ -2993,56 +2901,6 @@ async fn test_broadcast_change_name() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_broadcast_resend_to_new_member() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let fiona = &tcm.fiona().await;
-
-    let alice_bc_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(alice_bc_id)).await.unwrap();
-
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
-    let mut alice_msg_ids = Vec::new();
-    for i in 0..(N_MSGS_TO_NEW_BROADCAST_MEMBER + 1) {
-        alice_msg_ids.push(
-            alice
-                .send_text(alice_bc_id, &i.to_string())
-                .await
-                .sender_msg_id,
-        );
-    }
-    let fiona_bc_id = tcm.exec_securejoin_qr(fiona, alice, &qr).await;
-    for msg_id in alice_msg_ids {
-        assert_eq!(msg_id.get_state(alice).await?, MessageState::OutDelivered);
-    }
-    for i in 0..N_MSGS_TO_NEW_BROADCAST_MEMBER {
-        let rev_order = false;
-        let resent_msg = alice
-            .pop_sent_msg_ex(rev_order, Duration::ZERO)
-            .await
-            .unwrap();
-        let fiona_msg = fiona.recv_msg(&resent_msg).await;
-        assert_eq!(fiona_msg.chat_id, fiona_bc_id);
-        assert_eq!(fiona_msg.text, (i + 1).to_string());
-        assert!(resent_msg.recipients.contains("fiona@example.net"));
-        assert!(!resent_msg.recipients.contains("bob@"));
-        // The message is undecryptable for Bob, he mustn't be able to know yet that somebody joined
-        // the broadcast even if he is a postman in this land. E.g. Fiona may leave after fetching
-        // the news, Bob won't know about that.
-        assert!(
-            MimeMessage::from_bytes(bob, resent_msg.payload().as_bytes())
-                .await?
-                .decryption_error
-                .is_some()
-        );
-        bob.recv_msg_trash(&resent_msg).await;
-    }
-    assert!(alice.pop_sent_msg_opt(Duration::ZERO).await.is_none());
-    Ok(())
-}
-
 /// - Alice has multiple devices
 /// - Alice creates a broadcast and sends a message into it
 /// - Alice's second device sees the broadcast
@@ -3431,12 +3289,7 @@ async fn test_chat_description(
        initial_description
    );

-    for description in [
-        &"This<>is 'a' \"cool\" chat:/\\|?*".repeat(50),
-        "multiple\nline\n\nbreaks\n\n\r\n.",
-        "",
-        "ä ẟ 😂",
-    ] {
+    for description in ["This is a cool chat", "", "ä ẟ 😂"] {
        tcm.section(&format!(
            "Alice sets the chat description to '{description}'"
        ));
@@ -3864,7 +3717,14 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {
    // The contact should be marked as verified.
    check_direct_chat_is_hidden_and_contact_is_verified(alice, bob0).await;
    check_direct_chat_is_hidden_and_contact_is_verified(bob0, alice).await;
-    check_direct_chat_is_hidden_and_contact_is_verified(bob1, alice).await;
+
+    // TODO: There is a known bug in `observe_securejoin_on_other_device()`:
+    // When Bob joins a group or broadcast with his first device,
+    // then a chat with Alice will pop up on his second device.
+    // When it's fixed, the 2 following lines can be replaced with
+    // `check_direct_chat_is_hidden_and_contact_is_verified(bob1, alice).await;`
+    let bob1_alice_contact = bob1.add_or_lookup_contact_no_key(alice).await;
+    assert!(bob1_alice_contact.is_verified(bob1).await.unwrap());

    tcm.section("Alice sends first message to broadcast.");
    let sent_msg = alice.send_text(alice_chat_id, "Hello!").await;
@@ -3886,7 +3746,7 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {
    assert_eq!(rcvd.chat_id, bob1_hello.chat_id);
    assert!(rcvd.is_info());
    assert_eq!(rcvd.get_info_type(), SystemMessage::MemberRemovedFromGroup);
-    assert_eq!(rcvd.text, stock_str::msg_you_left_broadcast(bob1));
+    assert_eq!(rcvd.text, stock_str::msg_you_left_broadcast(bob1).await);

    Ok(())
 }
@@ -3996,7 +3856,6 @@ async fn test_only_broadcast_owner_can_send_2() -> Result<()> {
    tcm.section("Now, Alice's fingerprint changes");

    alice.sql.execute("DELETE FROM keypairs", ()).await?;
-    *alice.self_public_key.lock().await = None;
    alice
        .sql
        .execute("DELETE FROM config WHERE keyname='key_id'", ())
@@ -4007,20 +3866,14 @@ async fn test_only_broadcast_owner_can_send_2() -> Result<()> {
        .self_fingerprint
        .take();

-    tcm.section("Alice sends a message, which is trashed");
-    let sent = alice.send_text(alice_broadcast_id, "Hi").await;
-    bob.recv_msg_trash(&sent).await;
-    let EventType::Warning(warning) = bob
-        .evtracker
-        .get_matching(|ev| matches!(ev, EventType::Warning(_)))
-        .await
-    else {
-        unreachable!()
-    };
-    assert!(
-        warning.contains("This sender is not allowed to encrypt with this secret key"),
-        "Wrong warning: {warning}"
+    tcm.section(
+        "Alice sends a message, which is not put into the broadcast chat but into a 1:1 chat",
    );
+    let sent = alice.send_text(alice_broadcast_id, "Hi").await;
+    let rcvd = bob.recv_msg(&sent).await;
+    assert_eq!(rcvd.text, "Hi");
+    let bob_alice_chat_id = bob.get_chat(alice).await.id;
+    assert_eq!(rcvd.chat_id, bob_alice_chat_id);

    Ok(())
 }
@@ -4089,7 +3942,6 @@ async fn test_encrypt_decrypt_broadcast() -> Result<()> {
    let grpid = "grpid";

    let alice_bob_contact_id = alice.add_or_lookup_contact_id(bob).await;
-    let bob_alice_contact_id = bob.add_or_lookup_contact_id(alice).await;

    tcm.section("Create a broadcast channel with Bob, and send a message");
    let alice_chat_id = create_out_broadcast_ex(
@@ -4113,7 +3965,6 @@ async fn test_encrypt_decrypt_broadcast() -> Result<()> {
    )
    .await?;
    save_broadcast_secret(bob, bob_chat_id, secret).await?;
-    add_to_chat_contacts_table(bob, time(), bob_chat_id, &[bob_alice_contact_id]).await?;

    let sent = alice
        .send_text(alice_chat_id, "Symmetrically encrypted message")
@@ -4187,7 +4038,7 @@ async fn test_chat_get_encryption_info() -> Result<()> {
        chat_id.get_encryption_info(alice).await?,
        "Messages are end-to-end encrypted.\n\
         \n\
-         bob@example.net(bob@example.net)\n\
+         bob@example.net\n\
         CCCB 5AA9 F6E1 141C 9431\n\
         65F1 DB18 B18C BCF7 0487"
    );
@@ -4197,11 +4048,11 @@ async fn test_chat_get_encryption_info() -> Result<()> {
        chat_id.get_encryption_info(alice).await?,
        "Messages are end-to-end encrypted.\n\
         \n\
-         fiona@example.net(fiona@example.net)\n\
+         fiona@example.net\n\
         C8BA 50BF 4AC1 2FAF 38D7\n\
         F657 DDFC 8E9F 3C79 9195\n\
         \n\
-         bob@example.net(bob@example.net)\n\
+         bob@example.net\n\
         CCCB 5AA9 F6E1 141C 9431\n\
         65F1 DB18 B18C BCF7 0487"
    );
@@ -4873,10 +4724,9 @@ async fn test_sync_broadcast_and_send_message() -> Result<()> {
        vec![a2b_contact_id]
    );

-    // alice2's smeared clock may be behind alice1's one, so we need to work around "hi" appearing
-    // before "You joined the channel." for bob. alice1 makes 3 more calls of
-    // create_smeared_timestamp() than alice2 does as of 2026-03-10.
-    SystemTime::shift(Duration::from_secs(3));
+    // alice2's smeared clock may be behind alice's one, so "hi" from alice2 may appear before "You
+    // joined the channel." for bob.
+    SystemTime::shift(Duration::from_secs(1));
    tcm.section("Alice's second device sends a message to the channel");
    let sent_msg = alice2.send_text(a2_broadcast_id, "hi").await;
    let msg = bob.recv_msg(&sent_msg).await;
@@ -5123,31 +4973,6 @@ async fn test_do_not_overwrite_draft() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_outgoing_msg_after_another_from_future() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let t = &tcm.alice().await;
-    let chat_id = t.get_self_chat().await.id;
-
-    // Simulate sending a message with clock set to the future.
-    SystemTime::shift(Duration::from_secs(3600));
-    let msg_id = send_text_msg(t, chat_id, "test".to_string()).await?;
-    SystemTime::shift_back(Duration::from_secs(3600));
-
-    let timestamp_sent: i64 = t
-        .sql
-        .query_get_value("SELECT timestamp_sent FROM msgs WHERE id=?", (msg_id,))
-        .await?
-        .unwrap();
-    // Let's have a check here that locally sent messages have zero `timestamp_sent`, it can be a
-    // useful invariant.
-    assert_eq!(timestamp_sent, 0);
-
-    let msg_id = send_text_msg(t, chat_id, "Fixed my clock".to_string()).await?;
-    assert_eq!(t.get_last_msg_in(chat_id).await.id, msg_id);
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_info_contact_id() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -5816,7 +5641,7 @@ async fn test_send_delete_request() -> Result<()> {
    let sent2 = alice.pop_sent_msg().await;
    assert_eq!(alice_chat.id.get_msg_cnt(alice).await?, E2EE_INFO_MSGS + 1);

-    // Bob receives both messages and has nothing at the end
+    // Bob receives both messages and has nothing the end
    let bob_msg = bob.recv_msg(&sent1).await;
    assert_eq!(bob_msg.text, "wtf");
    assert_eq!(bob_msg.chat_id.get_msg_cnt(bob).await?, E2EE_INFO_MSGS + 2);
@@ -5824,11 +5649,6 @@ async fn test_send_delete_request() -> Result<()> {
    bob.recv_msg_opt(&sent2).await;
    assert_eq!(bob_msg.chat_id.get_msg_cnt(bob).await?, E2EE_INFO_MSGS + 1);

-    // ... even if he receives messages in reverse order.
-    let bob2 = &tcm.bob().await;
-    bob2.recv_msg_opt(&sent2).await;
-    assert!(bob2.recv_msg_opt(&sent1).await.is_none());
-
    // Alice has another device, and there is also nothing at the end
    let alice2 = &tcm.alice().await;
    alice2.recv_msg(&sent0).await;
@@ -6231,118 +6051,3 @@ async fn test_leftgrps() -> Result<()> {

    Ok(())
 }
-
-/// Tests that if the message arrives late,
-/// it can still be sorted above the last seen message.
-///
-/// Versions 2.47 and below always sorted incoming messages
-/// after the last seen message, but with
-/// the introduction of multi-relay it is possible
-/// that some messages arrive only to some relays
-/// and are fetched after the already arrived seen message.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_late_message_above_seen() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let charlie = &tcm.charlie().await;
-
-    let alice_chat_id = alice
-        .create_group_with_members("Group", &[bob, charlie])
-        .await;
-    let alice_sent = alice.send_text(alice_chat_id, "Hello everyone!").await;
-    let bob_chat_id = bob.recv_msg(&alice_sent).await.chat_id;
-    bob_chat_id.accept(bob).await?;
-    let charlie_chat_id = charlie.recv_msg(&alice_sent).await.chat_id;
-    charlie_chat_id.accept(charlie).await?;
-
-    // Bob sends a message, but the message is delayed.
-    let bob_sent = bob.send_text(bob_chat_id, "Hello from Bob!").await;
-    SystemTime::shift(Duration::from_secs(1000));
-
-    let charlie_sent = charlie
-        .send_text(charlie_chat_id, "Hello from Charlie!")
-        .await;
-
-    // Alice immediately receives a message from Charlie and reads it.
-    let alice_received_from_charlie = alice.recv_msg(&charlie_sent).await;
-    assert_eq!(
-        alice_received_from_charlie.get_text(),
-        "Hello from Charlie!"
-    );
-    message::markseen_msgs(alice, vec![alice_received_from_charlie.id]).await?;
-
-    // Bob message arrives later, it should be above the message from Charlie.
-    let alice_received_from_bob = alice.recv_msg(&bob_sent).await;
-    assert_eq!(alice_received_from_bob.get_text(), "Hello from Bob!");
-
-    // The last message in the chat is still from Charlie.
-    let last_msg = alice.get_last_msg_in(alice_chat_id).await;
-    assert_eq!(last_msg.get_text(), "Hello from Charlie!");
-
-    Ok(())
-}
-
-/// Tests that start message for unpromoted groups sticks to the top of the chat.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_unpromoted_group_start_message() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-
-    // Start messages are disabled for test context by default,
-    // but this test is specifically about start messages.
-    alice.set_config(Config::SkipStartMessages, None).await?;
-
-    // Shift the clock forward, so we can rewind it back later.
-    SystemTime::shift(Duration::from_secs(3600));
-
-    // Alice creates unpromoted group with Bob.
-    let chat_id = create_group(alice, "Group").await?;
-    let bob_id = alice.add_or_lookup_contact_id(bob).await;
-    add_contact_to_chat(alice, chat_id, bob_id).await?;
-
-    let [
-        ChatItem::Message {
-            msg_id: e2ee_msg_id,
-        },
-        ChatItem::Message {
-            msg_id: info_msg_id,
-        },
-    ] = get_chat_msgs(alice, chat_id).await?[..]
-    else {
-        panic!("Expected two messages in the chat");
-    };
-    let msg = Message::load_from_db(alice, e2ee_msg_id).await?;
-    assert_eq!(msg.text, "Messages are end-to-end encrypted.");
-    let msg = Message::load_from_db(alice, info_msg_id).await?;
-    assert_eq!(
-        msg.text,
-        "Others will only see this group after you sent a first message."
-    );
-
-    // Alice rewinds the clock.
-    SystemTime::shift_back(Duration::from_secs(3600));
-
-    let text_msg_id = send_text_msg(alice, chat_id, "Hello".to_string()).await?;
-
-    let [
-        ChatItem::Message {
-            msg_id: e2ee_msg_id2,
-        },
-        ChatItem::Message {
-            msg_id: info_msg_id2,
-        },
-        ChatItem::Message {
-            msg_id: text_msg_id2,
-        },
-    ] = get_chat_msgs(alice, chat_id).await?[..]
-    else {
-        panic!("Expected three messages in the chat");
-    };
-    assert_eq!(e2ee_msg_id2, e2ee_msg_id);
-    assert_eq!(info_msg_id2, info_msg_id);
-    assert_eq!(text_msg_id2, text_msg_id);
-
-    Ok(())
-}
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -142,7 +142,7 @@ impl Chatlist {
                   AND c.blocked!=1
                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?2 AND add_timestamp >= remove_timestamp)
                 GROUP BY c.id
-                 ORDER BY c.archived=?3 DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY c.archived=?3 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                (MessageState::OutDraft, query_contact_id, ChatVisibility::Pinned),
                process_row,
            ).await?
@@ -168,7 +168,7 @@ impl Chatlist {
                   AND c.blocked!=1
                   AND c.archived=1
                 GROUP BY c.id
-                 ORDER BY IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft,),
                    process_row,
                )
@@ -204,7 +204,7 @@ impl Chatlist {
                   AND IFNULL(c.name_normalized,c.name) LIKE ?3
                   AND (NOT ?4 OR EXISTS (SELECT 1 FROM msgs m WHERE m.chat_id = c.id AND m.state == ?5 AND hidden=0))
                 GROUP BY c.id
-                 ORDER BY IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, str_like_cmd, only_unread, MessageState::InFresh),
                    process_row,
                )
@@ -253,7 +253,7 @@ impl Chatlist {
                       AND NOT c.archived=?
                       AND (c.type!=? OR c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=? AND add_timestamp >= remove_timestamp))
                     GROUP BY c.id
-                     ORDER BY c.id=? DESC, c.archived=? DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
+                     ORDER BY c.id=? DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (
                        MessageState::OutDraft, skip_id, ChatVisibility::Archived,
                        Chattype::Group, ContactId::SELF,
@@ -279,7 +279,7 @@ impl Chatlist {
                       AND (c.blocked=0 OR c.blocked=2)
                       AND NOT c.archived=?
                     GROUP BY c.id
-                     ORDER BY c.id=0 DESC, c.archived=? DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
+                     ORDER BY c.id=0 DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, ChatVisibility::Archived, ChatVisibility::Pinned),
                    process_row,
                ).await?
@@ -417,7 +417,7 @@ impl Chatlist {
            Summary::new_with_reaction_details(context, &lastmsg, chat, lastcontact.as_ref()).await
        } else {
            Ok(Summary {
-                text: stock_str::no_messages(context),
+                text: stock_str::no_messages(context).await,
                ..Default::default()
            })
        }
@@ -648,6 +648,7 @@ mod tests {
        assert_eq!(chats.len(), 0);

        t.set_stock_translation(StockMessage::SavedMessages, "test-1234-save".to_string())
+            .await
            .unwrap();
        let chats = Chatlist::try_load(&t, 0, Some("t-1234-s"), None)
            .await
@@ -655,6 +656,7 @@ mod tests {
        assert_eq!(chats.len(), 1);

        t.set_stock_translation(StockMessage::DeviceMessages, "test-5678-babbel".to_string())
+            .await
            .unwrap();
        let chats = Chatlist::try_load(&t, 0, Some("t-5678-b"), None)
            .await
--- a/src/config.rs
+++ b/src/config.rs
@@ -19,7 +19,7 @@ use crate::log::LogExt;
 use crate::mimefactory::RECOMMENDED_FILE_SIZE;
 use crate::provider::Provider;
 use crate::sync::{self, Sync::*, SyncData};
-use crate::tools::{get_abs_path, time};
+use crate::tools::get_abs_path;
 use crate::transport::{ConfiguredLoginParam, add_pseudo_transport, send_sync_transports};
 use crate::{constants, stats};

