remove shared-key

add-rust-environment-hash-key: false
save cache from this PR
2026-05-04 13:56:30 +03:00 · 2026-05-04 05:15:39 +02:00 · 2026-05-04 04:56:08 +02:00 · 2026-05-04 04:21:49 +02:00 · 2026-05-03 22:13:05 +02:00 · 2026-05-03 18:22:54 +00:00
460 changed files with 3589 additions and 6953 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,10 +20,10 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.94.0
+  RUST_VERSION: 1.95.0

  # Minimum Supported Rust Version
-  MSRV: 1.88.0
+  MSRV: 1.89.0

 jobs:
  lint_rust:
@@ -40,7 +40,10 @@ jobs:
      - run: rustup override set $RUST_VERSION
        shell: bash
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        with:
+          save-if: false
+          add-rust-environment-hash-key: false
      - name: Run rustfmt
        run: cargo fmt --all -- --check
      - name: Run clippy
@@ -59,7 +62,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979
+      - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb
        with:
          arguments: --workspace --all-features --locked
          command: check
@@ -90,8 +93,15 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
+
+      - run: rustup override set $RUST_VERSION
+        shell: bash
+
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        with:
+          save-if: false
+          add-rust-environment-hash-key: false
      - name: Rustdoc
        run: cargo doc --document-private-items --no-deps

@@ -134,10 +144,19 @@ jobs:
        shell: bash

      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        with:
+          # Only save the cache from the main branch runs.
+          # No need for PRs to write to the cache.
+          ##save-if: ${{ github.ref == 'refs/heads/main' }}
+
+          # Do not hash Cargo.lock.
+          # We want the cache to be used later in PRs
+          # even if it updates some dependency.
+          add-rust-environment-hash-key: false

      - name: Install nextest
-        uses: taiki-e/install-action@69e777b377e4ec209ddad9426ae3e0c1008b0ef3
+        uses: taiki-e/install-action@5f57d6cb7cd20b14a8a27f522884c4bc8a187458
        with:
          tool: nextest

@@ -167,8 +186,14 @@ jobs:
          show-progress: false
          persist-credentials: false

+      - run: rustup override set $RUST_VERSION
+        shell: bash
+
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        with:
+          save-if: false
+          add-rust-environment-hash-key: false

      - name: Build C library
        run: cargo build -p deltachat_ffi
@@ -193,8 +218,14 @@ jobs:
          show-progress: false
          persist-credentials: false

+      - run: rustup override set $RUST_VERSION
+        shell: bash
+
      - name: Cache rust cargo artifacts
-        uses: swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
+        with:
+          save-if: false
+          add-rust-environment-hash-key: false

      - name: Build deltachat-rpc-server
        run: cargo build -p deltachat-rpc-server
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -34,7 +34,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux
@@ -58,7 +58,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
@@ -82,7 +82,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}
@@ -106,7 +106,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel
@@ -157,7 +157,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android
@@ -181,7 +181,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Build deltachat-rpc-server wheels
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel
@@ -208,7 +208,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5

      - name: Download Linux aarch64 binary
        uses: actions/download-artifact@v7
@@ -382,7 +382,7 @@ jobs:

      - name: Publish deltachat-rpc-server to PyPI
        if: github.event_name == 'release'
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b

  publish_npm_package:
    name: Build & Publish npm prebuilds and deltachat-rpc-server
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -10,11 +10,11 @@ permissions:
 jobs:
  dependabot:
    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
    steps:
      - name: Dependabot metadata
        id: metadata
-        uses: dependabot/fetch-metadata@v2.4.0
+        uses: dependabot/fetch-metadata@v3.0.0
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve a PR
--- a/.github/workflows/dev-version.yml
+++ b/.github/workflows/dev-version.yml
@@ -0,0 +1,23 @@
+# Check that PRs are made against the -dev version.
+# 
+# If this fails, push commit to update the version to -dev to main.
+
+name: Check for -dev version
+
+on:
+  pull_request:
+
+permissions: {}
+
+jobs:
+  check_dev_version:
+    name: Check that current version ends with -dev
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+
+      - name: Run version-checking script
+        run: scripts/check-dev-version.py
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          node-version: 18.x
      - name: Add Rust cache
-        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5
+        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4
      - name: npm install
        working-directory: deltachat-jsonrpc/typescript
        run: npm install
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -25,7 +25,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - run: nix fmt flake.nix -- --check

  build:
@@ -84,7 +84,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -105,5 +105,5 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -47,4 +47,4 @@ jobs:
          name: python-package-distributions
          path: dist/
      - name: Publish deltachat-rpc-client to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -18,7 +18,7 @@ jobs:
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -1,16 +1,18 @@
-name: Build & deploy documentation on rs.delta.chat, c.delta.chat, and py.delta.chat
+name: Build & deploy documentation on rs.delta.chat, c.delta.chat, py.delta.chat and cffi.delta.chat