@@ -42,85 +42,50 @@ use crate::{constants, stats};
 )]
 #[strum(serialize_all = "snake_case")]
 pub enum Config {
-    /// Deprecated(2026-04).
-    /// Use ConfiguredAddr, [`crate::login_param::EnteredLoginParam`],
-    /// or add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Email address, used in the `From:` field.
    Addr,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// IMAP server hostname.
    MailServer,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// IMAP server username.
    MailUser,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// IMAP server password.
    MailPw,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// IMAP server port.
    MailPort,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// IMAP server security (e.g. TLS, STARTTLS).
    MailSecurity,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// How to check TLS certificates.
    ///
    /// "IMAP" in the name is for compatibility,
    /// this actually applies to both IMAP and SMTP connections.
    ImapCertificateChecks,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// SMTP server hostname.
    SendServer,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// SMTP server username.
    SendUser,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// SMTP server password.
    SendPw,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// SMTP server port.
    SendPort,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// SMTP server security (e.g. TLS, STARTTLS).
    SendSecurity,

-    /// Deprecated(2026-04).
-    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    /// Deprecated option for backwards compatibility.
    ///
+    /// Certificate checks for SMTP are actually controlled by `imap_certificate_checks` config.
+    SmtpCertificateChecks,
+
    /// Whether to use OAuth 2.
    ///
    /// Historically contained other bitflags, which are now deprecated.
@@ -190,6 +155,22 @@ pub enum Config {
    #[strum(props(default = "1"))]
    MdnsEnabled,

+    /// True if chat messages should be moved to a separate folder. Auto-sent messages like sync
+    /// ones are moved there anyway.
+    #[strum(props(default = "1"))]
+    MvboxMove,
+
+    /// Watch for new messages in the "Mvbox" (aka DeltaChat folder) only.
+    ///
+    /// This will not entirely disable other folders, e.g. the spam folder will also still
+    /// be watched for new messages.
+    #[strum(props(default = "0"))]
+    OnlyFetchMvbox,
+
+    /// Whether to show classic emails or only chat messages.
+    #[strum(props(default = "2"))] // also change ShowEmails.default() on changes
+    ShowEmails,
+
    /// Quality of the media files to send.
    #[strum(props(default = "0"))] // also change MediaQuality.default() on changes
    MediaQuality,
@@ -216,47 +197,32 @@ pub enum Config {
    /// The primary email address.
    ConfiguredAddr,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// List of configured IMAP servers as a JSON array.
    ConfiguredImapServers,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured IMAP server hostname.
    ///
    /// This is replaced by `configured_imap_servers` for new configurations.
    ConfiguredMailServer,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured IMAP server port.
+    ///
+    /// This is replaced by `configured_imap_servers` for new configurations.
    ConfiguredMailPort,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured IMAP server security (e.g. TLS, STARTTLS).
+    ///
+    /// This is replaced by `configured_imap_servers` for new configurations.
    ConfiguredMailSecurity,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured IMAP server username.
+    ///
+    /// This is set if user has configured username manually.
    ConfiguredMailUser,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured IMAP server password.
    ConfiguredMailPw,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured TLS certificate checks.
    /// This option is saved on successful configuration
    /// and should not be modified manually.
@@ -265,68 +231,52 @@ pub enum Config {
    /// but has "IMAP" in the name for backwards compatibility.
    ConfiguredImapCertificateChecks,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// List of configured SMTP servers as a JSON array.
    ConfiguredSmtpServers,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured SMTP server hostname.
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendServer,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured SMTP server port.
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendPort,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured SMTP server security (e.g. TLS, STARTTLS).
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendSecurity,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured SMTP server username.
    ///
    /// This is set if user has configured username manually.
    ConfiguredSendUser,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
-    ///
    /// Configured SMTP server password.
    ConfiguredSendPw,

-    /// Deprecated(2026-04).
-    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    /// Deprecated, stored for backwards compatibility.
    ///
+    /// ConfiguredImapCertificateChecks is actually used.
+    ConfiguredSmtpCertificateChecks,
+
    /// Whether OAuth 2 is used with configured provider.
    ConfiguredServerFlags,

    /// Configured folder for incoming messages.
    ConfiguredInboxFolder,

+    /// Configured folder for chat messages.
+    ConfiguredMvboxFolder,
+
    /// Unix timestamp of the last successful configuration.
    ConfiguredTimestamp,

    /// ID of the configured provider from the provider database.
    ConfiguredProvider,

-    /// Deprecated(2026-04).
-    /// Use [`Context::is_configured()`] instead.
-    ///
    /// True if account is configured.
    Configured,

@@ -367,6 +317,11 @@ pub enum Config {
    #[strum(props(default = "0"))]
    NotifyAboutWrongPw,

+    /// If a warning about exceeding quota was shown recently,
+    /// this is the percentage of quota at the time the warning was given.
+    /// Unset, when quota falls below minimal warning threshold again.
+    QuotaExceeding,
+
    /// Timestamp of the last time housekeeping was run
    LastHousekeeping,

@@ -407,6 +362,15 @@ pub enum Config {
    #[strum(props(default = "1"))]
    SyncMsgs,

+    /// Space-separated list of all the authserv-ids which we believe
+    /// may be the one of our email server.
+    ///
+    /// See `crate::authres::update_authservid_candidates`.
+    AuthservIdCandidates,
+
+    /// Make all outgoing messages with Autocrypt header "multipart/signed".
+    SignUnencrypted,
+
    /// Let the core save all events to the database.
    /// This value is used internally to remember the MsgId of the logging xdc
    #[strum(props(default = "0"))]
@@ -501,13 +465,21 @@ impl Config {
    pub(crate) fn is_synced(&self) -> bool {
        matches!(
            self,
-            Self::Displayname | Self::MdnsEnabled | Self::Selfavatar | Self::Selfstatus,
+            Self::Displayname
+                | Self::MdnsEnabled
+                | Self::MvboxMove
+                | Self::ShowEmails
+                | Self::Selfavatar
+                | Self::Selfstatus,
        )
    }

    /// Whether the config option needs an IO scheduler restart to take effect.
    pub(crate) fn needs_io_restart(&self) -> bool {
-        matches!(self, Config::ConfiguredAddr)
+        matches!(
+            self,
+            Config::MvboxMove | Config::OnlyFetchMvbox | Config::ConfiguredAddr
+        )
    }
 }

@@ -622,6 +594,13 @@ impl Context {
            .is_some_and(|x| x != 0))
    }

+    /// Returns true if movebox ("DeltaChat" folder) should be watched.
+    pub(crate) async fn should_watch_mvbox(&self) -> Result<bool> {
+        Ok(self.get_config_bool(Config::MvboxMove).await?
+            || self.get_config_bool(Config::OnlyFetchMvbox).await?
+            || !self.get_config_bool(Config::IsChatmail).await?)
+    }
+
    /// Returns true if sync messages should be sent.
    pub(crate) async fn should_send_sync_msgs(&self) -> Result<bool> {
        Ok(self.get_config_bool(Config::SyncMsgs).await?
@@ -703,10 +682,13 @@ impl Context {
            | Config::ProxyEnabled
            | Config::BccSelf
            | Config::MdnsEnabled
+            | Config::MvboxMove
+            | Config::OnlyFetchMvbox
            | Config::Configured
            | Config::Bot
            | Config::NotifyAboutWrongPw
            | Config::SyncMsgs
+            | Config::SignUnencrypted
            | Config::DisableIdle => {
                ensure!(
                    matches!(value, None | Some("0") | Some("1")),
@@ -724,6 +706,11 @@ impl Context {
    pub async fn set_config(&self, key: Config, value: Option<&str>) -> Result<()> {
        Self::check_config(key, value)?;

+        let n_transports = self.count_transports().await?;
+        if n_transports > 1 && matches!(key, Config::MvboxMove | Config::OnlyFetchMvbox) {
+            bail!("Cannot reconfigure {key} when multiple transports are configured");
+        }
+
        let _pause = match key.needs_io_restart() {
            true => self.scheduler.pause(self).await?,
            _ => Default::default(),
@@ -802,6 +789,12 @@ impl Context {
                    .set_raw_config(key.as_ref(), value.map(|s| s.to_lowercase()).as_deref())
                    .await?;
            }
+            Config::MvboxMove => {
+                self.sql.set_raw_config(key.as_ref(), value).await?;
+                self.sql
+                    .set_raw_config(constants::DC_FOLDERS_CONFIGURED_KEY, None)
+                    .await?;
+            }
            Config::ConfiguredAddr => {
                let Some(addr) = value else {
                    bail!("Cannot unset configured_addr");
@@ -835,22 +828,6 @@ impl Context {
                                (addr,),
                            )?;

-                            // Update the timestamp for the primary transport
-                            // so it becomes the first in `get_all_self_addrs()` list
-                            // and the list of relays distributed in the public key.
-                            // This ensures that messages will be sent
-                            // to the primary relay by the contacts
-                            // and will be fetched in background_fetch()
-                            // which only fetches from the primary transport.
-                            transaction
-                                .execute(
-                                    "UPDATE transports SET add_timestamp=?, is_published=1 WHERE addr=?",
-                                    (time(), addr),
-                                )
-                                .context(
-                                    "Failed to update add_timestamp for the new primary transport",
-                                )?;
-
                            // Clean up SMTP and IMAP APPEND queue.
                            //
                            // The messages in the queue have a different
@@ -940,23 +917,16 @@ impl Context {
    /// Determine whether the specified addr maps to the/a self addr.
    /// Returns `false` if no addresses are configured.
    pub(crate) async fn is_self_addr(&self, addr: &str) -> Result<bool> {
-        // Employ the config cache to optimize for `ConfiguredAddr` passed.
-        if !addr.is_empty()
-            && addr_cmp(
-                addr,
-                &self
-                    .get_config(Config::ConfiguredAddr)
-                    .await?
-                    .unwrap_or_default(),
-            )
-        {
-            return Ok(true);
-        }
        Ok(self
-            .get_all_self_addrs()
+            .get_config(Config::ConfiguredAddr)
            .await?
            .iter()
-            .any(|a| addr_cmp(addr, a)))
+            .any(|a| addr_cmp(addr, a))
+            || self
+                .get_secondary_self_addrs()
+                .await?
+                .iter()
+                .any(|a| addr_cmp(addr, a)))
    }

    /// Sets `primary_new` as the new primary self address and saves the old
@@ -974,51 +944,20 @@ impl Context {
        Ok(())
    }

-    /// Returns all self addresses, newest first.
+    /// Returns the primary self address followed by all secondary ones.
    pub(crate) async fn get_all_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
+        let primary_addrs = self.get_config(Config::ConfiguredAddr).await?.into_iter();
+        let secondary_addrs = self.get_secondary_self_addrs().await?.into_iter();
+
+        Ok(primary_addrs.chain(secondary_addrs).collect())
    }

-    /// Returns all published self addresses, newest first.
-    /// See `[Context::set_transport_unpublished]`
-    pub(crate) async fn get_published_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports WHERE is_published=1 ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
-    }
-
-    /// Returns all published secondary self addresses.
-    /// See `[Context::set_transport_unpublished]`
-    pub(crate) async fn get_published_secondary_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql
-            .query_map_vec(
-                "SELECT addr FROM transports
-                WHERE is_published
-                AND addr NOT IN (SELECT value FROM config WHERE keyname='configured_addr')
-                ORDER BY add_timestamp DESC, id DESC",
-                (),
-                |row| {
-                    let addr: String = row.get(0)?;
-                    Ok(addr)
-                },
-            )
-            .await
+    /// Returns all secondary self addresses.
+    pub(crate) async fn get_secondary_self_addrs(&self) -> Result<Vec<String>> {
+        self.sql.query_map_vec("SELECT addr FROM transports WHERE addr NOT IN (SELECT value FROM config WHERE keyname='configured_addr')", (), |row| {
+            let addr: String = row.get(0)?;
+            Ok(addr)
+        }).await
    }

    /// Returns the primary self address.
--- a/src/config/config_tests.rs
+++ b/src/config/config_tests.rs
@@ -196,6 +196,13 @@ async fn test_sync() -> Result<()> {
    sync(&alice0, &alice1).await;
    assert_eq!(alice1.get_config_bool(Config::MdnsEnabled).await?, false);

+    for key in [Config::ShowEmails, Config::MvboxMove] {
+        let val = alice0.get_config_bool(key).await?;
+        alice0.set_config_bool(key, !val).await?;
+        sync(&alice0, &alice1).await;
+        assert_eq!(alice1.get_config_bool(key).await?, !val);
+    }
+
    // `Config::SyncMsgs` mustn't be synced.
    alice0.set_config_bool(Config::SyncMsgs, false).await?;
    alice0.set_config_bool(Config::SyncMsgs, true).await?;
@@ -239,7 +246,8 @@ async fn test_sync() -> Result<()> {
        alice1
            .get_config(Config::Selfavatar)
            .await?
-            .is_some_and(|path| path.ends_with(".png"))
+            .filter(|path| path.ends_with(".png"))
+            .is_some()
    );
    alice0.set_config(Config::Selfavatar, None).await?;
    sync(&alice0, &alice1).await;
@@ -297,14 +305,16 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
        alice1
            .get_config(Config::Selfavatar)
            .await?
-            .is_some_and(|path| path.ends_with(".jpg"))
+            .filter(|path| path.ends_with(".jpg"))
+            .is_some()
    );
    sync(alice1, alice0).await;
    assert!(
        alice0
            .get_config(Config::Selfavatar)
            .await?
-            .is_some_and(|path| path.ends_with(".jpg"))
+            .filter(|path| path.ends_with(".jpg"))
+            .is_some()
    );

    Ok(())
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -28,8 +28,8 @@ use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::imap::Imap;
 use crate::log::warn;
+use crate::login_param::EnteredCertificateChecks;
 pub use crate::login_param::EnteredLoginParam;
-use crate::login_param::{EnteredCertificateChecks, TransportListEntry};
 use crate::message::Message;
 use crate::net::proxy::ProxyConfig;
 use crate::oauth2::get_oauth2_addr;
@@ -76,7 +76,7 @@ impl Context {
    /// Deprecated since 2025-02; use `add_transport_from_qr()`
    /// or `add_or_update_transport()` instead.
    pub async fn configure(&self) -> Result<()> {
-        let mut param = EnteredLoginParam::load_legacy(self).await?;
+        let mut param = EnteredLoginParam::load(self).await?;

        self.add_transport_inner(&mut param).await
    }
@@ -110,7 +110,6 @@ impl Context {
    ///   from a server encoded in a QR code.
    /// - [Self::list_transports()] to get a list of all configured transports.
    /// - [Self::delete_transport()] to remove a transport.
-    /// - [Self::set_transport_unpublished()] to set whether contacts see this transport.
    pub async fn add_or_update_transport(&self, param: &mut EnteredLoginParam) -> Result<()> {
        self.stop_io().await;
        let result = self.add_transport_inner(param).await;
@@ -146,11 +145,11 @@ impl Context {
        if let Err(err) = res.as_ref() {
            // We are using Anyhow's .context() and to show the
            // inner error, too, we need the {:#}:
-            let error_msg = stock_str::configuration_failed(self, &format!("{err:#}"));
+            let error_msg = stock_str::configuration_failed(self, &format!("{err:#}")).await;
            progress!(self, 0, Some(error_msg.clone()));
            bail!(error_msg);
        } else {
-            param.save_legacy(self).await?;
+            param.save(self).await?;
            progress!(self, 1000);
        }

@@ -189,22 +188,14 @@ impl Context {
    /// Returns the list of all email accounts that are used as a transport in the current profile.
    /// Use [Self::add_or_update_transport()] to add or change a transport
    /// and [Self::delete_transport()] to delete a transport.
-    pub async fn list_transports(&self) -> Result<Vec<TransportListEntry>> {
+    pub async fn list_transports(&self) -> Result<Vec<EnteredLoginParam>> {
        let transports = self
            .sql
-            .query_map_vec(
-                "SELECT entered_param, is_published FROM transports",
-                (),
-                |row| {
-                    let param: String = row.get(0)?;
-                    let param: EnteredLoginParam = serde_json::from_str(&param)?;
-                    let is_published: bool = row.get(1)?;
-                    Ok(TransportListEntry {
-                        param,
-                        is_unpublished: !is_published,
-                    })
-                },
-            )
+            .query_map_vec("SELECT entered_param FROM transports", (), |row| {
+                let entered_param: String = row.get(0)?;
+                let transport: EnteredLoginParam = serde_json::from_str(&entered_param)?;
+                Ok(transport)
+            })
            .await?;

        Ok(transports)
@@ -243,6 +234,11 @@ impl Context {
                        Ok((id, add_timestamp))
                    },
                )?;
+                transaction.execute("DELETE FROM imap WHERE transport_id=?", (transport_id,))?;
+                transaction.execute(
+                    "DELETE FROM imap_sync WHERE transport_id=?",
+                    (transport_id,),
+                )?;

                // Removal timestamp should not be lower than addition timestamp
                // to be accepted by other devices when synced.
@@ -261,49 +257,10 @@ impl Context {
            .await?;
        send_sync_transports(self).await?;
        self.quota.write().await.remove(&removed_transport_id);
-        self.restart_io_if_running().await;