 on:
  push:
    branches:
      - main
-      - build_jsonrpc_docs_ci

 permissions: {}

 jobs:
  build-rs:
    runs-on: ubuntu-latest
+    environment:
+      name: rs.delta.chat
+      url: https://rs.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -23,12 +25,15 @@ jobs:
      - name: Upload to rs.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.RS_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.USERNAME }}@rs.delta.chat:/var/www/html/rs/"
+          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc "${{ secrets.RS_DOCS_SSH_USER }}@rs.delta.chat:/var/www/html/rs.delta.chat/"

  build-python:
    runs-on: ubuntu-latest
+    environment:
+      name: py.delta.chat
+      url: https://py.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -36,18 +41,21 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.PY_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@py.delta.chat:/home/delta/build/master"
+          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.PY_DOCS_SSH_USER }}@py.delta.chat:/var/www/html/py.delta.chat"

  build-c:
    runs-on: ubuntu-latest
+    environment:
+      name: c.delta.chat
+      url: https://c.delta.chat/

    steps:
      - uses: actions/checkout@v6
@@ -55,18 +63,22 @@ jobs:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@2126ae7fc54c9df00dd18f7f18754393182c73cd # v31.9.1
+      - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.CODESPEAK_KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.C_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "delta@c.delta.chat:/home/delta/build-c/master"
+          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/result/html/ "${{ secrets.C_DOCS_SSH_USER }}@c.delta.chat:/var/www/html/c.delta.chat"

  build-ts:
    runs-on: ubuntu-latest
+    environment:
+      name: js.jsonrpc.delta.chat
+      url: https://js.jsonrpc.delta.chat/
+
    defaults:
      run:
        working-directory: ./deltachat-jsonrpc/typescript
@@ -90,6 +102,27 @@ jobs:
      - name: Upload to js.jsonrpc.delta.chat
        run: |
          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
+          echo "${{ secrets.JS_JSONRPC_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.USERNAME }}@js.jsonrpc.delta.chat:/var/www/html/js-jsonrpc/"
+          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/deltachat-jsonrpc/typescript/docs/ "${{ secrets.JS_JSONRPC_DOCS_SSH_USER }}@js.jsonrpc.delta.chat:/var/www/html/js.jsonrpc.delta.chat/"
+
+  build-cffi:
+    runs-on: ubuntu-latest
+    environment:
+      name: cffi.delta.chat
+      url: https://cffi.delta.chat/
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+      - name: Build the documentation with cargo
+        run: |
+          cargo doc --package deltachat_ffi --no-deps
+      - name: Upload to cffi.delta.chat
+        run: |
+          mkdir -p "$HOME/.ssh"
+          echo "${{ secrets.CFFI_DOCS_SSH_KEY }}" > "$HOME/.ssh/key"
+          chmod 600 "$HOME/.ssh/key"
+          rsync -avzh --delete -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.CFFI_DOCS_SSH_USER }}@delta.chat:/var/www/html/cffi.delta.chat/"
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -1,31 +0,0 @@
-# GitHub Actions workflow
-# to build `deltachat_ffi` crate documentation
-# and upload it to <https://cffi.delta.chat/>
-
-name: Build & Deploy Documentation on cffi.delta.chat
-
-on:
-  push:
-    branches:
-      - main
-
-permissions: {}
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          show-progress: false
-          persist-credentials: false
-      - name: Build the documentation with cargo
-        run: |
-          cargo doc --package deltachat_ffi --no-deps
-      - name: Upload to cffi.delta.chat
-        run: |
-          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets.KEY }}" > "$HOME/.ssh/key"
-          chmod 600 "$HOME/.ssh/key"
-          rsync -avzh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/target/doc/ "${{ secrets.USERNAME }}@delta.chat:/var/www/html/cffi/"
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -23,4 +23,4 @@ jobs:
          persist-credentials: false

      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,122 @@
 # Changelog

+## [2.49.0] - 2026-04-13
+
+### Features / Changes
+
+- Flipped Exif orientations ([#8057](https://github.com/chatmail/core/pull/8057)).
+
+### Fixes
+
+- Determine whether a message is an own message by looking at signature. multiple devices can temporarly have different sets of self addresses, and still need to properly recognize incoming versus outgoing messages. Disclaimer: some LLM tooling was initially involved but i went over everything by hand, and also addressed review comments..
+- Mark a message as delivered only after it has been fully sent out ([#8062](https://github.com/chatmail/core/pull/8062)).
+- Do not create 1:1 chat on second device when scanning a QR code.
+- Do not URL-encode proxy hostnames.
+- Assign webxdc updates from post-message to webxdc instance.
+- Let search also return hidden contacts if search value is an email address.
+- Add missing `extern "C"` to `dc_array_is_independent`.
+- Make start messages stick to the top of the chat.
+- For bots, wait with emitting IncomingMsg until the Post-Msg arrived ([#8104](https://github.com/chatmail/core/pull/8104)).
+- Trash message about group name change from non-member.
+
+### API-Changes
+
+- [**breaking**] remove `dc_msg_force_plaintext`.
+- @deltachat/stdio-rpc-server: also export a class.
+
+### CI
+
+- Make sure `-dev` version suffix is not forgotten after release.
+
+### Documentation
+
+- Document that events are broadcasted to all event emitters.
+- Fix broken link for i-d "Common PGP/MIME Message Mangling".
+
+### Refactor
+
+- ignore ForcePlaintext in saved messages chat.
+- @deltachat/stdio-rpc-server: make `getRPCServerPath` and `startDeltaChat` synchronous.
+- @deltachat/stdio-rpc-server: remove `await` from README example.
+- less nested `remove_contact_from_chat`.
+
+### Tests
+
+- Add test for `tweak_sort_timestamp()`.
+- Test that messages are only marked as delivered after being fully sent out ([#8077](https://github.com/chatmail/core/pull/8077)).
+- Fix flaky `test_no_old_msg_is_fresh`: Wait for incoming message before sending outgoing one.
+- Use TestContextManager in `test_keep_member_list_if_possibly_nomember`.
+
+### Miscellaneous Tasks
+
+- cargo: bump chrono from 0.4.43 to 0.4.44.
+- cargo: bump tracing-subscriber from 0.3.22 to 0.3.23.
+- cargo: bump tempfile from 3.26.0 to 3.27.0.
+- cargo: bump pin-project from 1.1.10 to 1.1.11.
+- cargo: bump tokio from 1.49.0 to 1.50.0.
+- cargo: bump libc from 0.2.182 to 0.2.183.
+- cargo: bump quote from 1.0.44 to 1.0.45.
+- cargo: bump image from 0.25.9 to 0.25.10.
+- cargo: bump proptest from 1.10.0 to 1.11.0.
+- deps: bump dependabot/fetch-metadata from 2.4.0 to 3.0.0.
+- bump version to 2.49.0-dev.
+
+## [2.48.0] - 2026-03-30
+
+### Fixes
+
+- Fix reordering problems in multi-relay setups by not sorting received messages below the last seen one.
+- Always sort "Messages are end-to-end encrypted" notice to the beginning.
+- Make Message-ID of pre-messages stable across resends ([#8007](https://github.com/chatmail/core/pull/8007)).
+- Delete `imap_markseen` entries not corresponding to any `imap` rows.
+- Cleanup `imap` and `imap_sync` records without transport in housekeeping.
+- When receiving MDN, mark all preceding messages as noticed, even having same timestamp ([#7928](https://github.com/chatmail/core/pull/7928)).
+- Remove migration 108 preventing upgrades from core 1.86.0 to the latest version.
+
+### Features / Changes
+
+- Improve IMAP loop logs.
+- Add decryption error to the device message about outgoing message decryption failure.
+- Log received message sort timestamp.
+
+### Performance
+
+- Move sorting outside of SQL query in `store_seen_flags_on_imap`.
+
+### API-Changes
+
+- Add JSON-RPC API `markfresh_chat()`.
+- ffi: Correctly declare `dc_event_channel_new()` as having no params ([#7831](https://github.com/chatmail/core/pull/7831)).
+
+### Refactor
+
+- Remove `wal_checkpoint_mutex`, lock `write_mutex` before getting sql connection instead.
+- Replace async `RwLock` with sync `RwLock` for stock strings.
+- Cleanup remaining Autocrypt Setup Message processing in `mimeparser`.
+- SecureJoin: do not check for self address in forwarding protection.
+- Fix clippy warnings.
+
+### CI
+
+- Update {c,py}.delta.chat website deployments.
+- Use environments for {rs,cffi,js.jsonrpc}.delta.chat deployments.
+- Fix https://docs.zizmor.sh/audits/#bot-conditions.
+
+### Documentation
+
+- Add SQL performance tips to STYLE.md.
+
+### Tests
+
+- Remove `test_old_message_5`.
+- Do not rely on loading newest chat in `load_imf_email()`.
+- Use `load_imf_email()` more.
+- The message is sorted correctly in the chat even if it arrives late.
+
+### Miscellaneous Tasks
+
+- cargo: update rustls-webpki to 0.103.10.
+
 ## [2.47.0] - 2026-03-24