        Ok(())
    }

-    /// Change whether the transport is unpublished.
-    ///
-    /// Unpublished transports are not advertised to contacts,
-    /// and self-sent messages are not sent there,
-    /// so that we don't cause extra messages to the corresponding inbox,
-    /// but can still receive messages from contacts who don't know our new transport addresses yet.
-    ///
-    /// The default is false, but when the user updates from a version that didn't have this flag,
-    /// existing secondary transports are set to unpublished,
-    /// so that an existing transport address doesn't suddenly get spammed with a lot of messages.
-    pub async fn set_transport_unpublished(&self, addr: &str, unpublished: bool) -> Result<()> {
-        self.sql
-            .transaction(|trans| {
-                let primary_addr: String = trans
-                    .query_row(
-                        "SELECT value FROM config WHERE keyname='configured_addr'",
-                        (),
-                        |row| row.get(0),
-                    )
-                    .context("Select primary address")?;
-                if primary_addr == addr && unpublished {
-                    bail!("Can't set primary relay as unpublished");
-                }
-                // We need to update the timestamp so that the key's timestamp changes
-                // and is recognized as newer by our peers
-                trans
-                    .execute(
-                        "UPDATE transports SET is_published=?, add_timestamp=? WHERE addr=? AND is_published!=?1",
-                        (!unpublished, time(), addr),
-                    )
-                    .context("Update transports")?;
-                Ok(())
-            })
-            .await?;
-        send_sync_transports(self).await?;
-        Ok(())
-    }
-
    async fn inner_configure(&self, param: &EnteredLoginParam) -> Result<()> {
        info!(self, "Configure ...");

@@ -316,16 +273,31 @@ impl Context {
                    (&param.addr,),
                )
                .await?
-            && self
+        {
+            // Should be checked before `MvboxMove` because the latter makes no sense in presense of
+            // `OnlyFetchMvbox` and even grayed out in the UIs in this case.
+            if self.get_config(Config::OnlyFetchMvbox).await?.as_deref() != Some("0") {
+                bail!(
+                    "To use additional relays, disable the legacy option \"Settings / Advanced / Only Fetch from DeltaChat Folder\"."
+                );
+            }
+            if self.get_config(Config::MvboxMove).await?.as_deref() != Some("0") {
+                bail!(
+                    "To use additional relays, disable the legacy option \"Settings / Advanced / Move automatically to DeltaChat Folder\"."
+                );
+            }
+
+            if self
                .sql
                .count("SELECT COUNT(*) FROM transports", ())
                .await?
                >= MAX_TRANSPORT_RELAYS
-        {
-            bail!(
-                "You have reached the maximum number of relays ({}).",
-                MAX_TRANSPORT_RELAYS
-            )
+            {
+                bail!(
+                    "You have reached the maximum number of relays ({}).",
+                    MAX_TRANSPORT_RELAYS
+                )
+            }
        }

        let provider = match configure(self, param).await {
@@ -538,7 +510,6 @@ async fn get_configured_param(
            .collect(),
        imap_user: param.imap.user.clone(),
        imap_password: param.imap.password.clone(),
-        imap_folder: Some(param.imap.folder.clone()).filter(|folder| !folder.is_empty()),
        smtp: servers
            .iter()
            .filter_map(|params| {
@@ -578,6 +549,9 @@ async fn get_configured_param(
 async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'static Provider>> {
    progress!(ctx, 1);

+    let ctx2 = ctx.clone();
+    let update_device_chats_handle = task::spawn(async move { ctx2.update_device_chats().await });
+
    let configured_param = get_configured_param(ctx, param).await?;
    let proxy_config = ProxyConfig::load(ctx).await?;
    let strict_tls = configured_param.strict_tls(proxy_config.is_some());
@@ -619,7 +593,10 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    let imap_session = match imap.connect(ctx, configuring).await {
        Ok(imap_session) => imap_session,
        Err(err) => {
-            bail!("{}", nicer_configuration_error(ctx, format!("{err:#}")));
+            bail!(
+                "{}",
+                nicer_configuration_error(ctx, format!("{err:#}")).await
+            );
        }
    };

@@ -631,6 +608,10 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    progress!(ctx, 900);

    let is_configured = ctx.is_configured().await?;
+    if !is_configured {
+        ctx.sql.set_raw_config("mvbox_move", Some("0")).await?;
+        ctx.sql.set_raw_config("only_fetch_mvbox", None).await?;
+    }
    if !ctx.get_config_bool(Config::FixIsChatmail).await? {
        if imap_session.is_chatmail() {
            ctx.sql.set_raw_config("is_chatmail", Some("1")).await?;
@@ -661,9 +642,7 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    ctx.scheduler.interrupt_inbox().await;

    progress!(ctx, 940);
-    ctx.update_device_chats()
-        .await
-        .context("Failed to update device chats")?;
+    update_device_chats_handle.await??;

    ctx.sql.set_raw_config_bool("configured", true).await?;
    ctx.emit_event(EventType::AccountsItemChanged);
@@ -756,7 +735,7 @@ async fn get_autoconfig(
    None
 }

-fn nicer_configuration_error(context: &Context, e: String) -> String {
+async fn nicer_configuration_error(context: &Context, e: String) -> String {
    if e.to_lowercase().contains("could not resolve")
        || e.to_lowercase().contains("connection attempts")
        || e.to_lowercase()
@@ -765,7 +744,7 @@ fn nicer_configuration_error(context: &Context, e: String) -> String {
        || e.to_lowercase()
            .contains("failed to lookup address information")
    {
-        return stock_str::error_no_network(context);
+        return stock_str::error_no_network(context).await;
    }

    e
@@ -794,7 +773,7 @@ pub enum Error {
 mod tests {
    use super::*;
    use crate::config::Config;
-    use crate::login_param::EnteredImapLoginParam;
+    use crate::login_param::EnteredServerLoginParam;
    use crate::test_utils::TestContext;

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -813,7 +792,7 @@ mod tests {
        let entered_param = EnteredLoginParam {
            addr: "alice@example.org".to_string(),

-            imap: EnteredImapLoginParam {
+            imap: EnteredServerLoginParam {
                user: "alice@example.net".to_string(),
                password: "foobar".to_string(),
                ..Default::default()
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -36,6 +36,17 @@ pub enum Blocked {
    Request = 2,
 }

+#[derive(
+    Debug, Default, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql,
+)]
+#[repr(u8)]
+pub enum ShowEmails {
+    Off = 0,
+    AcceptedContacts = 1,
+    #[default] // also change Config.ShowEmails props(default) on changes
+    All = 2,
+}
+
 #[derive(
    Debug, Default, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql,
 )]
@@ -188,7 +199,7 @@ pub const WORSE_IMAGE_BYTES: usize = 130_000;
 // max. width/height and bytes of an avatar
 pub(crate) const BALANCED_AVATAR_SIZE: u32 = 512;
 pub(crate) const BALANCED_AVATAR_BYTES: usize = 60_000;
-pub(crate) const WORSE_AVATAR_SIZE: u32 = 256;
+pub(crate) const WORSE_AVATAR_SIZE: u32 = 128;
 pub(crate) const WORSE_AVATAR_BYTES: usize = 20_000; // this also fits to Outlook servers don't allowing headers larger than 32k.

 // max. width/height of images scaled down because of being too huge
@@ -199,6 +210,11 @@ pub const WORSE_IMAGE_SIZE: u32 = 640;
 /// usage by UIs.
 pub const MAX_RCVD_IMAGE_PIXELS: u32 = 50_000_000;

+// Key for the folder configuration version (see below).
+pub(crate) const DC_FOLDERS_CONFIGURED_KEY: &str = "folders_configured";
+// this value can be increased if the folder configuration is changed and must be redone on next program start
+pub(crate) const DC_FOLDERS_CONFIGURED_VERSION: i32 = 5;
+
 // If more recipients are needed in SMTP's `RCPT TO:` header, the recipient list is split into
 // chunks. This does not affect MIME's `To:` header. Can be overwritten by setting
 // `max_smtp_rcpt_to` in the provider db.
@@ -218,6 +234,19 @@ pub(crate) const TIMESTAMP_SENT_TOLERANCE: i64 = 60;
 // Newer Delta Chats will remove the prefix as needed.
 pub(crate) const EDITED_PREFIX: &str = "✏️";

+// Strings needed to render the Autocrypt Setup Message.
+// Left untranslated as not being supported/recommended workflow and as translations would require deep knowledge.
+pub(crate) const ASM_SUBJECT: &str = "Autocrypt Setup Message";
+pub(crate) const ASM_BODY: &str = "This is the Autocrypt Setup Message \
+    used to transfer your end-to-end setup between clients.
+
+    To decrypt and use your setup, \
+    open the message in an Autocrypt-compliant client \
+    and enter the setup code presented on the generating device.
+
+    If you see this message in a chatmail client (Delta Chat, Arcane Chat, Delta Touch ...), \
+    use \"Settings / Add Second Device\" instead.";
+
 /// Period between `sql::housekeeping()` runs.
 pub(crate) const HOUSEKEEPING_PERIOD: i64 = 24 * 60 * 60;

@@ -233,9 +262,6 @@ Here is what to do:

 If you have any questions, please send an email to delta@merlinux.eu or ask at https://support.delta.chat/."#;

-/// How many recent messages should be re-sent to a new broadcast member.
-pub(crate) const N_MSGS_TO_NEW_BROADCAST_MEMBER: usize = 10;
-
 #[cfg(test)]
 mod tests {
    use num_traits::FromPrimitive;
@@ -251,6 +277,18 @@ mod tests {
        assert_eq!(Chattype::OutBroadcast, Chattype::from_i32(160).unwrap());
    }

+    #[test]
+    fn test_showemails_values() {
+        // values may be written to disk and must not change
+        assert_eq!(ShowEmails::All, ShowEmails::default());
+        assert_eq!(ShowEmails::Off, ShowEmails::from_i32(0).unwrap());
+        assert_eq!(
+            ShowEmails::AcceptedContacts,
+            ShowEmails::from_i32(1).unwrap()
+        );
+        assert_eq!(ShowEmails::All, ShowEmails::from_i32(2).unwrap());
+    }
+
    #[test]
    fn test_blocked_values() {
        // values may be written to disk and must not change
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -35,7 +35,6 @@ use crate::log::{LogExt, warn};
 use crate::message::MessageState;
 use crate::mimeparser::AvatarAction;
 use crate::param::{Param, Params};
-use crate::pgp::{addresses_from_public_key, merge_openpgp_certificates};
 use crate::sync::{self, Sync::*};
 use crate::tools::{SystemTime, duration_to_str, get_abs_path, normalize_text, time, to_lowercase};
 use crate::{chat, chatlist_events, ensure_and_debug_assert_ne, stock_str};
@@ -315,67 +314,6 @@ pub async fn make_vcard(context: &Context, contacts: &[ContactId]) -> Result<Str
        .to_string())
 }

-/// Imports public key into the public key store.
-///
-/// They key may come from Autocrypt header,
-/// Autocrypt-Gossip header or a vCard.
-///
-/// If the key with the same fingerprint already exists,
-/// it is updated by merging the new key.
-pub(crate) async fn import_public_key(
-    context: &Context,
-    public_key: &SignedPublicKey,
-) -> Result<()> {
-    public_key
-        .verify_bindings()
-        .context("Attempt to import broken public key")?;
-
-    let fingerprint = public_key.dc_fingerprint().hex();
-
-    let merged_public_key;
-    let merged_public_key_ref = if let Some(public_key_bytes) = context
-        .sql
-        .query_row_optional(
-            "SELECT public_key
-             FROM public_keys
-             WHERE fingerprint=?",
-            (&fingerprint,),
-            |row| {
-                let bytes: Vec<u8> = row.get(0)?;
-                Ok(bytes)
-            },
-        )
-        .await?
-    {
-        let old_public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
-        merged_public_key = merge_openpgp_certificates(public_key.clone(), old_public_key)
-            .context("Failed to merge public keys")?;
-        &merged_public_key
-    } else {
-        public_key
-    };
-
-    let inserted = context
-        .sql
-        .execute(
-            "INSERT INTO public_keys (fingerprint, public_key)
-             VALUES (?, ?)
-             ON CONFLICT (fingerprint)
-             DO UPDATE SET public_key=excluded.public_key
-                WHERE public_key!=excluded.public_key",
-            (&fingerprint, merged_public_key_ref.to_bytes()),
-        )
-        .await?;
-    if inserted > 0 {
-        info!(
-            context,
-            "Saved key with fingerprint {fingerprint} from the Autocrypt header"
-        );
-    }
-
-    Ok(())
-}
-
 /// Imports contacts from the given vCard.
 ///
 /// Returns the ids of successfully processed contacts in the order they appear in `vcard`,
@@ -414,14 +352,23 @@ async fn import_vcard_contact(context: &Context, contact: &VcardContact) -> Resu
            .ok()
    });

-    let fingerprint = if let Some(public_key) = key {
-        import_public_key(context, &public_key)
-            .await
-            .context("Failed to import public key from vCard")?;
-        public_key.dc_fingerprint().hex()
+    let fingerprint;
+    if let Some(public_key) = key {
+        fingerprint = public_key.dc_fingerprint().hex();
+
+        context
+            .sql
+            .execute(
+                "INSERT INTO public_keys (fingerprint, public_key)
+                 VALUES (?, ?)
+                 ON CONFLICT (fingerprint)
+                 DO NOTHING",
+                (&fingerprint, public_key.to_bytes()),
+            )
+            .await?;
    } else {
-        String::new()
-    };
+        fingerprint = String::new();
+    }

    let (id, modified) =
        match Contact::add_or_lookup_ex(context, &contact.authname, &addr, &fingerprint, origin)
@@ -688,7 +635,7 @@ impl Contact {
            .await?
        {
            if contact_id == ContactId::SELF {
-                contact.name = stock_str::self_msg(context);
+                contact.name = stock_str::self_msg(context).await;
                contact.authname = context
                    .get_config(Config::Displayname)
                    .await?
@@ -705,9 +652,9 @@ impl Contact {
                    .await?
                    .unwrap_or_default();
            } else if contact_id == ContactId::DEVICE {
-                contact.name = stock_str::device_messages(context);
+                contact.name = stock_str::device_messages(context).await;
                contact.addr = ContactId::DEVICE_ADDR.to_string();
-                contact.status = stock_str::device_messages_hint(context);
+                contact.status = stock_str::device_messages_hint(context).await;
            }
            Ok(Some(contact))
        } else {
@@ -1182,9 +1129,7 @@ VALUES (?, ?, ?, ?, ?, ?)
        let mut ret = Vec::new();
        let flag_add_self = (listflags & constants::DC_GCL_ADD_SELF) != 0;
        let flag_address = (listflags & constants::DC_GCL_ADDRESS) != 0;
-        let minimal_origin = if context.get_config_bool(Config::Bot).await?
-            || query.is_some_and(may_be_valid_addr)
-        {
+        let minimal_origin = if context.get_config_bool(Config::Bot).await? {
            Origin::Unknown
        } else {
            Origin::IncomingReplyTo
@@ -1242,7 +1187,7 @@ ORDER BY c.origin>=? DESC, c.last_seen DESC, c.id DESC

                if self_addr.contains(query)
                    || self_name.contains(query)
-                    || self_name2.contains(query)
+                    || self_name2.await.contains(query)
                {
                    add_self = true;
                }
@@ -1394,27 +1339,27 @@ WHERE addr=?
            .unwrap_or_default();

        let Some(fingerprint_other) = contact.fingerprint() else {
-            return Ok(stock_str::encr_none(context));
+            return Ok(stock_str::encr_none(context).await);
        };
-        let fingerprint_other = fingerprint_other.human_readable();
+        let fingerprint_other = fingerprint_other.to_string();

        let stock_message = if contact.public_key(context).await?.is_some() {
-            stock_str::messages_are_e2ee(context)
+            stock_str::messages_are_e2ee(context).await
        } else {
-            stock_str::encr_none(context)
+            stock_str::encr_none(context).await
        };

-        let finger_prints = stock_str::finger_prints(context);
+        let finger_prints = stock_str::finger_prints(context).await;
        let mut ret = format!("{stock_message}\n{finger_prints}:");

        let fingerprint_self = load_self_public_key(context)
            .await?
            .dc_fingerprint()
-            .human_readable();
+            .to_string();
        if addr < contact.addr {
            cat_fingerprint(
                &mut ret,
-                &stock_str::self_msg(context),
+                &stock_str::self_msg(context).await,
                &addr,
                &fingerprint_self,
            );
@@ -1433,22 +1378,12 @@ WHERE addr=?
            );
            cat_fingerprint(
                &mut ret,
-                &stock_str::self_msg(context),
+                &stock_str::self_msg(context).await,
                &addr,
                &fingerprint_self,
            );
        }

-        if let Some(public_key) = contact.public_key(context).await?
-            && let Some(relay_addrs) = addresses_from_public_key(&public_key)
-        {
-            ret += "\n\nRelays:";
-            for relay in &relay_addrs {
-                ret += "\n";
-                ret += relay;
-            }
-        }
-
        Ok(ret)
    }

@@ -2068,6 +2003,7 @@ pub(crate) async fn mark_contact_id_as_verified(
    Ok(())
 }

+#[expect(clippy::arithmetic_side_effects)]
 fn cat_fingerprint(ret: &mut String, name: &str, addr: &str, fingerprint: &str) {
    *ret += &format!("\n\n{name} ({addr}):\n{fingerprint}");
 }
--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -4,7 +4,6 @@ use super::*;
 use crate::chat::{Chat, get_chat_contacts, send_text_msg};
 use crate::chatlist::Chatlist;
 use crate::receive_imf::receive_imf;
-use crate::securejoin::get_securejoin_qr;
 use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote, sync};