 ### Fixes
@@ -7984,3 +8101,5 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.45.0]: https://github.com/chatmail/core/compare/v2.44.0..v2.45.0
 [2.46.0]: https://github.com/chatmail/core/compare/v2.45.0..v2.46.0
 [2.47.0]: https://github.com/chatmail/core/compare/v2.46.0..v2.47.0
+[2.48.0]: https://github.com/chatmail/core/compare/v2.47.0..v2.48.0
+[2.49.0]: https://github.com/chatmail/core/compare/v2.48.0..v2.49.0
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -36,7 +36,7 @@ checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 ]

 [[package]]
@@ -136,7 +136,7 @@ checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
 dependencies = [
 "base64ct",
 "blake2",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "password-hash",
 "zeroize",
 ]
@@ -194,9 +194,9 @@ dependencies = [

 [[package]]
 name = "astral-tokio-tar"
-version = "0.6.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c23f3af104b40a3430ccb90ed5f7bd877a8dc5c26fc92fde51a22b40890dcf9"
+checksum = "4ce73b17c62717c4b6a9af10b43e87c578b0cac27e00666d48304d3b7d2c0693"
 dependencies = [
 "filetime",
 "futures-core",
@@ -497,16 +497,16 @@ dependencies = [

 [[package]]
 name = "blake3"
-version = "1.8.3"
+version = "1.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2468ef7d57b3fb7e16b576e8377cdbde2320c60e1491e961d11da40fc4f02a2d"
+checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce"
 dependencies = [
 "arrayref",
 "arrayvec",
 "cc",
 "cfg-if",
 "constant_time_eq 0.4.2",
- "cpufeatures",
+ "cpufeatures 0.3.0",
 ]

 [[package]]
@@ -550,7 +550,7 @@ dependencies = [
 "bolero-kani",
 "bolero-libfuzzer",
 "cfg-if",
- "rand 0.9.2",
+ "rand 0.9.4",
 ]

 [[package]]
@@ -573,7 +573,7 @@ dependencies = [
 "bolero-generator",
 "lazy_static",
 "pretty-hex",
- "rand 0.9.2",
+ "rand 0.9.4",
 "rand_xoshiro",
 ]

@@ -799,7 +799,7 @@ checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 ]

 [[package]]
@@ -827,9 +827,9 @@ dependencies = [

 [[package]]
 name = "chrono"
-version = "0.4.43"
+version = "0.4.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
+checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
 dependencies = [
 "iana-time-zone",
 "num-traits",
@@ -1011,6 +1011,15 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "cpufeatures"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "crc"
 version = "3.2.1"
@@ -1216,7 +1225,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "curve25519-dalek-derive",
 "digest",
 "fiat-crypto",
@@ -1307,7 +1316,7 @@ dependencies = [

 [[package]]
 name = "deltachat"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 dependencies = [
 "anyhow",
 "astral-tokio-tar",
@@ -1360,8 +1369,8 @@ dependencies = [
 "proptest",
 "qrcodegen",
 "quick-xml",
- "rand 0.8.5",
- "rand 0.9.2",
+ "rand 0.8.6",
+ "rand 0.9.4",
 "ratelimit",
 "regex",
 "rusqlite",
@@ -1416,7 +1425,7 @@ dependencies = [

 [[package]]
 name = "deltachat-jsonrpc"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 dependencies = [
 "anyhow",
 "async-channel 2.5.0",
@@ -1437,7 +1446,7 @@ dependencies = [

 [[package]]
 name = "deltachat-repl"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1453,7 +1462,7 @@ dependencies = [

 [[package]]
 name = "deltachat-rpc-server"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1482,7 +1491,7 @@ dependencies = [

 [[package]]
 name = "deltachat_ffi"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 dependencies = [
 "anyhow",
 "deltachat",
@@ -1490,7 +1499,7 @@ dependencies = [
 "human-panic",
 "libc",
 "num-traits",
- "rand 0.9.2",
+ "rand 0.9.4",
 "serde_json",
 "thiserror 2.0.18",
 "tokio",
@@ -2429,7 +2438,7 @@ dependencies = [
 "idna",
 "ipnet",
 "once_cell",
- "rand 0.9.2",
+ "rand 0.9.4",
 "ring",
 "thiserror 2.0.18",
 "tinyvec",
@@ -2451,7 +2460,7 @@ dependencies = [
 "moka",
 "once_cell",
 "parking_lot",
- "rand 0.9.2",
+ "rand 0.9.4",
 "resolv-conf",
 "smallvec",
 "thiserror 2.0.18",
@@ -2852,7 +2861,7 @@ dependencies = [
 "hyper",
 "hyper-util",
 "log",
- "rand 0.9.2",
+ "rand 0.9.4",
 "tokio",
 "url",
 "xmltree",
@@ -2860,9 +2869,9 @@ dependencies = [

 [[package]]
 name = "image"
-version = "0.25.9"
+version = "0.25.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6506c6c10786659413faa717ceebcb8f70731c0a60cbae39795fdf114519c1a"
+checksum = "85ab80394333c02fe689eaf900ab500fbd0c2213da414687ebf995a65d5a6104"
 dependencies = [
 "bytemuck",
 "byteorder-lite",
@@ -2981,7 +2990,7 @@ dependencies = [
 "pin-project",
 "pkarr",
 "portmapper",
- "rand 0.8.5",
+ "rand 0.8.6",
 "rcgen",
 "reqwest",
 "ring",
@@ -3056,7 +3065,7 @@ dependencies = [
 "iroh-metrics",
 "n0-future",
 "postcard",
- "rand 0.8.5",
+ "rand 0.8.6",
 "rand_core 0.6.4",
 "serde",
 "serde-error",
@@ -3119,7 +3128,7 @@ checksum = "929d5d8fa77d5c304d3ee7cae9aede31f13908bd049f9de8c7c0094ad6f7c535"
 dependencies = [
 "bytes",
 "getrandom 0.2.16",
- "rand 0.8.5",
+ "rand 0.8.6",
 "ring",
 "rustc-hash",
 "rustls",
@@ -3172,7 +3181,7 @@ dependencies = [
 "pin-project",
 "pkarr",
 "postcard",
- "rand 0.8.5",
+ "rand 0.8.6",
 "reqwest",
 "rustls",
 "rustls-webpki 0.102.8",
@@ -3246,7 +3255,7 @@ version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
 dependencies = [
- "cpufeatures",
+ "cpufeatures 0.2.17",
 ]

 [[package]]
@@ -3260,9 +3269,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.182"
+version = "0.2.184"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112"
+checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af"

 [[package]]
 name = "libm"
@@ -3483,9 +3492,9 @@ dependencies = [

 [[package]]
 name = "moxcms"
-version = "0.7.5"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ddd32fa8935aeadb8a8a6b6b351e40225570a37c43de67690383d87ef170cd08"
+checksum = "bb85c154ba489f01b25c0d36ae69a87e4a1c73a72631fc6c0eb6dde34a73e44b"
 dependencies = [
 "num-traits",
 "pxfm",
@@ -3776,7 +3785,7 @@ dependencies = [
 "num-integer",
 "num-iter",
 "num-traits",
- "rand 0.8.5",
+ "rand 0.8.6",
 "serde",
 "smallvec",
 "zeroize",
@@ -3933,9 +3942,9 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"

 [[package]]
 name = "openssl"
-version = "0.10.72"
+version = "0.10.78"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da"
+checksum = "f38c4372413cdaaf3cc79dd92d29d7d9f5ab09b51b10dded508fb90bb70b9222"
 dependencies = [
 "bitflags 2.11.0",
 "cfg-if",
@@ -3974,9 +3983,9 @@ dependencies = [

 [[package]]
 name = "openssl-sys"
-version = "0.9.107"
+version = "0.9.114"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8288979acd84749c744a9014b4382d42b8f7b2592847b5afb2ed29e5d16ede07"
+checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6"
 dependencies = [
 "cc",
 "libc",
@@ -4206,7 +4215,7 @@ dependencies = [
 "p256",
 "p384",
 "p521",
- "rand 0.8.5",
+ "rand 0.8.6",
 "regex",
 "replace_with",
 "ripemd",
@@ -4235,18 +4244,18 @@ dependencies = [

 [[package]]
 name = "pin-project"
-version = "1.1.10"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "677f1add503faace112b9f1373e43e9e054bfdd22ff1a63c1bc485eaec6a6a8a"
+checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517"
 dependencies = [
 "pin-project-internal",
 ]

 [[package]]
 name = "pin-project-internal"
-version = "1.1.10"
+version = "1.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861"
+checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -4412,7 +4421,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
 dependencies = [
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "opaque-debug",
 "universal-hash",
 ]
@@ -4424,7 +4433,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "opaque-debug",
 "universal-hash",
 ]
@@ -4453,7 +4462,7 @@ dependencies = [
 "nested_enum_utils",
 "netwatch",
 "num_enum",
- "rand 0.8.5",
+ "rand 0.8.6",
 "serde",
 "smallvec",
 "snafu",
@@ -4615,13 +4624,13 @@ dependencies = [