 #[test]
@@ -155,50 +154,6 @@ async fn test_get_contacts() -> Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_search_contacts_from_group() -> Result<()> {
-    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
-    let bob = &tcm.bob().await;
-    let fiona = &tcm.fiona().await;
-
-    let alice_chat_id = chat::create_group(alice, "").await?;
-    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
-    let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
-    tcm.exec_securejoin_qr(fiona, alice, &qr).await;
-
-    // Workaround for "member added" for fiona not sent to bob.
-    let gossip_period = alice.get_config_int(Config::GossipPeriod).await?;
-    SystemTime::shift(Duration::from_secs(gossip_period.try_into()?));
-    send_text_msg(alice, alice_chat_id, "hello".to_string()).await?;
-    let sent_msg = alice.pop_sent_msg().await;
-    bob.recv_msg(&sent_msg).await;
-    fiona.recv_msg(&sent_msg).await;
-
-    let contacts = Contact::get_all(bob, 0, None).await?;
-    let bob_alice_id = bob.add_or_lookup_contact_id(alice).await;
-    assert_eq!(contacts.len(), 1);
-    assert_eq!(contacts[0], bob_alice_id);
-
-    let contacts = Contact::get_all(fiona, 0, None).await?;
-    let fiona_alice_id = fiona.add_or_lookup_contact_id(alice).await;
-    assert_eq!(contacts.len(), 1);
-    assert_eq!(contacts[0], fiona_alice_id);
-
-    // Sending to the group adds new members to the contact list.
-    send_text_msg(bob, bob_chat_id, "hello".to_string()).await?;
-    fiona.recv_msg(&bob.pop_sent_msg().await).await;
-    let contacts = Contact::get_all(bob, 0, None).await?;
-    let bob_fiona_id = bob.add_or_lookup_contact_id(fiona).await;
-    assert_eq!(contacts.len(), 2);
-    assert_eq!(contacts[0], bob_alice_id);
-    assert_eq!(contacts[1], bob_fiona_id);
-    let contacts = Contact::get_all(fiona, 0, None).await?;
-    assert_eq!(contacts.len(), 1);
-    assert_eq!(contacts[0], fiona_alice_id);
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_is_self_addr() -> Result<()> {
    let t = TestContext::new().await;
@@ -327,7 +282,7 @@ async fn test_add_or_lookup() {

    // check SELF
    let contact = Contact::get_by_id(&t, ContactId::SELF).await.unwrap();
-    assert_eq!(contact.get_name(), stock_str::self_msg(&t));
+    assert_eq!(contact.get_name(), stock_str::self_msg(&t).await);
    assert_eq!(contact.get_addr(), "alice@example.org");
    assert!(!contact.is_blocked());
 }
@@ -465,16 +420,12 @@ async fn test_delete() -> Result<()> {
    Contact::delete(&alice, contact_id).await?;
    let contact = Contact::get_by_id(&alice, contact_id).await?;
    assert_eq!(contact.origin, Origin::Hidden);
-
-    // Hidden contacts are found when searching by email address
    assert_eq!(
        Contact::get_all(&alice, 0, Some("bob@example.net"))
            .await?
            .len(),
-        1
+        0
    );
-    // Hidden contacts are not found by a non-address query
-    assert_eq!(Contact::get_all(&alice, 0, Some("bob")).await?.len(), 0);

    // Delete chat.
    chat.get_id().delete(&alice).await?;
@@ -532,7 +483,7 @@ async fn test_delete_and_recreate_contact() -> Result<()> {
        Contact::get_all(&t, 0, Some("bob@example.net"))
            .await?
            .len(),
-        1
+        0
    );

    let contact_id3 = t.add_or_lookup_contact_id(&bob).await;
@@ -890,10 +841,7 @@ Me (alice@example.org):

 bob@example.net (bob@example.net):
 CCCB 5AA9 F6E1 141C 9431
-65F1 DB18 B18C BCF7 0487
-
-Relays:
-bob@example.net"
+65F1 DB18 B18C BCF7 0487"
    );
    let contact = Contact::get_by_id(alice, contact_bob_id).await?;
    assert!(contact.e2ee_avail(alice).await?);
--- a/src/context.rs
+++ b/src/context.rs
@@ -10,7 +10,6 @@ use std::time::Duration;

 use anyhow::{Result, bail, ensure};
 use async_channel::{self as channel, Receiver, Sender};
-use pgp::composed::SignedPublicKey;
 use ratelimit::Ratelimit;
 use tokio::sync::{Mutex, Notify, RwLock};

@@ -20,16 +19,16 @@ use crate::constants::{self, DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT, DC_VERSI
 use crate::contact::{Contact, ContactId};
 use crate::debug_logging::DebugLogging;
 use crate::events::{Event, EventEmitter, EventType, Events};
-use crate::imap::{Imap, ServerMetadata};
+use crate::imap::{FolderMeaning, Imap, ServerMetadata};
 use crate::key::self_fingerprint;
 use crate::log::warn;
 use crate::logged_debug_assert;
 use crate::message::{self, MessageState, MsgId};
-use crate::net::tls::{SpkiHashStore, TlsSessionStore};
+use crate::net::tls::TlsSessionStore;
 use crate::peer_channels::Iroh;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
-use crate::scheduler::{ConnectivityStore, SchedulerState};
+use crate::scheduler::{ConnectivityStore, SchedulerState, convert_folder_meaning};
 use crate::sql::Sql;
 use crate::stock_str::StockStrings;
 use crate::timesmearing::SmearedTimestamp;
@@ -234,6 +233,8 @@ pub struct InnerContext {
    /// This is a global mutex-like state for operations which should be modal in the
    /// clients.
    running_state: RwLock<RunningState>,
+    /// Mutex to avoid generating the key for the user more than once.
+    pub(crate) generating_key_mutex: Mutex<()>,
    /// Mutex to enforce only a single running oauth2 is running.
    pub(crate) oauth2_mutex: Mutex<()>,
    /// Mutex to prevent a race condition when a "your pw is wrong" warning is sent, resulting in multiple messages being sent.
@@ -241,14 +242,6 @@ pub struct InnerContext {
    /// Mutex to prevent running housekeeping from multiple threads at once.
    pub(crate) housekeeping_mutex: Mutex<()>,

-    /// Mutex to prevent multiple IMAP loops from fetching the messages at once.
-    ///
-    /// Without this mutex IMAP loops may waste traffic downloading the same message
-    /// from multiple IMAP servers and create multiple copies of the same message
-    /// in the database if the check for duplicates and creating a message
-    /// happens in separate database transactions.
-    pub(crate) fetch_msgs_mutex: Mutex<()>,
-
    pub(crate) translated_stockstrings: StockStrings,
    pub(crate) events: Events,

@@ -308,13 +301,6 @@ pub struct InnerContext {
    /// TLS session resumption cache.
    pub(crate) tls_session_store: TlsSessionStore,

-    /// Store for TLS SPKI hashes.
-    ///
-    /// Used to remember public keys
-    /// of TLS certificates to accept them
-    /// even after they expire.
-    pub(crate) spki_hash_store: SpkiHashStore,
-
    /// Iroh for realtime peer channels.
    pub(crate) iroh: Arc<RwLock<Option<Iroh>>>,

@@ -323,13 +309,6 @@ pub struct InnerContext {
    /// the standard library's OnceLock is enough, and it's a lot smaller in memory.
    pub(crate) self_fingerprint: OnceLock<String>,

-    /// OpenPGP certificate aka Transferrable Public Key.
-    ///
-    /// It is generated on first use from the secret key stored in the database.
-    ///
-    /// Mutex is also held while generating the key to avoid generating the key twice.
-    pub(crate) self_public_key: Mutex<Option<SignedPublicKey>>,
-
    /// `Connectivity` values for mailboxes, unordered. Used to compute the aggregate connectivity,
    /// see [`Context::get_connectivity()`].
    pub(crate) connectivities: parking_lot::Mutex<Vec<ConnectivityStore>>,
@@ -499,10 +478,10 @@ impl Context {
            running_state: RwLock::new(Default::default()),
            sql: Sql::new(dbfile),
            smeared_timestamp: SmearedTimestamp::new(),
+            generating_key_mutex: Mutex::new(()),
            oauth2_mutex: Mutex::new(()),
            wrong_pw_warning_mutex: Mutex::new(()),
            housekeeping_mutex: Mutex::new(()),
-            fetch_msgs_mutex: Mutex::new(()),
            translated_stockstrings: stockstrings,
            events,
            scheduler: SchedulerState::new(),
@@ -518,10 +497,8 @@ impl Context {
            push_subscriber,
            push_subscribed: AtomicBool::new(false),
            tls_session_store: TlsSessionStore::new(),
-            spki_hash_store: SpkiHashStore::new(),
            iroh: Arc::new(RwLock::new(None)),
            self_fingerprint: OnceLock::new(),
-            self_public_key: Mutex::new(None),
            connectivities: parking_lot::Mutex::new(Vec::new()),
            pre_encrypt_mime_hook: None.into(),
        };
@@ -631,10 +608,17 @@ impl Context {
            let mut session = connection.prepare(self).await?;

            // Fetch IMAP folders.
-            let folder = connection.folder.clone();
-            connection
-                .fetch_move_delete(self, &mut session, &folder)
-                .await?;
+            // Inbox is fetched before Mvbox because fetching from Inbox
+            // may result in moving some messages to Mvbox.
+            for folder_meaning in [FolderMeaning::Inbox, FolderMeaning::Mvbox] {
+                if let Some((_folder_config, watch_folder)) =
+                    convert_folder_meaning(self, folder_meaning).await?
+                {
+                    connection
+                        .fetch_move_delete(self, &mut session, &watch_folder, folder_meaning)
+                        .await?;
+                }
+            }

            // Update quota (to send warning if full) - but only check it once in a while.
            // note: For now this only checks quota of primary transport,
@@ -645,7 +629,7 @@ impl Context {
                    DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT,
                )
                .await
-                && let Err(err) = self.update_recent_quota(&mut session, &folder).await
+                && let Err(err) = self.update_recent_quota(&mut session).await
            {
                warn!(self, "Failed to update quota: {err:#}.");
            }
@@ -843,7 +827,7 @@ impl Context {

    /// Returns information about the context as key-value pairs.
    pub async fn get_info(&self) -> Result<BTreeMap<&'static str, String>> {
-        let all_self_addrs = self.get_all_self_addrs().await?.join(", ");
+        let secondary_addrs = self.get_secondary_self_addrs().await?.join(", ");
        let all_transports: Vec<String> = ConfiguredLoginParam::load_all(self)
            .await?
            .into_iter()
@@ -885,6 +869,23 @@ impl Context {
            Err(err) => format!("<key failure: {err}>"),
        };

+        let mvbox_move = self.get_config_int(Config::MvboxMove).await?;
+        let only_fetch_mvbox = self.get_config_int(Config::OnlyFetchMvbox).await?;
+        let folders_configured = self
+            .sql
+            .get_raw_config_int(constants::DC_FOLDERS_CONFIGURED_KEY)
+            .await?
+            .unwrap_or_default();
+
+        let configured_inbox_folder = self
+            .get_config(Config::ConfiguredInboxFolder)
+            .await?
+            .unwrap_or_else(|| "<unset>".to_string());
+        let configured_mvbox_folder = self
+            .get_config(Config::ConfiguredMvboxFolder)
+            .await?
+            .unwrap_or_else(|| "<unset>".to_string());
+
        let mut res = get_info();

        // insert values
@@ -945,7 +946,11 @@ impl Context {
            }
        }

-        res.insert("all_self_addrs", all_self_addrs);
+        res.insert("secondary_addrs", secondary_addrs);
+        res.insert(
+            "show_emails",
+            self.get_config_int(Config::ShowEmails).await?.to_string(),
+        );
        res.insert(
            "who_can_call_me",
            self.get_config_int(Config::WhoCanCallMe).await?.to_string(),
@@ -956,6 +961,14 @@ impl Context {
                .await?
                .to_string(),
        );
+        res.insert("mvbox_move", mvbox_move.to_string());
+        res.insert("only_fetch_mvbox", only_fetch_mvbox.to_string());
+        res.insert(
+            constants::DC_FOLDERS_CONFIGURED_KEY,
+            folders_configured.to_string(),
+        );
+        res.insert("configured_inbox_folder", configured_inbox_folder);
+        res.insert("configured_mvbox_folder", configured_mvbox_folder);
        res.insert("mdns_enabled", mdns_enabled.to_string());
        res.insert("bcc_self", bcc_self.to_string());
        res.insert("sync_msgs", sync_msgs.to_string());
@@ -991,6 +1004,24 @@ impl Context {
                .await?
                .to_string(),
        );
+        res.insert(
+            "quota_exceeding",
+            self.get_config_int(Config::QuotaExceeding)
+                .await?
+                .to_string(),
+        );
+        res.insert(
+            "authserv_id_candidates",
+            self.get_config(Config::AuthservIdCandidates)
+                .await?
+                .unwrap_or_default(),
+        );
+        res.insert(
+            "sign_unencrypted",
+            self.get_config_int(Config::SignUnencrypted)
+                .await?
+                .to_string(),
+        );
        res.insert(
            "debug_logging",
            self.get_config_int(Config::DebugLogging).await?.to_string(),
@@ -1096,17 +1127,10 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

-    /// (deprecated) Returns a list of messages with database ID higher than requested.
+    /// Returns a list of messages with database ID higher than requested.
    ///
    /// Blocked contacts and chats are excluded,
    /// but self-sent messages and contact requests are included in the results.
-    ///
-    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
-    /// even if it is not fully downloaded yet.
-    /// The bot needs to wait for the message to be fully downloaded.
-    /// Since this is usually not the desired behavior,
-    /// bots should instead use the [`EventType::IncomingMsg`]
-    /// event for getting notified about new messages.
    pub async fn get_next_msgs(&self) -> Result<Vec<MsgId>> {
        let last_msg_id = match self.get_config(Config::LastMsgId).await? {
            Some(s) => MsgId::new(s.parse()?),
@@ -1155,7 +1179,7 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

-    /// (deprecated) Returns a list of messages with database ID higher than last marked as seen.
+    /// Returns a list of messages with database ID higher than last marked as seen.
    ///
    /// This function is supposed to be used by bot to request messages
    /// that are not processed yet.
@@ -1165,13 +1189,6 @@ ORDER BY m.timestamp DESC,m.id DESC",
    /// shortly after notification or notification is manually triggered
    /// to interrupt waiting.
    /// Notification may be manually triggered by calling [`Self::stop_io`].
-    ///
-    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
-    /// even if it is not fully downloaded yet.
-    /// The bot needs to wait for the message to be fully downloaded.
-    /// Since this is usually not the desired behavior,
-    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`EventType::IncomingMsg`]
-    /// event for getting notified about new messages.
    pub async fn wait_next_msgs(&self) -> Result<Vec<MsgId>> {
        self.new_msgs_notify.notified().await;
        let list = self.get_next_msgs().await?;
@@ -1251,6 +1268,12 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

+    /// Returns true if given folder name is the name of the "DeltaChat" folder.
+    pub async fn is_mvbox(&self, folder_name: &str) -> Result<bool> {
+        let mvbox = self.get_config(Config::ConfiguredMvboxFolder).await?;
+        Ok(mvbox.as_deref() == Some(folder_name))
+    }
+
    pub(crate) fn derive_blobdir(dbfile: &Path) -> PathBuf {
        let mut blob_fname = OsString::new();
        blob_fname.push(dbfile.file_name().unwrap_or_default());
--- a/src/context/context_tests.rs
+++ b/src/context/context_tests.rs
@@ -284,6 +284,7 @@ async fn test_get_info_completeness() {
        "send_security",
        "server_flags",
        "skip_start_messages",
+        "smtp_certificate_checks",
        "proxy_url",      // May contain passwords, don't leak it to the logs.
        "socks5_enabled", // SOCKS5 options are deprecated.
        "socks5_host",
@@ -602,7 +603,10 @@ async fn test_get_next_msgs() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_cache_is_cleared_when_io_is_started() -> Result<()> {
    let alice = TestContext::new_alice().await;
-    assert_eq!(alice.get_config(Config::Displayname).await?, None);
+    assert_eq!(
+        alice.get_config(Config::ShowEmails).await?,
+        Some("2".to_string())
+    );

    // Change the config circumventing the cache
    // This simulates what the notification plugin on iOS might do
@@ -610,21 +614,24 @@ async fn test_cache_is_cleared_when_io_is_started() -> Result<()> {
    alice
        .sql
        .execute(
-            "INSERT OR REPLACE INTO config (keyname, value) VALUES ('displayname', 'Alice 2')",
+            "INSERT OR REPLACE INTO config (keyname, value) VALUES ('show_emails', '0')",
            (),
        )
        .await?;

    // Alice's Delta Chat doesn't know about it yet:
-    assert_eq!(alice.get_config(Config::Displayname).await?, None);
+    assert_eq!(
+        alice.get_config(Config::ShowEmails).await?,
+        Some("2".to_string())
+    );

    // Starting IO will fail of course because no server settings are configured,
    // but it should invalidate the caches:
    alice.start_io().await;

    assert_eq!(
-        alice.get_config(Config::Displayname).await?,
-        Some("Alice 2".to_string())
+        alice.get_config(Config::ShowEmails).await?,
+        Some("0".to_string())
    );

    Ok(())
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -4,249 +4,21 @@
 use std::collections::HashSet;
 use std::io::Cursor;

-use anyhow::{Context as _, Result, bail};
+use ::pgp::composed::Message;
+use anyhow::Result;
 use mailparse::ParsedMail;
-use pgp::composed::Esk;
-use pgp::composed::Message;
-use pgp::composed::PlainSessionKey;
-use pgp::composed::SignedSecretKey;
-use pgp::composed::decrypt_session_key_with_password;
-use pgp::packet::SymKeyEncryptedSessionKey;
-use pgp::types::Password;
-use pgp::types::StringToKey;

-use crate::chat::ChatId;
-use crate::constants::Chattype;
-use crate::contact::ContactId;
-use crate::context::Context;
-use crate::key::self_fingerprint;
-use crate::key::{Fingerprint, SignedPublicKey, load_self_secret_keyring};
-use crate::token::Namespace;
+use crate::key::{Fingerprint, SignedPublicKey};
+use crate::pgp;