 [[package]]
 name = "proptest"
-version = "1.10.0"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
+checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
 dependencies = [
 "bitflags 2.11.0",
 "num-traits",
- "rand 0.9.2",
+ "rand 0.9.4",
 "rand_chacha 0.9.0",
 "rand_xorshift",
 "regex-syntax",
@@ -4701,7 +4710,7 @@ dependencies = [
 "bytes",
 "getrandom 0.3.3",
 "lru-slab",
- "rand 0.9.2",
+ "rand 0.9.4",
 "ring",
 "rustc-hash",
 "rustls",
@@ -4729,9 +4738,9 @@ dependencies = [

 [[package]]
 name = "quote"
-version = "1.0.44"
+version = "1.0.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4"
+checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
 dependencies = [
 "proc-macro2",
 ]
@@ -4776,9 +4785,9 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
 dependencies = [
 "libc",
 "rand_chacha 0.3.1",
@@ -4787,9 +4796,9 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.9.2"
+version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
 dependencies = [
 "rand_chacha 0.9.0",
 "rand_core 0.9.3",
@@ -5164,7 +5173,7 @@ dependencies = [
 "once_cell",
 "ring",
 "rustls-pki-types",
- "rustls-webpki 0.103.10",
+ "rustls-webpki 0.103.13",
 "subtle",
 "zeroize",
 ]
@@ -5201,9 +5210,9 @@ dependencies = [

 [[package]]
 name = "rustls-webpki"
-version = "0.103.10"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
 "ring",
 "rustls-pki-types",
@@ -5322,7 +5331,7 @@ version = "0.17.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "22c3b0257608d7de4de4c4ea650ccc2e6e3e45e3cd80039fcdee768bcb449253"
 dependencies = [
- "rand 0.9.2",
+ "rand 0.9.4",
 "substring",
 "thiserror 1.0.69",
 "url",
@@ -5508,7 +5517,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f5058ada175748e33390e40e872bd0fe59a19f265d0158daa551c5a88a76009c"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "digest",
 ]

@@ -5519,7 +5528,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "digest",
 ]

@@ -5547,7 +5556,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "digest",
 ]

@@ -5581,7 +5590,7 @@ dependencies = [
 "once_cell",
 "percent-encoding",
 "pin-project",
- "rand 0.9.2",
+ "rand 0.9.4",
 "sendfd",
 "serde",
 "serde_json",
@@ -5611,7 +5620,7 @@ dependencies = [
 "chacha20poly1305",
 "hkdf",
 "md-5",
- "rand 0.9.2",
+ "rand 0.9.4",
 "ring-compat",
 "sha1",
 ]
@@ -5843,7 +5852,7 @@ dependencies = [
 "precis-core",
 "precis-profiles",
 "quoted-string-parser",
- "rand 0.9.2",
+ "rand 0.9.4",
 ]

 [[package]]
@@ -5870,7 +5879,7 @@ dependencies = [
 "hex",
 "parking_lot",
 "pnet_packet",
- "rand 0.8.5",
+ "rand 0.8.6",
 "socket2 0.5.9",
 "thiserror 1.0.69",
 "tokio",
@@ -5988,9 +5997,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"

 [[package]]
 name = "tempfile"
-version = "3.26.0"
+version = "3.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82a72c767771b47409d2345987fda8628641887d5466101319899796367354a0"
+checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
 dependencies = [
 "fastrand",
 "getrandom 0.3.3",
@@ -6144,9 +6153,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.49.0"
+version = "1.50.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86"
+checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d"
 dependencies = [
 "bytes",
 "libc",
@@ -6247,7 +6256,7 @@ dependencies = [
 "getrandom 0.3.3",
 "http 1.1.0",
 "httparse",
- "rand 0.9.2",
+ "rand 0.9.4",
 "ring",
 "rustls-pki-types",
 "simdutf8",
@@ -6403,9 +6412,9 @@ dependencies = [

 [[package]]
 name = "tracing-subscriber"
-version = "0.3.22"
+version = "0.3.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
+checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
 dependencies = [
 "matchers",
 "nu-ansi-term",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "deltachat"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 edition = "2024"
 license = "MPL-2.0"
-rust-version = "1.88"
+rust-version = "1.89"
 repository = "https://github.com/chatmail/core"

 [profile.dev]
@@ -103,7 +103,7 @@ thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-astral-tokio-tar = { version = "0.6", default-features = false }
+astral-tokio-tar = { version = "0.6.1", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"
@@ -181,7 +181,7 @@ harness = false
 anyhow = "1"
 async-channel = "2.5.0"
 base64 = "0.22"
-chrono = { version = "0.4.43", default-features = false }
+chrono = { version = "0.4.44", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
@@ -198,7 +198,7 @@ rusqlite = "0.37"
 sanitize-filename = "0.6"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.25.0"
+tempfile = "3.27.0"
 thiserror = "2"
 tokio = "1"
 tokio-util = "0.7.18"
--- a/STYLE.md
+++ b/STYLE.md
@@ -68,6 +68,12 @@ keyword doesn't help here.
 Consider adding context to `anyhow` errors for SQL statements using `.context()` so that it's
 possible to understand from logs which statement failed. See [Errors](#errors) for more info.