-/// Tries to decrypt the message,
-/// returning a tuple of `(decrypted message, fingerprint)`.
-///
-/// If the message wasn't encrypted, returns `Ok(None)`.
-///
-/// If the message was asymmetrically encrypted, returns `Ok((decrypted message, None))`.
-///
-/// If the message was symmetrically encrypted, returns `Ok((decrypted message, Some(fingerprint)))`,
-/// where `fingerprint` denotes which contact is allowed to send encrypted with this symmetric secret.
-/// If the message is not signed by `fingerprint`, it must be dropped.
-///
-/// Otherwise, Eve could send a message to Alice
-/// encrypted with the symmetric secret of someone else's broadcast channel.
-/// If Alice sends an answer (or read receipt),
-/// then Eve would know that Alice is in the broadcast channel.
-pub(crate) async fn decrypt(
-    context: &Context,
-    mail: &mailparse::ParsedMail<'_>,
-) -> Result<Option<(Message<'static>, Option<String>)>> {
-    // `pgp::composed::Message` is huge (>4kb), so, make sure that it is in a Box when held over an await point
-    let Some(msg) = get_encrypted_pgp_message_boxed(mail)? else {
-        return Ok(None);
-    };
-    let expected_sender_fingerprint: Option<String>;
-
-    let plain = if let Message::Encrypted { esk, .. } = &*msg
-        // We only allow one ESK for symmetrically encrypted messages
-        // to avoid dealing with messages that are encrypted to multiple symmetric keys
-        // or a mix of symmetric and asymmetric keys:
-        && let [Esk::SymKeyEncryptedSessionKey(esk)] = &esk[..]
-    {
-        check_symmetric_encryption(esk)?;
-        let (psk, fingerprint) = decrypt_session_key_symmetrically(context, esk)
-            .await
-            .context("decrypt_session_key_symmetrically")?;
-        expected_sender_fingerprint = fingerprint;
-
-        tokio::task::spawn_blocking(move || -> Result<Message<'_>> {
-            let plain = msg
-                .decrypt_with_session_key(psk)
-                .context("decrypt_with_session_key")?;
-
-            let plain: Message<'static> = plain.decompress()?;
-            Ok(plain)
-        })
-        .await??
-    } else {
-        // Message is asymmetrically encrypted
-        let secret_keys: Vec<SignedSecretKey> = load_self_secret_keyring(context).await?;
-        expected_sender_fingerprint = None;
-
-        tokio::task::spawn_blocking(move || -> Result<Message<'_>> {
-            let empty_pw = Password::empty();
-            let secret_keys: Vec<&SignedSecretKey> = secret_keys.iter().collect();
-            let plain = msg
-                .decrypt_with_keys(vec![&empty_pw], secret_keys)
-                .context("decrypt_with_keys")?;
-
-            let plain: Message<'static> = plain.decompress()?;
-            Ok(plain)
-        })
-        .await??
-    };
-
-    Ok(Some((plain, expected_sender_fingerprint)))
-}
-
-async fn decrypt_session_key_symmetrically(
-    context: &Context,
-    esk: &SymKeyEncryptedSessionKey,
-) -> Result<(PlainSessionKey, Option<String>)> {
-    let self_fp = self_fingerprint(context).await?;
-    let query_only = true;
-    context
-        .sql
-        .call(query_only, |conn| {
-            // First, try decrypting using AUTH tokens from scanned QR codes, stored in the bobstate,
-            // because usually there will only be 1 or 2 of it, so, it should be fast
-            let res: Option<(PlainSessionKey, String)> = try_decrypt_with_bobstate(esk, conn)?;
-            if let Some((plain_session_key, fingerprint)) = res {
-                return Ok((plain_session_key, Some(fingerprint)));
-            }
-
-            // Then, try decrypting using broadcast secrets
-            let res: Option<(PlainSessionKey, Option<String>)> =
-                try_decrypt_with_broadcast_secret(esk, conn)?;
-            if let Some((plain_session_key, fingerprint)) = res {
-                return Ok((plain_session_key, fingerprint));
-            }
-
-            // Finally, try decrypting using own AUTH tokens
-            // There can be a lot of AUTH tokens,
-            // because a new one is generated every time a QR code is shown
-            let res: Option<PlainSessionKey> = try_decrypt_with_auth_token(esk, conn, self_fp)?;
-            if let Some(plain_session_key) = res {
-                return Ok((plain_session_key, None));
-            }
-
-            bail!("Could not find symmetric secret for session key")
-        })
-        .await
-}
-
-fn try_decrypt_with_bobstate(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, String)>> {
-    let mut stmt = conn.prepare("SELECT invite FROM bobstate")?;
-    let mut rows = stmt.query(())?;
-    while let Some(row) = rows.next()? {
-        let invite: crate::securejoin::QrInvite = row.get(0)?;
-        let authcode = invite.authcode().to_string();
-        let alice_fp = invite.fingerprint().hex();
-        let shared_secret = format!("securejoin/{alice_fp}/{authcode}");
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(shared_secret)) {
-            let fingerprint = invite.fingerprint().hex();
-            return Ok(Some((psk, fingerprint)));
-        }
-    }
-    Ok(None)
-}
-
-fn try_decrypt_with_broadcast_secret(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, Option<String>)>> {
-    let Some((psk, chat_id)) = try_decrypt_with_broadcast_secret_inner(esk, conn)? else {
-        return Ok(None);
-    };
-    let chat_type: Chattype =
-        conn.query_one("SELECT type FROM chats WHERE id=?", (chat_id,), |row| {
-            row.get(0)
-        })?;
-    let fp: Option<String> = if chat_type == Chattype::OutBroadcast {
-        // An attacker who knows the secret will also know who owns it,
-        // and it's easiest code-wise to just return None here.
-        // But we could alternatively return the self fingerprint here
-        None
-    } else if chat_type == Chattype::InBroadcast {
-        let contact_id: ContactId = conn
-            .query_one(
-                "SELECT contact_id FROM chats_contacts WHERE chat_id=? AND contact_id>9",
-                (chat_id,),
-                |row| row.get(0),
-            )
-            .context("Find InBroadcast owner")?;
-        let fp = conn
-            .query_one(
-                "SELECT fingerprint FROM contacts WHERE id=?",
-                (contact_id,),
-                |row| row.get(0),
-            )
-            .context("Find owner fingerprint")?;
-        Some(fp)
-    } else {
-        bail!("Chat {chat_id} is not a broadcast but {chat_type}")
-    };
-    Ok(Some((psk, fp)))
-}
-
-fn try_decrypt_with_broadcast_secret_inner(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-) -> Result<Option<(PlainSessionKey, ChatId)>> {
-    let mut stmt = conn.prepare("SELECT secret, chat_id FROM broadcast_secrets")?;
-    let mut rows = stmt.query(())?;
-    while let Some(row) = rows.next()? {
-        let secret: String = row.get(0)?;
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(secret)) {
-            let chat_id: ChatId = row.get(1)?;
-            return Ok(Some((psk, chat_id)));
-        }
-    }
-    Ok(None)
-}
-
-fn try_decrypt_with_auth_token(
-    esk: &SymKeyEncryptedSessionKey,
-    conn: &mut rusqlite::Connection,
-    self_fingerprint: &str,
-) -> Result<Option<PlainSessionKey>> {
-    // ORDER BY id DESC to query the most-recently saved tokens are returned first.
-    // This improves performance when Bob scans a QR code that was just created.
-    let mut stmt = conn.prepare("SELECT token FROM tokens WHERE namespc=? ORDER BY id DESC")?;
-    let mut rows = stmt.query((Namespace::Auth,))?;
-    while let Some(row) = rows.next()? {
-        let token: String = row.get(0)?;
-        let shared_secret = format!("securejoin/{self_fingerprint}/{token}");
-        if let Ok(psk) = decrypt_session_key_with_password(esk, &Password::from(shared_secret)) {
-            return Ok(Some(psk));
-        }
-    }
-    Ok(None)
-}
-
-/// Returns Ok(()) if we want to try symmetrically decrypting the message,
-/// and Err with a reason if symmetric decryption should not be tried.
-///
-/// A DoS attacker could send a message with a lot of encrypted session keys,
-/// all of which use a very hard-to-compute string2key algorithm.
-/// We would then try to decrypt all of the encrypted session keys
-/// with all of the known shared secrets.
-/// In order to prevent this, we do not try to symmetrically decrypt messages
-/// that use a string2key algorithm other than 'Salted'.
-pub(crate) fn check_symmetric_encryption(esk: &SymKeyEncryptedSessionKey) -> Result<()> {
-    match esk.s2k() {
-        Some(StringToKey::Salted { .. }) => Ok(()),
-        _ => bail!("unsupported string2key algorithm"),
-    }
-}
-
-/// Turns a [`ParsedMail`] into [`pgp::composed::Message`].
-/// [`pgp::composed::Message`] is huge (over 4kb),
-/// so, it is put on the heap using [`Box`].
-pub fn get_encrypted_pgp_message_boxed<'a>(
-    mail: &'a ParsedMail<'a>,
-) -> Result<Option<Box<Message<'static>>>> {
+pub fn get_encrypted_pgp_message<'a>(mail: &'a ParsedMail<'a>) -> Result<Option<Message<'static>>> {
    let Some(encrypted_data_part) = get_encrypted_mime(mail) else {
        return Ok(None);
    };
    let data = encrypted_data_part.get_body_raw()?;
    let cursor = Cursor::new(data);
    let (msg, _headers) = Message::from_armor(cursor)?;
-    Ok(Some(Box::new(msg)))
+    Ok(Some(msg))
 }

 /// Returns a reference to the encrypted payload of a message.
@@ -353,10 +125,8 @@ pub(crate) fn validate_detached_signature<'a, 'b>(
        // First part is the content, second part is the signature.
        let content = first_part.raw_bytes;
        let ret_valid_signatures = match second_part.get_body_raw() {
-            Ok(signature) => {
-                crate::pgp::pk_validate(content, &signature, public_keyring_for_validate)
-                    .unwrap_or_default()
-            }
+            Ok(signature) => pgp::pk_validate(content, &signature, public_keyring_for_validate)
+                .unwrap_or_default(),
            Err(_) => Default::default(),
        };
        Some((first_part, ret_valid_signatures))
--- a/src/dehtml.rs
+++ b/src/dehtml.rs
@@ -266,11 +266,15 @@ fn dehtml_endtag_cb(event: &BytesEnd, dehtml: &mut Dehtml) {
                }
            }
        }
-        "b" | "strong" if dehtml.get_add_text() != AddText::No => {
-            *dehtml.get_buf() += "*";
+        "b" | "strong" => {
+            if dehtml.get_add_text() != AddText::No {
+                *dehtml.get_buf() += "*";
+            }
        }
-        "i" | "em" if dehtml.get_add_text() != AddText::No => {
-            *dehtml.get_buf() += "_";
+        "i" | "em" => {
+            if dehtml.get_add_text() != AddText::No {
+                *dehtml.get_buf() += "_";
+            }
        }
        "blockquote" => pop_tag(&mut dehtml.blockquotes_since_blockquote),
        _ => {}
@@ -337,11 +341,15 @@ fn dehtml_starttag_cb<B: std::io::BufRead>(
                }
            }
        }
-        "b" | "strong" if dehtml.get_add_text() != AddText::No => {
-            *dehtml.get_buf() += "*";
+        "b" | "strong" => {
+            if dehtml.get_add_text() != AddText::No {
+                *dehtml.get_buf() += "*";
+            }
        }
-        "i" | "em" if dehtml.get_add_text() != AddText::No => {
-            *dehtml.get_buf() += "_";
+        "i" | "em" => {
+            if dehtml.get_add_text() != AddText::No {
+                *dehtml.get_buf() += "_";
+            }
        }
        "blockquote" => dehtml.blockquotes_since_blockquote += 1,
        _ => {}
--- a/src/download.rs
+++ b/src/download.rs
@@ -165,7 +165,6 @@ pub(crate) async fn download_msg(

    let Some((server_uid, server_folder, msg_transport_id)) = row else {
        // No IMAP record found, we don't know the UID and folder.
-        delete_from_available_post_msgs(context, &rfc724_mid).await?;
        return Err(anyhow!(
            "IMAP location for {rfc724_mid:?} post-message is unknown"
        ));
@@ -173,7 +172,9 @@ pub(crate) async fn download_msg(
    if msg_transport_id != transport_id {
        return Ok(None);
    }
-    Box::pin(session.fetch_single_msg(context, &server_folder, server_uid, rfc724_mid)).await?;
+    session
+        .fetch_single_msg(context, &server_folder, server_uid, rfc724_mid)
+        .await?;
    Ok(Some(()))
 }

@@ -202,11 +203,8 @@ impl Session {
        let mut uid_message_ids: BTreeMap<u32, String> = BTreeMap::new();
        uid_message_ids.insert(uid, rfc724_mid);
        let (sender, receiver) = async_channel::unbounded();
-        {
-            let _fetch_msgs_lock_guard = context.fetch_msgs_mutex.lock().await;
-            self.fetch_many_msgs(context, folder, vec![uid], &uid_message_ids, sender)
-                .await?;
-        }
+        self.fetch_many_msgs(context, folder, vec![uid], &uid_message_ids, sender)
+            .await?;
        if receiver.recv().await.is_err() {
            bail!("Failed to fetch UID {uid}");
        }
@@ -328,25 +326,22 @@ pub(crate) async fn download_known_post_messages_without_pre_message(
        })
        .await?;
    for rfc724_mid in &rfc724_mids {
-        if msg_is_downloaded_for(context, rfc724_mid).await? {
-            delete_from_available_post_msgs(context, rfc724_mid).await?;
-            continue;
-        }
-
-        // Download the Post-Message unconditionally,
-        // because the Pre-Message got lost.
-        // The message may be in the wrong order,
-        // but at least we have it at all.
-        let res = download_msg(context, rfc724_mid.clone(), session).await;
-        if let Ok(Some(())) = res {
-            delete_from_available_post_msgs(context, rfc724_mid).await?;
-        }
-        if let Err(err) = res {
-            warn!(
-                context,
-                "download_known_post_messages_without_pre_message: Failed to download message rfc724_mid={rfc724_mid}: {:#}.",
-                err
-            );
+        if !msg_is_downloaded_for(context, rfc724_mid).await? {
+            // Download the Post-Message unconditionally,
+            // because the Pre-Message got lost.
+            // The message may be in the wrong order,
+            // but at least we have it at all.
+            let res = download_msg(context, rfc724_mid.clone(), session).await;
+            if let Ok(Some(())) = res {
+                delete_from_available_post_msgs(context, rfc724_mid).await?;
+            }
+            if let Err(err) = res {
+                warn!(
+                    context,
+                    "download_known_post_messages_without_pre_message: Failed to download message rfc724_mid={rfc724_mid}: {:#}.",
+                    err
+                );
+            }
        }
    }
    Ok(())
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -40,6 +40,7 @@ impl EncryptHelper {
        keyring: Vec<SignedPublicKey>,
        mail_to_encrypt: MimePart<'static>,
        compress: bool,
+        anonymous_recipients: bool,
        seipd_version: SeipdVersion,
    ) -> Result<String> {
        let sign_key = load_self_secret_key(context).await?;
@@ -48,8 +49,15 @@ impl EncryptHelper {
        let cursor = Cursor::new(&mut raw_message);
        mail_to_encrypt.clone().write_part(cursor).ok();

-        let ctext =
-            pgp::pk_encrypt(raw_message, keyring, sign_key, compress, seipd_version).await?;
+        let ctext = pgp::pk_encrypt(
+            raw_message,
+            keyring,
+            sign_key,
+            compress,
+            anonymous_recipients,
+            seipd_version,
+        )
+        .await?;

        Ok(ctext)
    }
@@ -79,6 +87,16 @@ impl EncryptHelper {

        Ok(ctext)
    }
+
+    /// Signs the passed-in `mail` using the private key from `context`.
+    /// Returns the payload and the signature.
+    pub async fn sign(self, context: &Context, mail: &MimePart<'static>) -> Result<String> {
+        let sign_key = load_self_secret_key(context).await?;
+        let mut buffer = Vec::new();
+        mail.clone().write_part(&mut buffer)?;
+        let signature = pgp::pk_calc_signature(buffer, &sign_key)?;
+        Ok(signature)
+    }
 }

 /// Ensures a private key exists for the configured user.
--- a/src/events/chatlist_events.rs
+++ b/src/events/chatlist_events.rs
@@ -89,9 +89,13 @@ mod test_chatlist_events {
            .get_matching(|evt| match evt {
                EventType::ChatlistItemChanged {
                    chat_id: Some(ev_chat_id),
-                } if ev_chat_id == &chat_id => {
-                    first_event_is_item.store(true, Ordering::Relaxed);
-                    true
+                } => {
+                    if ev_chat_id == &chat_id {
+                        first_event_is_item.store(true, Ordering::Relaxed);
+                        true
+                    } else {
+                        false
+                    }
                }
                EventType::ChatlistChanged => true,
                _ => false,
--- a/src/events/payload.rs
+++ b/src/events/payload.rs
@@ -57,7 +57,7 @@ pub enum EventType {
    /// should not be disturbed by a dialog or so.  Instead, use a bubble or so.
    ///
    /// However, for ongoing processes (eg. configure())
-    /// or for functions that are expected to fail
+    /// or for functions that are expected to fail (eg. dc_continue_key_transfer())
    /// it might be better to delay showing these events until the function has really
    /// failed (returned false). It should be sufficient to report only the *last* error
    /// in a message box then.
@@ -171,14 +171,19 @@ pub enum EventType {
        msg_id: MsgId,
    },

-    /// A single message is read by the receiver. State changed from DC_STATE_OUT_DELIVERED to
-    /// DC_STATE_OUT_MDN_RCVD, see dc_msg_get_state().
+    /// A single message is read by a receiver.
    MsgRead {
        /// ID of the chat which the message belongs to.
        chat_id: ChatId,

        /// ID of the message that was read.
        msg_id: MsgId,
+
+        /// Read for the first time (e.g. by just one group member
+        /// / channel subscriber).
+        /// State changed from DC_STATE_OUT_DELIVERED to
+        /// DC_STATE_OUT_MDN_RCVD, see dc_msg_get_state().
+        first_time: bool,
    },