+When changing complex SQL queries, test them on a new database with `EXPLAIN QUERY PLAN`
+to make sure that indexes are used and large tables are not going to be scanned.
+Never run `ANALYZE` on the databases,
+this makes query planner unpredictable
+and may make performance significantly worse: <https://github.com/chatmail/core/issues/6585>
+
 ## Errors

 Delta Chat core mostly uses [`anyhow`](https://docs.rs/anyhow/) errors.
@@ -155,3 +161,16 @@ are documented.

 Follow Rust guidelines for the documentation comments:
 <https://rust-lang.github.io/rfcs/1574-more-api-documentation-conventions.html#summary-sentence>
+
+## Do not use `into()`, `try_into()` or `parse()`
+
+For internal types, implementing `From`, `TryFrom` or `FromStr` is discouraged.
+Instead, a `new()` function is recommended.
+
+For external types, prefer using `Type::from()`, `Type::try_from()` or `Type::from_str()`
+over `into()`, `try_into()` or `parse()`.
+
+Calling `into()`, `try_into()` or `parse()`
+creates an indirection,
+which is hard to follow for people who are not familiar with Rust,
+or who are not using rust-analyzer.
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -364,18 +364,14 @@ uint32_t        dc_get_id                    (dc_context_t* context);
 * To get these events, you have to create an event emitter using this function
 * and call dc_get_next_event() on the emitter.
 *
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
+ *
 * @memberof dc_context_t
 * @param context The context object as created by dc_context_new().
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
- *
- * Note: Use only one event emitter per context.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * may or may not be available to event emitter.
 */
 dc_event_emitter_t* dc_get_event_emitter(dc_context_t* context);