    /// A single message was deleted.
@@ -234,7 +239,8 @@ pub enum EventType {
    /// Location of one or more contact has changed.
    ///
    /// @param data1 (u32) contact_id of the contact for which the location has changed.
-    ///     If the locations of several contacts have been changed, this parameter is set to `None`.
+    ///     If the locations of several contacts have been changed,
+    ///     eg. after calling dc_delete_all_locations(), this parameter is set to `None`.
    LocationChanged(Option<ContactId>),

    /// Inform about the configuration progress started by configure().
@@ -396,8 +402,6 @@ pub enum EventType {
        msg_id: MsgId,
        /// ID of the chat which the message belongs to.
        chat_id: ChatId,
-        /// The call was accepted from this device (process).
-        from_this_device: bool,
    },

    /// Outgoing call accepted.
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -125,6 +125,7 @@ pub enum HeaderDef {
    /// [Autocrypt](https://autocrypt.org/) header.
    Autocrypt,
    AutocryptGossip,
+    AutocryptSetupMessage,
    SecureJoin,

    /// Deprecated header containing Group-ID in `vg-request-with-auth` message.
@@ -207,10 +208,10 @@ mod tests {
    /// Test that headers are parsed case-insensitively
    fn test_get_header_value_case() {
        let (headers, _) =
-            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-GoSsIp: fooBaR").unwrap();
+            mailparse::parse_headers(b"fRoM: Bob\naUtoCryPt-SeTup-MessAge: v99").unwrap();
        assert_eq!(
-            headers.get_header_value(HeaderDef::AutocryptGossip),
-            Some("fooBaR".to_string())
+            headers.get_header_value(HeaderDef::AutocryptSetupMessage),
+            Some("v99".to_string())
        );
        assert_eq!(
            headers.get_header_value(HeaderDef::From_),
--- a/src/html.rs
+++ b/src/html.rs
@@ -86,7 +86,8 @@ impl HtmlMsgParser {
    /// Function takes a raw mime-message string,
    /// searches for the main-text part
    /// and returns that as parser.html
-    pub fn from_bytes<'a>(
+    #[expect(clippy::arithmetic_side_effects)]
+    pub async fn from_bytes<'a>(
        context: &Context,
        rawmime: &'a [u8],
    ) -> Result<(Self, mailparse::ParsedMail<'a>)> {
@@ -98,14 +99,14 @@ impl HtmlMsgParser {

        let parsedmail = mailparse::parse_mail(rawmime).context("Failed to parse mail")?;

-        parser.collect_texts_recursive(context, &parsedmail)?;
+        parser.collect_texts_recursive(context, &parsedmail).await?;

        if parser.html.is_empty() {
            if let Some(plain) = &parser.plain {
                parser.html = plain.to_html();
            }
        } else {
-            parser.cid_to_data_recursive(context, &parsedmail)?;
+            parser.cid_to_data_recursive(context, &parsedmail).await?;
        }
        parser.html += &mem::take(&mut parser.msg_html);
        Ok((parser, parsedmail))
@@ -119,7 +120,8 @@ impl HtmlMsgParser {
    /// Usually, there is at most one plain-text and one HTML-text part,
    /// multiple plain-text parts might be used for mailinglist-footers,
    /// therefore we use the first one.
-    fn collect_texts_recursive<'a>(
+    #[expect(clippy::arithmetic_side_effects)]
+    async fn collect_texts_recursive<'a>(
        &'a mut self,
        context: &'a Context,
        mail: &'a mailparse::ParsedMail<'a>,
@@ -127,7 +129,7 @@ impl HtmlMsgParser {
        match get_mime_multipart_type(&mail.ctype) {
            MimeMultipartType::Multiple => {
                for cur_data in &mail.subparts {
-                    self.collect_texts_recursive(context, cur_data)?
+                    Box::pin(self.collect_texts_recursive(context, cur_data)).await?
                }
                Ok(())
            }
@@ -136,7 +138,7 @@ impl HtmlMsgParser {
                if raw.is_empty() {
                    return Ok(());
                }
-                let (parser, mail) = HtmlMsgParser::from_bytes(context, &raw)?;
+                let (parser, mail) = Box::pin(HtmlMsgParser::from_bytes(context, &raw)).await?;
                if !parser.html.is_empty() {
                    let mut text = "\r\n\r\n".to_string();
                    for h in mail.headers {
@@ -199,7 +201,7 @@ impl HtmlMsgParser {

    /// Replace cid:-protocol by the data:-protocol where appropriate.
    /// This allows the final html-file to be self-contained.
-    fn cid_to_data_recursive<'a>(
+    async fn cid_to_data_recursive<'a>(
        &'a mut self,
        context: &'a Context,
        mail: &'a mailparse::ParsedMail<'a>,
@@ -207,7 +209,7 @@ impl HtmlMsgParser {
        match get_mime_multipart_type(&mail.ctype) {
            MimeMultipartType::Multiple => {
                for cur_data in &mail.subparts {
-                    self.cid_to_data_recursive(context, cur_data)?;
+                    Box::pin(self.cid_to_data_recursive(context, cur_data)).await?;
                }
                Ok(())
            }
@@ -269,7 +271,7 @@ impl MsgId {

        let rawmime = rawmime?;
        if !rawmime.is_empty() {
-            match HtmlMsgParser::from_bytes(context, &rawmime) {
+            match HtmlMsgParser::from_bytes(context, &rawmime).await {
                Err(err) => {
                    warn!(context, "get_html: parser error: {:#}", err);
                    Ok(None)
@@ -287,6 +289,7 @@ impl MsgId {
 mod tests {
    use super::*;
    use crate::chat::{self, Chat, forward_msgs, save_msgs};
+    use crate::config::Config;
    use crate::constants;
    use crate::contact::ContactId;
    use crate::message::{MessengerMessage, Viewtype};
@@ -297,7 +300,7 @@ mod tests {
    async fn test_htmlparse_plain_unspecified() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_unspecified.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -315,7 +318,7 @@ This message does not have Content-Type nor Subject.<br/>
    async fn test_htmlparse_plain_iso88591() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_iso88591.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -333,7 +336,7 @@ message with a non-UTF-8 encoding: äöüßÄÖÜ<br/>
    async fn test_htmlparse_plain_flowed() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_flowed.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert!(parser.plain.unwrap().flowed);
        assert_eq!(
            parser.html,
@@ -355,7 +358,7 @@ and will be wrapped as usual.<br/>
    async fn test_htmlparse_alt_plain() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_plain.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -375,7 +378,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();

        // on windows, `\r\n` linends are returned from mimeparser,
        // however, rust multiline-strings use just `\n`;
@@ -393,7 +396,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_alt_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert_eq!(
            parser.html.replace('\r', ""), // see comment in test_htmlparse_html()
            r##"<html>
@@ -407,7 +410,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_alt_plain_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_plain_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert_eq!(
            parser.html.replace('\r', ""), // see comment in test_htmlparse_html()
            r##"<html>
@@ -431,7 +434,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
        assert!(test.find("data:").is_none());

        // parsing converts cid: to data:
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
        assert!(parser.html.contains("<html>"));
        assert!(!parser.html.contains("Content-Id:"));
        assert!(parser.html.contains("data:image/jpeg;base64,/9j/4AAQ"));
@@ -554,7 +557,13 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_html_forwarding_encrypted() {
        let mut tcm = TestContextManager::new();
        // Alice receives a non-delta html-message
+        // (`ShowEmails=AcceptedContacts` lets Alice actually receive non-delta messages for known
+        // contacts, the contact is marked as known by creating a chat using `chat_with_contact()`)
        let alice = &tcm.alice().await;
+        alice
+            .set_config(Config::ShowEmails, Some("1"))
+            .await
+            .unwrap();
        let chat = alice
            .create_chat_with_contact("", "sender@testrun.org")
            .await;
@@ -572,6 +581,10 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x

        // receive the message on another device
        let alice = &tcm.alice().await;
+        alice
+            .set_config(Config::ShowEmails, Some("0"))
+            .await
+            .unwrap();
        let msg = alice.recv_msg(&msg).await;
        assert_eq!(msg.chat_id, alice.get_self_chat().await.id);
        assert_eq!(msg.get_from_id(), ContactId::SELF);
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -27,14 +27,13 @@ use crate::calls::{
 use crate::chat::{self, ChatId, ChatIdBlocked, add_device_msg};
 use crate::chatlist_events;
 use crate::config::Config;
-use crate::constants::{Blocked, DC_VERSION_STR};
+use crate::constants::{self, Blocked, DC_VERSION_STR};
 use crate::contact::ContactId;
 use crate::context::Context;
-use crate::ensure_and_debug_assert;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
 use crate::log::{LogExt, warn};
-use crate::message::{self, Message, MessageState, MsgId};
+use crate::message::{self, Message, MessageState, MessengerMessage, MsgId};
 use crate::mimeparser;
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionStream;
@@ -92,9 +91,6 @@ pub(crate) struct Imap {

    oauth2: bool,

-    /// Watched folder.
-    pub(crate) folder: String,
-
    authentication_failed_once: bool,

    pub(crate) connectivity: ConnectivityStore,
@@ -166,6 +162,7 @@ pub enum FolderMeaning {
    /// Spam folder.
    Spam,
    Inbox,
+    Mvbox,
    Trash,

    /// Virtual folders.
@@ -177,6 +174,19 @@ pub enum FolderMeaning {
    Virtual,
 }

+impl FolderMeaning {
+    pub fn to_config(self) -> Option<Config> {
+        match self {
+            FolderMeaning::Unknown => None,
+            FolderMeaning::Spam => None,
+            FolderMeaning::Inbox => Some(Config::ConfiguredInboxFolder),
+            FolderMeaning::Mvbox => Some(Config::ConfiguredMvboxFolder),
+            FolderMeaning::Trash => None,
+            FolderMeaning::Virtual => None,
+        }
+    }
+}
+
 struct UidGrouper<T: Iterator<Item = (i64, u32, String)>> {
    inner: Peekable<T>,
 }
@@ -253,11 +263,6 @@ impl Imap {
        let addr = &param.addr;
        let strict_tls = param.strict_tls(proxy_config.is_some());
        let oauth2 = param.oauth2;
-        let folder = param
-            .imap_folder
-            .clone()
-            .unwrap_or_else(|| "INBOX".to_string());
-        ensure_and_debug_assert!(!folder.is_empty(), "Watched folder name cannot be empty");
        let (resync_request_sender, resync_request_receiver) = async_channel::bounded(1);
        Ok(Imap {
            transport_id,
@@ -268,7 +273,6 @@ impl Imap {
            proxy_config,
            strict_tls,
            oauth2,
-            folder,
            authentication_failed_once: false,
            connectivity: Default::default(),
            conn_last_try: UNIX_EPOCH,
@@ -292,11 +296,6 @@ impl Imap {
        Ok(imap)
    }

-    /// Returns transport ID of the IMAP client.
-    pub fn transport_id(&self) -> u32 {
-        self.transport_id
-    }
-
    /// Connects to IMAP server and returns a new IMAP session.
    ///
    /// Calling this function is not enough to perform IMAP operations. Use [`Imap::prepare`]
@@ -438,7 +437,7 @@ impl Imap {

                Err(err) => {
                    let imap_user = lp.user.to_owned();
-                    let message = stock_str::cannot_login(context, &imap_user);
+                    let message = stock_str::cannot_login(context, &imap_user).await;

                    warn!(context, "IMAP failed to login: {err:#}.");
                    first_error.get_or_insert(format_err!("{message} ({err:#})"));
@@ -486,14 +485,22 @@ impl Imap {
    /// that folders are created and IMAP capabilities are determined.
    pub(crate) async fn prepare(&mut self, context: &Context) -> Result<Session> {
        let configuring = false;
-        let session = match self.connect(context, configuring).await {
+        let mut session = match self.connect(context, configuring).await {
            Ok(session) => session,
            Err(err) => {
-                self.connectivity.set_err(context, format!("{err:#}"));
+                self.connectivity.set_err(context, &err);
                return Err(err);
            }
        };

+        let folders_configured = context
+            .sql
+            .get_raw_config_int(constants::DC_FOLDERS_CONFIGURED_KEY)
+            .await?;
+        if folders_configured.unwrap_or_default() < constants::DC_FOLDERS_CONFIGURED_VERSION {
+            self.configure_folders(context, &mut session).await?;
+        }
+
        Ok(session)
    }

@@ -506,15 +513,15 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        watch_folder: &str,
+        folder_meaning: FolderMeaning,
    ) -> Result<()> {
-        ensure_and_debug_assert!(!watch_folder.is_empty(), "Watched folder cannot be empty");
        if !context.sql.is_open().await {
            // probably shutdown
            bail!("IMAP operation attempted while it is torn down");
        }

        let msgs_fetched = self
-            .fetch_new_messages(context, session, watch_folder)
+            .fetch_new_messages(context, session, watch_folder, folder_meaning)
            .await
            .context("fetch_new_messages")?;
        if msgs_fetched && context.get_config_delete_device_after().await?.is_some() {
@@ -542,33 +549,33 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        folder: &str,
+        folder_meaning: FolderMeaning,
    ) -> Result<bool> {
-        let transport_id = session.transport_id();
+        if should_ignore_folder(context, folder, folder_meaning).await? {
+            info!(context, "Not fetching from {folder:?}.");
+            session.new_mail = false;
+            return Ok(false);
+        }

        let folder_exists = session
            .select_with_uidvalidity(context, folder)
            .await
            .with_context(|| format!("Failed to select folder {folder:?}"))?;
-
-        if !session.new_mail {
-            info!(
-                context,
-                "Transport {transport_id}: No new emails in folder {folder:?}."
-            );
-            return Ok(false);
-        }
-        // Make sure not to return before setting new_mail to false
-        // Otherwise, we will skip IDLE and go into an infinite loop
-        session.new_mail = false;
-
        if !folder_exists {
            return Ok(false);
        }

+        if !session.new_mail {
+            info!(context, "No new emails in folder {folder:?}.");
+            return Ok(false);
+        }
+        session.new_mail = false;
+
        let mut read_cnt = 0;
        loop {
-            let (n, fetch_more) =
-                Box::pin(self.fetch_new_msg_batch(context, session, folder)).await?;
+            let (n, fetch_more) = self
+                .fetch_new_msg_batch(context, session, folder, folder_meaning)
+                .await?;
            read_cnt += n;
            if !fetch_more {
                return Ok(read_cnt > 0);
@@ -583,6 +590,7 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        folder: &str,
+        folder_meaning: FolderMeaning,
    ) -> Result<(usize, bool)> {
        let transport_id = self.transport_id;
        let uid_validity = get_uidvalidity(context, transport_id, folder).await?;
@@ -598,7 +606,6 @@ impl Imap {
            .await
            .context("prefetch")?;
        let read_cnt = msgs.len();
-        let _fetch_msgs_lock_guard = context.fetch_msgs_mutex.lock().await;

        let mut uids_fetch: Vec<u32> = Vec::new();
        let mut available_post_msgs: Vec<String> = Vec::new();
@@ -652,7 +659,13 @@ impl Imap {
                info!(context, "Deleting locally deleted message {message_id}.");
            }

-            let target = if delete { "" } else { folder };
+            let _target;
+            let target = if delete {
+                ""
+            } else {
+                _target = target_folder(context, folder, folder_meaning, &headers).await?;
+                &_target
+            };

            context
                .sql
@@ -680,9 +693,18 @@ impl Imap {
            // message, move it to the movebox and then download the second message before
            // downloading the first one, if downloading from inbox before moving is allowed.
            if folder == target
-                && prefetch_should_download(context, &headers, &message_id, fetch_response.flags())
-                    .await
-                    .context("prefetch_should_download")?
+                // Never download messages directly from the spam folder.
+                // If the sender is known, the message will be moved to the Inbox or Mvbox
+                // and then we download the message from there.
+                // Also see `spam_target_folder_cfg()`.
+                && folder_meaning != FolderMeaning::Spam
+                && prefetch_should_download(
+                    context,
+                    &headers,
+                    &message_id,
+                    fetch_response.flags(),
+                )
+                .await.context("prefetch_should_download")?
            {
                if headers
                    .get_header_value(HeaderDef::ChatIsPostMessage)
@@ -691,19 +713,10 @@ impl Imap {
                    info!(context, "{message_id:?} is a post-message.");
                    available_post_msgs.push(message_id.clone());

-                    let is_bot = context.get_config_bool(Config::Bot).await?;
-                    if is_bot && download_limit.is_none_or(|download_limit| size <= download_limit)
-                    {
-                        uids_fetch.push(uid);
-                        uid_message_ids.insert(uid, message_id);
-                    } else {
-                        if download_limit.is_none_or(|download_limit| size <= download_limit) {
-                            // Download later after all the small messages are downloaded,
-                            // so that large messages don't delay receiving small messages
-                            download_later.push(message_id.clone());
-                        }
-                        largest_uid_skipped = Some(uid);
+                    if download_limit.is_none_or(|download_limit| size <= download_limit) {
+                        download_later.push(message_id.clone());
                    }
+                    largest_uid_skipped = Some(uid);
                } else {
                    info!(context, "{message_id:?} is not a post-message.");
                    if download_limit.is_none_or(|download_limit| size <= download_limit) {
@@ -1073,22 +1086,15 @@ impl Session {
            return Ok(());
        }

-        context
-            .sql
-            .execute(
-                "DELETE FROM imap_markseen WHERE id NOT IN (SELECT imap.id FROM imap)",
-                (),
-            )
-            .await?;
-
        let transport_id = self.transport_id();
-        let mut rows = context
+        let rows = context
            .sql
            .query_map_vec(
                "SELECT imap.id, uid, folder FROM imap, imap_markseen
                 WHERE imap.id = imap_markseen.id
                 AND imap.transport_id=?
-                 AND target = folder",
+                 AND target = folder
+                 ORDER BY folder, uid",
                (transport_id,),
                |row| {
                    let rowid: i64 = row.get(0)?;
@@ -1099,16 +1105,6 @@ impl Session {
            )
            .await?;

-        // Number of SQL results is expected to be low as
-        // we usually don't have many messages to mark on IMAP at once.
-        // We are sorting outside of SQL to avoid SQLite constructing a query plan
-        // that scans the whole `imap` table. Scanning `imap_markseen` is fine
-        // as it should not have many items.
-        // If you change the SQL query, test it with `EXPLAIN QUERY PLAN`.
-        rows.sort_unstable_by(|(_rowid1, uid1, folder1), (_rowid2, uid2, folder2)| {
-            (folder1, uid1).cmp(&(folder2, uid2))
-        });
-
        for (folder, rowid_set, uid_set) in UidGrouper::from(rows) {
            let folder_exists = match self.select_with_uidvalidity(context, &folder).await {
                Err(err) => {
@@ -1240,7 +1236,6 @@ impl Session {
            // have been modified while our request was in progress.
            // We may or may not have these new flags as a part of the response,
            // so better skip next IDLE and do another round of flag synchronization.
-            info!(context, "Got unsolicited fetch, will skip idle");
            self.new_mail = true;
        }

@@ -1566,18 +1561,11 @@ impl Session {
            return Ok(());
        }

-        let transport_id = self.transport_id();
-
        let Some(device_token) = context.push_subscriber.device_token().await else {
            return Ok(());
        };

        if self.can_metadata() && self.can_push() {
-            info!(
-                context,
-                "Transport {transport_id}: Subscribing for push notifications."
-            );
-
            let old_encrypted_device_token =
                context.get_config(Config::EncryptedDeviceToken).await?;

@@ -1632,8 +1620,13 @@ impl Session {
            // Store new encrypted device token on the server
            // even if it is the same as the old one.
            if let Some(encrypted_device_token) = new_encrypted_device_token {
+                let folder = context
+                    .get_config(Config::ConfiguredInboxFolder)
+                    .await?
+                    .context("INBOX is not configured")?;
+
                self.run_command_and_check_ok(&format_setmetadata(
-                    "INBOX",
+                    &folder,
                    &encrypted_device_token,
                ))
                .await
@@ -1678,6 +1671,117 @@ impl Session {
        }
        Ok(())
    }
+
+    /// Attempts to configure mvbox.
+    ///
+    /// Tries to find any folder examining `folders` in the order they go.
+    /// This method does not use LIST command to ensure that
+    /// configuration works even if mailbox lookup is forbidden via Access Control List (see
+    /// <https://datatracker.ietf.org/doc/html/rfc4314>).
+    ///
+    /// Returns first found folder name.
+    async fn configure_mvbox<'a>(
+        &mut self,
+        context: &Context,
+        folders: &[&'a str],
+    ) -> Result<Option<&'a str>> {
+        // Close currently selected folder if needed.
+        // We are going to select folders using low-level EXAMINE operations below.
+        self.maybe_close_folder(context).await?;
+
+        for folder in folders {
+            info!(context, "Looking for MVBOX-folder \"{}\"...", &folder);
+            let res = self.examine(&folder).await;
+            if res.is_ok() {
+                info!(
+                    context,
+                    "MVBOX-folder {:?} successfully selected, using it.", &folder
+                );
+                self.close().await?;
+                // Before moving emails to the mvbox we need to remember its UIDVALIDITY, otherwise
+                // emails moved before that wouldn't be fetched but considered "old" instead.
+                let folder_exists = self.select_with_uidvalidity(context, folder).await?;
+                ensure!(folder_exists, "No MVBOX folder {:?}??", &folder);
+                return Ok(Some(folder));
+            }
+        }
+
+        Ok(None)
+    }
+}
+
+impl Imap {
+    pub(crate) async fn configure_folders(
+        &mut self,
+        context: &Context,
+        session: &mut Session,
+    ) -> Result<()> {
+        let mut folders = session
+            .list(Some(""), Some("*"))
+            .await
+            .context("list_folders failed")?;
+        let mut delimiter = ".".to_string();
+        let mut delimiter_is_default = true;
+        let mut folder_configs = BTreeMap::new();
+
+        while let Some(folder) = folders.try_next().await? {
+            info!(context, "Scanning folder: {:?}", folder);
+
+            // Update the delimiter iff there is a different one, but only once.
+            if let Some(d) = folder.delimiter()
+                && delimiter_is_default
+                && !d.is_empty()
+                && delimiter != d
+            {
+                delimiter = d.to_string();
+                delimiter_is_default = false;
+            }
+
+            let folder_meaning = get_folder_meaning_by_attrs(folder.attributes());
+            let folder_name_meaning = get_folder_meaning_by_name(folder.name());
+            if let Some(config) = folder_meaning.to_config() {
+                // Always takes precedence
+                folder_configs.insert(config, folder.name().to_string());
+            } else if let Some(config) = folder_name_meaning.to_config() {
+                // only set if none has been already set
+                folder_configs
+                    .entry(config)
+                    .or_insert_with(|| folder.name().to_string());
+            }
+        }
+        drop(folders);
+
+        info!(context, "Using \"{}\" as folder-delimiter.", delimiter);
+
+        let fallback_folder = format!("INBOX{delimiter}DeltaChat");
+        let mvbox_folder = session
+            .configure_mvbox(context, &["DeltaChat", &fallback_folder])
+            .await
+            .context("failed to configure mvbox")?;
+
+        context
+            .set_config_internal(Config::ConfiguredInboxFolder, Some("INBOX"))
+            .await?;
+        if let Some(mvbox_folder) = mvbox_folder {
+            info!(context, "Setting MVBOX FOLDER TO {}", &mvbox_folder);
+            context
+                .set_config_internal(Config::ConfiguredMvboxFolder, Some(mvbox_folder))
+                .await?;
+        }
+        for (config, name) in folder_configs {
+            context.set_config_internal(config, Some(&name)).await?;
+        }
+        context
+            .sql
+            .set_raw_config_int(
+                constants::DC_FOLDERS_CONFIGURED_KEY,
+                constants::DC_FOLDERS_CONFIGURED_VERSION,
+            )
+            .await?;
+
+        info!(context, "FINISHED configuring IMAP-folders.");
+        Ok(())
+    }
 }

 impl Session {
@@ -1811,7 +1915,15 @@ async fn spam_target_folder_cfg(
        return Ok(None);
    }

-    Ok(Some(Config::ConfiguredInboxFolder))
+    if needs_move_to_mvbox(context, headers).await?
+        // If OnlyFetchMvbox is set, we don't want to move the message to
+        // the inbox where we wouldn't fetch it again:
+        || context.get_config_bool(Config::OnlyFetchMvbox).await?
+    {
+        Ok(Some(Config::ConfiguredMvboxFolder))
+    } else {
+        Ok(Some(Config::ConfiguredInboxFolder))
+    }
 }

 /// Returns `ConfiguredInboxFolder` or `ConfiguredMvboxFolder` if
@@ -1822,12 +1934,16 @@ pub async fn target_folder_cfg(
    folder_meaning: FolderMeaning,
    headers: &[mailparse::MailHeader<'_>],
 ) -> Result<Option<Config>> {
-    if folder == "DeltaChat" {
+    if context.is_mvbox(folder).await? {
        return Ok(None);
    }

    if folder_meaning == FolderMeaning::Spam {
        spam_target_folder_cfg(context, headers).await
+    } else if folder_meaning == FolderMeaning::Inbox
+        && needs_move_to_mvbox(context, headers).await?
+    {
+        Ok(Some(Config::ConfiguredMvboxFolder))
    } else {
        Ok(None)
    }
@@ -1848,6 +1964,36 @@ pub async fn target_folder(
    }
 }

+async fn needs_move_to_mvbox(
+    context: &Context,
+    headers: &[mailparse::MailHeader<'_>],
+) -> Result<bool> {
+    let has_chat_version = headers.get_header_value(HeaderDef::ChatVersion).is_some();
+    if !context.get_config_bool(Config::MvboxMove).await? {
+        return Ok(false);
+    }
+
+    if headers
+        .get_header_value(HeaderDef::AutocryptSetupMessage)
+        .is_some()
+    {
+        // do not move setup messages;
+        // there may be a non-delta device that wants to handle it
+        return Ok(false);
+    }
+
+    if has_chat_version {
+        Ok(true)
+    } else if let Some(parent) = get_prefetch_parent_message(context, headers).await? {
+        match parent.is_dc_message {
+            MessengerMessage::No => Ok(false),
+            MessengerMessage::Yes | MessengerMessage::Reply => Ok(true),
+        }
+    } else {
+        Ok(false)
+    }
+}
+
 /// Try to get the folder meaning by the name of the folder only used if the server does not support XLIST.
 // TODO: lots languages missing - maybe there is a list somewhere on other MUAs?
 // however, if we fail to find out the sent-folder,
@@ -2001,7 +2147,7 @@ pub(crate) async fn prefetch_should_download(
        return Ok(false);
    }

-    let should_download = !blocked_contact || maybe_ndn;
+    let should_download = (!blocked_contact) || maybe_ndn;
    Ok(should_download)
 }

@@ -2178,6 +2324,21 @@ async fn get_modseq(context: &Context, transport_id: u32, folder: &str) -> Resul
        .unwrap_or(0))
 }

+/// Whether to ignore fetching messages from a folder.
+///
+/// This caters for the [`Config::OnlyFetchMvbox`] setting which means mails from folders
+/// not explicitly watched should not be fetched.
+async fn should_ignore_folder(
+    context: &Context,
+    folder: &str,
+    folder_meaning: FolderMeaning,
+) -> Result<bool> {
+    if !context.get_config_bool(Config::OnlyFetchMvbox).await? {
+        return Ok(false);
+    }
+    Ok(!(context.is_mvbox(folder).await? || folder_meaning == FolderMeaning::Spam))
+}
+
 /// Builds a list of sequence/uid sets. The returned sets have each no more than around 1000
 /// characters because according to <https://tools.ietf.org/html/rfc2683#section-3.2.1.5>
 /// command lines should not be much more than 1000 chars (servers should allow at least 8000 chars)
@@ -2237,5 +2398,23 @@ impl std::fmt::Display for UidRange {
    }
 }

+pub(crate) async fn get_watched_folder_configs(context: &Context) -> Result<Vec<Config>> {
+    let mut res = vec![Config::ConfiguredInboxFolder];
+    if context.should_watch_mvbox().await? {
+        res.push(Config::ConfiguredMvboxFolder);
+    }
+    Ok(res)
+}
+
+pub(crate) async fn get_watched_folders(context: &Context) -> Result<Vec<String>> {
+    let mut res = Vec::new();
+    for folder_config in get_watched_folder_configs(context).await? {
+        if let Some(folder) = context.get_config(folder_config).await? {
+            res.push(folder);
+        }
+    }
+    Ok(res)
+}
+
 #[cfg(test)]
 mod imap_tests;
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -220,8 +220,6 @@ impl Client {
            alpn(addr.port()),
            logging_stream,
            &context.tls_session_store,
-            &context.spki_hash_store,
-            &context.sql,
        )
        .await?;
        let buffered_stream = BufWriter::new(tls_stream);
@@ -284,8 +282,6 @@ impl Client {
            "",
            tcp_stream,
            &context.tls_session_store,
-            &context.spki_hash_store,
-            &context.sql,
        )
        .await
        .context("STARTTLS upgrade failed")?;
@@ -314,8 +310,6 @@ impl Client {
            alpn(port),
            proxy_stream,
            &context.tls_session_store,
-            &context.spki_hash_store,
-            &context.sql,
        )
        .await?;
        let buffered_stream = BufWriter::new(tls_stream);
@@ -379,8 +373,6 @@ impl Client {
            "",
            proxy_stream,
            &context.tls_session_store,
-            &context.spki_hash_store,
-            &context.sql,
        )
        .await
        .context("STARTTLS upgrade failed")?;
--- a/src/imap/idle.rs
+++ b/src/imap/idle.rs
@@ -27,8 +27,6 @@ impl Session {
        idle_interrupt_receiver: Receiver<()>,
        folder: &str,
    ) -> Result<Self> {
-        let transport_id = self.transport_id();
-
        self.select_with_uidvalidity(context, folder).await?;

        if self.drain_unsolicited_responses(context)? {
@@ -38,16 +36,13 @@ impl Session {
        if self.new_mail {
            info!(
                context,
-                "Transport {transport_id}: Skipping IDLE in {folder:?} because there may be new mail."
+                "Skipping IDLE in {folder:?} because there may be new mail."
            );
            return Ok(self);
        }

        if let Ok(()) = idle_interrupt_receiver.try_recv() {
-            info!(
-                context,
-                "Transport {transport_id}: Skip IDLE in {folder:?} because we got interrupt."
-            );
+            info!(context, "Skip IDLE in {folder:?} because we got interrupt.");
            return Ok(self);
        }

@@ -66,7 +61,7 @@ impl Session {

        info!(
            context,
-            "Transport {transport_id}: IDLE entering wait-on-remote state in folder {folder:?}."
+            "IDLE entering wait-on-remote state in folder {folder:?}."
        );

        // Spawn a task to relay interrupts from `idle_interrupt_receiver`
@@ -120,7 +115,11 @@ impl Session {

 impl Imap {
    /// Idle using polling.
-    pub(crate) async fn fake_idle(&mut self, context: &Context, watch_folder: &str) -> Result<()> {
+    pub(crate) async fn fake_idle(
+        &mut self,
+        context: &Context,
+        watch_folder: String,
+    ) -> Result<()> {
        let fake_idle_start_time = tools::Time::now();

        info!(context, "IMAP-fake-IDLEing folder={:?}", watch_folder);
--- a/src/imap/imap_tests.rs
+++ b/src/imap/imap_tests.rs
@@ -100,16 +100,24 @@ fn test_build_sequence_sets() {

 async fn check_target_folder_combination(
    folder: &str,
+    mvbox_move: bool,
    chat_msg: bool,
    expected_destination: &str,
    accepted_chat: bool,
    outgoing: bool,
+    setupmessage: bool,
 ) -> Result<()> {
    println!(
-        "Testing: For folder {folder}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}"
+        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}"
    );

    let t = TestContext::new_alice().await;
+    t.ctx
+        .set_config(Config::ConfiguredMvboxFolder, Some("DeltaChat"))
+        .await?;
+    t.ctx
+        .set_config(Config::MvboxMove, Some(if mvbox_move { "1" } else { "0" }))
+        .await?;

    if accepted_chat {
        let contact_id = Contact::create(&t.ctx, "", "bob@example.net").await?;
@@ -117,7 +125,9 @@ async fn check_target_folder_combination(
    }
    let temp;

-    let bytes = {
+    let bytes = if setupmessage {
+        include_bytes!("../../test-data/message/AutocryptSetupMessage.eml")
+    } else {
        temp = format!(
            "Received: (Postfix, from userid 1000); Mon, 4 Dec 2006 14:51:39 +0100 (CET)\n\
                    {}\
@@ -154,42 +164,66 @@ async fn check_target_folder_combination(
    assert_eq!(
        expected,
        actual.as_deref(),
-        "For folder {folder}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}: expected {expected:?}, got {actual:?}"
+        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}, setupmessage {setupmessage}: expected {expected:?}, got {actual:?}"
    );
    Ok(())
 }

 // chat_msg means that the message was sent by Delta Chat
-// The tuples are (folder, chat_msg, expected_destination)
-const COMBINATIONS_ACCEPTED_CHAT: &[(&str, bool, &str)] = &[
-    ("INBOX", false, "INBOX"),
-    ("INBOX", true, "INBOX"),
-    ("Spam", false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
-    ("Spam", true, "INBOX"),
+// The tuples are (folder, mvbox_move, chat_msg, expected_destination)
+const COMBINATIONS_ACCEPTED_CHAT: &[(&str, bool, bool, &str)] = &[
+    ("INBOX", false, false, "INBOX"),
+    ("INBOX", false, true, "INBOX"),
+    ("INBOX", true, false, "INBOX"),
+    ("INBOX", true, true, "DeltaChat"),
+    ("Spam", false, false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
+    ("Spam", false, true, "INBOX"),
+    ("Spam", true, false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
+    ("Spam", true, true, "DeltaChat"),
 ];

 // These are the same as above, but non-chat messages in Spam stay in Spam
-const COMBINATIONS_REQUEST: &[(&str, bool, &str)] = &[
-    ("INBOX", false, "INBOX"),
-    ("INBOX", true, "INBOX"),
-    ("Spam", false, "Spam"),
-    ("Spam", true, "INBOX"),
+const COMBINATIONS_REQUEST: &[(&str, bool, bool, &str)] = &[
+    ("INBOX", false, false, "INBOX"),
+    ("INBOX", false, true, "INBOX"),
+    ("INBOX", true, false, "INBOX"),
+    ("INBOX", true, true, "DeltaChat"),
+    ("Spam", false, false, "Spam"),
+    ("Spam", false, true, "INBOX"),
+    ("Spam", true, false, "Spam"),
+    ("Spam", true, true, "DeltaChat"),
 ];

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_incoming_accepted() -> Result<()> {
-    for (folder, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
-        check_target_folder_combination(folder, *chat_msg, expected_destination, true, false)
-            .await?;
+    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(
+            folder,
+            *mvbox_move,
+            *chat_msg,
+            expected_destination,
+            true,
+            false,
+            false,
+        )
+        .await?;
    }
    Ok(())
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_incoming_request() -> Result<()> {
-    for (folder, chat_msg, expected_destination) in COMBINATIONS_REQUEST {
-        check_target_folder_combination(folder, *chat_msg, expected_destination, false, false)
-            .await?;
+    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_REQUEST {
+        check_target_folder_combination(
+            folder,
+            *mvbox_move,
+            *chat_msg,
+            expected_destination,
+            false,
+            false,
+            false,
+        )
+        .await?;
    }
    Ok(())
 }
@@ -197,9 +231,35 @@ async fn test_target_folder_incoming_request() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_outgoing() -> Result<()> {
    // Test outgoing emails
-    for (folder, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
-        check_target_folder_combination(folder, *chat_msg, expected_destination, true, true)
-            .await?;
+    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(
+            folder,
+            *mvbox_move,
+            *chat_msg,
+            expected_destination,
+            true,
+            true,
+            false,
+        )
+        .await?;
+    }
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_target_folder_setupmsg() -> Result<()> {
+    // Test setupmessages
+    for (folder, mvbox_move, chat_msg, _expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(
+            folder,
+            *mvbox_move,
+            *chat_msg,
+            if folder == &"Spam" { "INBOX" } else { folder }, // Never move setup messages, except if they are in "Spam"
+            false,
+            true,
+            true,
+        )
+        .await?;
    }
    Ok(())
 }
--- a/src/imap/select_folder.rs
+++ b/src/imap/select_folder.rs
@@ -71,18 +71,13 @@ impl ImapSession {
            self.select(folder).await
        };

-        let transport_id = self.transport_id();
-
        // <https://tools.ietf.org/html/rfc3501#section-6.3.1>
        // says that if the server reports select failure we are in
        // authenticated (not-select) state.

        match res {
            Ok(mailbox) => {
-                info!(
-                    context,
-                    "Transport {transport_id}: Selected folder {folder:?}."
-                );
+                info!(context, "Selected folder {folder:?}.");
                self.selected_folder = Some(folder.to_string());
                self.selected_mailbox = Some(mailbox);
                Ok(NewlySelected::Yes)
--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -16,7 +16,7 @@ use crate::net::session::SessionStream;
 /// - Autocrypt-Setup-Message to check if a message is an autocrypt setup message,
 ///   not necessarily sent by Delta Chat.
 /// - Chat-Is-Post-Message to skip it in background fetch or when it is > `DownloadLimit`.
-const PREFETCH_FLAGS: &str = "(UID RFC822.SIZE BODY.PEEK[HEADER.FIELDS (\
+const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (\
                              MESSAGE-ID \
                              DATE \
                              X-MICROSOFT-ORIGINAL-MESSAGE-ID \
@@ -124,7 +124,7 @@ impl Session {
    }

    /// Prefetch `n_uids` messages starting from `uid_next`. Returns a list of fetch results in the
-    /// order of ascending UIDs.
+    /// order of ascending delivery time to the server (INTERNALDATE).
    #[expect(clippy::arithmetic_side_effects)]
    pub(crate) async fn prefetch(
        &mut self,
@@ -142,10 +142,10 @@ impl Session {
        let mut msgs = BTreeMap::new();
        while let Some(msg) = list.try_next().await? {
            if let Some(msg_uid) = msg.uid {
-                msgs.insert(msg_uid, msg);
+                msgs.insert((msg.internal_date(), msg_uid), msg);
            }
        }

-        Ok(Vec::from_iter(msgs))
+        Ok(msgs.into_iter().map(|((_, uid), msg)| (uid, msg)).collect())
    }
 }
--- a/src/imex.rs
+++ b/src/imex.rs
@@ -28,9 +28,11 @@ use crate::tools::{
    write_file,
 };

+mod key_transfer;
 mod transfer;

 use ::pgp::types::KeyDetails;
+pub use key_transfer::{continue_key_transfer, initiate_key_transfer};
 pub use transfer::{BackupProvider, get_backup};

 // Name of the database file in the backup.
@@ -1137,16 +1139,4 @@ mod tests {

        Ok(())
    }
-
-    /// Tests importing a backup from Delta Chat 1.30.3 for Android (core v1.86.0).
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_import_ancient_backup() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let context = &tcm.unconfigured().await;
-
-        let backup_path = Path::new("test-data/core-1.86.0-backup.tar");
-        imex(context, ImexMode::ImportBackup, backup_path, None).await?;
-
-        Ok(())
-    }
 }
--- a/src/imex/key_transfer.rs
+++ b/src/imex/key_transfer.rs
@@ -0,0 +1,363 @@
+//! # Key transfer via Autocrypt Setup Message.
+use std::io::BufReader;
+
+use anyhow::{Result, bail, ensure};
+
+use crate::blob::BlobObject;
+use crate::chat::{self, ChatId};
+use crate::config::Config;
+use crate::constants::{ASM_BODY, ASM_SUBJECT};
+use crate::contact::ContactId;
+use crate::context::Context;
+use crate::imex::set_self_key;
+use crate::key::{DcKey, load_self_secret_key};
+use crate::message::{Message, MsgId, Viewtype};
+use crate::mimeparser::SystemMessage;
+use crate::param::Param;
+use crate::pgp;
+use crate::tools::open_file_std;
+
+/// Initiates key transfer via Autocrypt Setup Message.
+///
+/// Returns setup code.
+pub async fn initiate_key_transfer(context: &Context) -> Result<String> {
+    let setup_code = create_setup_code(context);
+    /* this may require a keypair to be created. this may take a second ... */
+    let setup_file_content = render_setup_file(context, &setup_code).await?;
+    /* encrypting may also take a while ... */
+    let setup_file_blob = BlobObject::create_and_deduplicate_from_bytes(
+        context,
+        setup_file_content.as_bytes(),
+        "autocrypt-setup-message.html",
+    )?;
+
+    let chat_id = ChatId::create_for_contact(context, ContactId::SELF).await?;
+    let mut msg = Message::new(Viewtype::File);
+    msg.param.set(Param::File, setup_file_blob.as_name());
+    msg.param
+        .set(Param::Filename, "autocrypt-setup-message.html");
+    msg.subject = ASM_SUBJECT.to_owned();
+    msg.param
+        .set(Param::MimeType, "application/autocrypt-setup");
+    msg.param.set_cmd(SystemMessage::AutocryptSetupMessage);
+    msg.force_plaintext();
+    msg.param.set_int(Param::SkipAutocrypt, 1);
+
+    // Enable BCC-self, because transferring a key
+    // means we have a multi-device setup.
+    context.set_config_bool(Config::BccSelf, true).await?;
+
+    chat::send_msg(context, chat_id, &mut msg).await?;
+    Ok(setup_code)
+}
+
+/// Continue key transfer via Autocrypt Setup Message.
+///
+/// `msg_id` is the ID of the received Autocrypt Setup Message.
+/// `setup_code` is the code entered by the user.
+pub async fn continue_key_transfer(
+    context: &Context,
+    msg_id: MsgId,
+    setup_code: &str,
+) -> Result<()> {
+    ensure!(!msg_id.is_special(), "wrong id");
+
+    let msg = Message::load_from_db(context, msg_id).await?;
+    ensure!(
+        msg.is_setupmessage(),
+        "Message is no Autocrypt Setup Message."
+    );
+
+    if let Some(filename) = msg.get_file(context) {
+        let file = open_file_std(context, filename)?;
+        let sc = normalize_setup_code(setup_code);
+        let armored_key = decrypt_setup_file(&sc, BufReader::new(file)).await?;
+        set_self_key(context, &armored_key).await?;
+        context.set_config_bool(Config::BccSelf, true).await?;
+
+        Ok(())
+    } else {
+        bail!("Message is no Autocrypt Setup Message.");
+    }
+}
+
+/// Renders HTML body of a setup file message.
+///
+/// The `passphrase` must be at least 2 characters long.
+pub async fn render_setup_file(context: &Context, passphrase: &str) -> Result<String> {
+    let passphrase_begin = if let Some(passphrase_begin) = passphrase.get(..2) {
+        passphrase_begin
+    } else {
+        bail!("Passphrase must be at least 2 chars long.");
+    };
+    let private_key = load_self_secret_key(context).await?;
+    let ac_headers = Some(("Autocrypt-Prefer-Encrypt", "mutual"));
+    let private_key_asc = private_key.to_asc(ac_headers);
+    let encr = pgp::symm_encrypt_autocrypt_setup(passphrase, private_key_asc.into_bytes())
+        .await?
+        .replace('\n', "\r\n");
+
+    let replacement = format!(
+        concat!(
+            "-----BEGIN PGP MESSAGE-----\r\n",
+            "Passphrase-Format: numeric9x4\r\n",
+            "Passphrase-Begin: {}"
+        ),
+        passphrase_begin
+    );
+    let pgp_msg = encr.replace("-----BEGIN PGP MESSAGE-----", &replacement);
+
+    let msg_subj = ASM_SUBJECT;
+    let msg_body = ASM_BODY.to_string();
+    let msg_body_html = msg_body.replace('\r', "").replace('\n', "<br>");
+    Ok(format!(
+        concat!(
+            "<!DOCTYPE html>\r\n",
+            "<html>\r\n",
+            "  <head>\r\n",
+            "    <title>{}</title>\r\n",
+            "  </head>\r\n",
+            "  <body>\r\n",
+            "    <h1>{}</h1>\r\n",
+            "    <p>{}</p>\r\n",
+            "    <pre>\r\n{}\r\n</pre>\r\n",
+            "  </body>\r\n",
+            "</html>\r\n"
+        ),
+        msg_subj, msg_subj, msg_body_html, pgp_msg
+    ))
+}
+
+/// Creates a new setup code for Autocrypt Setup Message.
+#[expect(clippy::arithmetic_side_effects)]
+fn create_setup_code(_context: &Context) -> String {
+    let mut random_val: u16;
+    let mut ret = String::new();
+
+    for i in 0..9 {
+        loop {
+            random_val = rand::random();
+            if random_val as usize <= 60000 {
+                break;
+            }
+        }
+        random_val = (random_val as usize % 10000) as u16;
+        ret += &format!(
+            "{}{:04}",
+            if 0 != i { "-" } else { "" },
+            random_val as usize
+        );
+    }
+
+    ret
+}
+
+async fn decrypt_setup_file<T: std::fmt::Debug + std::io::BufRead + Send + 'static>(
+    passphrase: &str,
+    file: T,
+) -> Result<String> {
+    let plain_bytes = pgp::symm_decrypt(passphrase, file).await?;
+    let plain_text = std::string::String::from_utf8(plain_bytes)?;
+
+    Ok(plain_text)
+}
+
+fn normalize_setup_code(s: &str) -> String {
+    let mut out = String::new();
+    for c in s.chars() {
+        if c.is_ascii_digit() {
+            out.push(c);
+            if let 4 | 9 | 14 | 19 | 24 | 29 | 34 | 39 = out.len() {
+                out += "-"
+            }
+        }
+    }
+    out
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    use crate::pgp::{HEADER_AUTOCRYPT, HEADER_SETUPCODE, split_armored_data};
+    use crate::receive_imf::receive_imf;
+    use crate::test_utils::{TestContext, TestContextManager};
+    use ::pgp::armor::BlockType;
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_render_setup_file() {
+        let t = TestContext::new_alice().await;
+        let msg = render_setup_file(&t, "hello").await.unwrap();
+        println!("{}", &msg);
+        // Check some substrings, indicating things got substituted.
+        assert!(msg.contains("<title>Autocrypt Setup Message</title"));
+        assert!(msg.contains("<h1>Autocrypt Setup Message</h1>"));
+        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to"));
+        assert!(msg.contains("-----BEGIN PGP MESSAGE-----\r\n"));
+        assert!(msg.contains("Passphrase-Format: numeric9x4\r\n"));
+        assert!(msg.contains("Passphrase-Begin: he\r\n"));
+        assert!(msg.contains("-----END PGP MESSAGE-----\r\n"));
+
+        for line in msg.rsplit_terminator('\n') {
+            assert!(line.ends_with('\r'));
+        }
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_render_setup_file_newline_replace() {
+        let t = TestContext::new_alice().await;
+        let msg = render_setup_file(&t, "pw").await.unwrap();
+        println!("{}", &msg);
+        assert!(msg.contains("<p>This is the Autocrypt Setup Message used to transfer your end-to-end setup between clients.<br>"));
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_create_setup_code() {
+        let t = TestContext::new().await;
+        let setupcode = create_setup_code(&t);
+        assert_eq!(setupcode.len(), 44);
+        assert_eq!(setupcode.chars().nth(4).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(9).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(14).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(19).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(24).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(29).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(34).unwrap(), '-');
+        assert_eq!(setupcode.chars().nth(39).unwrap(), '-');
+    }
+
+    #[test]
+    fn test_normalize_setup_code() {
+        let norm = normalize_setup_code("123422343234423452346234723482349234");
+        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
+
+        let norm =
+            normalize_setup_code("\t1 2 3422343234- foo bar-- 423-45 2 34 6234723482349234      ");
+        assert_eq!(norm, "1234-2234-3234-4234-5234-6234-7234-8234-9234");
+    }
+
+    /* S_EM_SETUPFILE is a AES-256 symm. encrypted setup message created by Enigmail
+    with an "encrypted session key", see RFC 4880.  The code is in S_EM_SETUPCODE */
+    const S_EM_SETUPCODE: &str = "1742-0185-6197-1303-7016-8412-3581-4441-0597";
+    const S_EM_SETUPFILE: &str = include_str!("../../test-data/message/stress.txt");
+
+    // Autocrypt Setup Message payload "encrypted" with plaintext algorithm.
+    const S_PLAINTEXT_SETUPFILE: &str =
+        include_str!("../../test-data/message/plaintext-autocrypt-setup.txt");
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_split_and_decrypt() {
+        let buf_1 = S_EM_SETUPFILE.as_bytes().to_vec();
+        let (typ, headers, base64) = split_armored_data(&buf_1).unwrap();
+        assert_eq!(typ, BlockType::Message);
+        assert!(S_EM_SETUPCODE.starts_with(headers.get(HEADER_SETUPCODE).unwrap()));
+        assert!(!headers.contains_key(HEADER_AUTOCRYPT));
+
+        assert!(!base64.is_empty());
+
+        let setup_file = S_EM_SETUPFILE;
+        let decrypted = decrypt_setup_file(S_EM_SETUPCODE, setup_file.as_bytes())
+            .await
+            .unwrap();
+
+        let (typ, headers, _base64) = split_armored_data(decrypted.as_bytes()).unwrap();
+
+        assert_eq!(typ, BlockType::PrivateKey);
+        assert_eq!(headers.get(HEADER_AUTOCRYPT), Some(&"mutual".to_string()));
+        assert!(!headers.contains_key(HEADER_SETUPCODE));
+    }
+
+    /// Tests that Autocrypt Setup Message encrypted with "plaintext" algorithm cannot be
+    /// decrypted.
+    ///
+    /// According to <https://datatracker.ietf.org/doc/html/rfc4880#section-13.4>
+    /// "Implementations MUST NOT use plaintext in Symmetrically Encrypted Data packets".
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_decrypt_plaintext_autocrypt_setup_message() {
+        let setup_file = S_PLAINTEXT_SETUPFILE;
+        let incorrect_setupcode = "0000-0000-0000-0000-0000-0000-0000-0000-0000";
+        assert!(
+            decrypt_setup_file(incorrect_setupcode, setup_file.as_bytes(),)
+                .await
+                .is_err()
+        );
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = &tcm.alice().await;
+
+        tcm.section("Alice sends Autocrypt setup message");
+        alice.set_config(Config::BccSelf, Some("0")).await?;
+        let setup_code = initiate_key_transfer(alice).await?;
+
+        // Test that sending Autocrypt Setup Message enables `bcc_self`.
+        assert_eq!(alice.get_config_bool(Config::BccSelf).await?, true);
+
+        // Get Autocrypt Setup Message.
+        let sent = alice.pop_sent_msg().await;
+
+        tcm.section("Alice sets up a second device");
+        let alice2 = &tcm.unconfigured().await;
+        alice2.set_name("alice2");
+        alice2.configure_addr("alice@example.org").await;
+        alice2.recv_msg(&sent).await;
+        let msg = alice2.get_last_msg().await;
+        assert!(msg.is_setupmessage());
+        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 0);
+
+        // Transfer the key.
+        tcm.section("Alice imports a key from Autocrypt Setup Message");
+        alice2.set_config(Config::BccSelf, Some("0")).await?;
+        continue_key_transfer(alice2, msg.id, &setup_code).await?;
+        assert_eq!(alice2.get_config_bool(Config::BccSelf).await?, true);
+        assert_eq!(crate::key::load_self_secret_keyring(alice2).await?.len(), 1);
+
+        // Alice sends a message to self from the new device.
+        let sent = alice2.send_text(msg.chat_id, "Test").await;
+        let rcvd_msg = alice.recv_msg(&sent).await;
+        assert_eq!(rcvd_msg.get_text(), "Test");
+
+        Ok(())
+    }
+
+    /// Tests that Autocrypt Setup Messages is only clickable if it is self-sent.
+    /// This prevents Bob from tricking Alice into changing the key
+    /// by sending her an Autocrypt Setup Message as long as Alice's server
+    /// does not allow to forge the `From:` header.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer_non_self_sent() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = tcm.alice().await;
+        let bob = tcm.bob().await;
+
+        let _setup_code = initiate_key_transfer(&alice).await?;
+
+        // Get Autocrypt Setup Message.
+        let sent = alice.pop_sent_msg().await;
+
+        let rcvd = bob.recv_msg(&sent).await;
+        assert!(!rcvd.is_setupmessage());
+
+        Ok(())
+    }
+
+    /// Tests reception of Autocrypt Setup Message from K-9 6.802.
+    ///
+    /// Unlike Autocrypt Setup Message sent by Delta Chat,
+    /// this message does not contain `Autocrypt-Prefer-Encrypt` header.
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_key_transfer_k_9() -> Result<()> {
+        let t = &TestContext::new().await;
+        t.configure_addr("autocrypt@nine.testrun.org").await;
+
+        let raw = include_bytes!("../../test-data/message/k-9-autocrypt-setup-message.eml");
+        let received = receive_imf(t, raw, false).await?.unwrap();
+
+        let setup_code = "0655-9868-8252-5455-4232-5158-1237-5333-2638";
+        continue_key_transfer(t, *received.msg_ids.last().unwrap(), setup_code).await?;
+
+        Ok(())
+    }
+}
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 -04-13
 -02-27