@@ -394,27 +390,9 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 /**
 * Configure the context. The configuration is handled by key=value pairs as:
 *
- * - `addr`         = Email address to use for configuration.
- *                    If dc_configure() fails this is not the email address actually in use.
- *                    Use `configured_addr` to find out the email address actually in use.
- * - `configured_addr` = Email address actually in use.
+ * - `configured_addr` = Email address in use.
 *                    Unless for testing, do not set this value using dc_set_config().
 *                    Instead, set `addr` and call dc_configure().
- * - `mail_server`  = IMAP-server, guessed if left out
- * - `mail_user`    = IMAP-username, guessed if left out
- * - `mail_pw`      = IMAP-password (always needed)
- * - `mail_port`    = IMAP-port, guessed if left out
- * - `mail_security`= IMAP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
- * - `send_server`  = SMTP-server, guessed if left out
- * - `send_user`    = SMTP-user, guessed if left out
- * - `send_pw`      = SMTP-password, guessed if left out
- * - `send_port`    = SMTP-port, guessed if left out
- * - `send_security`= SMTP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
- * - `server_flags` = IMAP-/SMTP-flags as a combination of @ref DC_LP flags, guessed if left out
- * - `proxy_enabled` = Proxy enabled. Disabled by default.
- * - `proxy_url` = Proxy URL. May contain multiple URLs separated by newline, but only the first one is used.
- * - `imap_certificate_checks` = how to check IMAP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
- * - `smtp_certificate_checks` = deprecated option, should be set to the same value as `imap_certificate_checks` but ignored by the new core
 * - `displayname`  = Own name to use when sending messages. MUAs are allowed to spread this way e.g. using CC, defaults to empty
 * - `selfstatus`   = Own status to display, e.g. in e-mail footers, defaults to empty
 * - `selfavatar`   = File containing avatar. Will immediately be copied to the 
@@ -430,20 +408,6 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                    1=send a copy of outgoing messages to self (default).
 *                    Sending messages to self is needed for a proper multi-account setup,
 *                    however, on the other hand, may lead to unwanted notifications in non-delta clients.
- * - `mvbox_move`   = 1=detect chat messages,
- *                    move them to the `DeltaChat` folder,
- *                    and watch the `DeltaChat` folder for updates (default),
- *                    0=do not move chat-messages
- * - `only_fetch_mvbox` = 1=Do not fetch messages from folders other than the
- *                    `DeltaChat` folder. Messages will still be fetched from the
- *                    spam folder.
- *                    0=watch all folders normally (default)
- * - `show_emails`  = DC_SHOW_EMAILS_OFF (0)=
- *                    show direct replies to chats only,
- *                    DC_SHOW_EMAILS_ACCEPTED_CONTACTS (1)=
- *                    also show all mails of confirmed contacts,
- *                    DC_SHOW_EMAILS_ALL (2)=
- *                    also show mails of unconfirmed contacts (default).
 * - `delete_device_after` = 0=do not delete messages from device automatically (default),
 *                    >=1=seconds, after which messages are deleted automatically from the device.
 *                    Messages in the "saved messages" chat (see dc_chat_is_self_talk()) are skipped.
@@ -452,8 +416,7 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 * - `delete_server_after` = 0=do not delete messages from server automatically (default),
 *                    1=delete messages directly after receiving from server, mvbox is skipped.
 *                    >1=seconds, after which messages are deleted automatically from the server, mvbox is used as defined.
- *                    "Saved messages" are deleted from the server as well as
- *                    e-mails matching the `show_emails` settings above, the UI should clearly point that out.
+ *                    "Saved messages" are deleted from the server as well as emails, the UI should clearly point that out.
 *                    See also dc_estimate_deletion_cnt().
 * - `media_quality` = DC_MEDIA_QUALITY_BALANCED (0) =
 *                    good outgoing images/videos/voice quality at reasonable sizes (default)
@@ -525,6 +488,27 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                       1 = Contacts (default, does not include contact requests),
 *                       2 = Nobody (calls never result in a notification).
 *
+ * Also, there are configs that are only needed
+ * if you want to use the deprecated dc_configure() API, such as:
+ *
+ * - `addr`         = Email address to use for configuration.
+ *                    If dc_configure() fails this is not the email address actually in use.
+ *                    Use `configured_addr` to find out the email address actually in use.
+ * - `mail_server`  = IMAP-server, guessed if left out
+ * - `mail_user`    = IMAP-username, guessed if left out
+ * - `mail_pw`      = IMAP-password (always needed)
+ * - `mail_port`    = IMAP-port, guessed if left out
+ * - `mail_security`= IMAP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
+ * - `send_server`  = SMTP-server, guessed if left out
+ * - `send_user`    = SMTP-user, guessed if left out
+ * - `send_pw`      = SMTP-password, guessed if left out
+ * - `send_port`    = SMTP-port, guessed if left out
+ * - `send_security`= SMTP-socket, one of @ref DC_SOCKET, defaults to #DC_SOCKET_AUTO
+ * - `server_flags` = IMAP-/SMTP-flags as a combination of @ref DC_LP flags, guessed if left out
+ * - `proxy_enabled` = Proxy enabled. Disabled by default.
+ * - `proxy_url` = Proxy URL. May contain multiple URLs separated by newline, but only the first one is used.
+ * - `imap_certificate_checks` = how to check IMAP and SMTP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
+
 * If you want to retrieve a value, use dc_get_config().
 *
 * @memberof dc_context_t
@@ -550,9 +534,6 @@ int             dc_set_config                (dc_context_t* context, const char*
 *                    an error (no warning as it should be shown to the user) is logged but the attachment is sent anyway.
 * - `sys.config_keys` = get a space-separated list of all config-keys available.
 *                    The config-keys are the keys that can be passed to the parameter `key` of this function.
- * - `quota_exceeding` = 0: quota is unknown or in normal range;
- *                    >=80: quota is about to exceed, the value is the concrete percentage,
- *                    a device message is added when that happens, however, that value may still be interesting for bots.
 *
 * @memberof dc_context_t
 * @param context The context object. For querying system values, this can be NULL.
@@ -711,6 +692,12 @@ int              dc_get_push_state           (dc_context_t* context);

 /**
 * Configure a context.
+ *
+ * This way of configuring a context is deprecated,
+ * and does not allow to configure multiple transports.
+ * If you can, use the JSON-RPC API (../deltachat-jsonrpc/src/api.rs)
+ * `add_or_update_transport()`/`addOrUpdateTransport()` instead.
+ *
 * During configuration IO must not be started,
 * if needed stop IO using dc_accounts_stop_io() or dc_stop_io() first.
 * If the context is already configured,
@@ -1400,7 +1387,6 @@ dc_msg_t*       dc_get_draft                 (dc_context_t* context, uint32_t ch


 #define         DC_GCM_ADDDAYMARKER          0x01
-#define         DC_GCM_INFO_ONLY             0x02


 /**
@@ -1421,7 +1407,6 @@ dc_msg_t*       dc_get_draft                 (dc_context_t* context, uint32_t ch
 * @param flags If set to DC_GCM_ADDDAYMARKER, the marker DC_MSG_ID_DAYMARKER will
 *     be added before each day (regarding the local timezone). Set this to 0 if you do not want this behaviour.
 *     The day marker timestamp is the midnight one for the corresponding (following) day in the local timezone.
- *     If set to DC_GCM_INFO_ONLY, only system messages will be returned, can be combined with DC_GCM_ADDDAYMARKER.
 * @param marker1before Deprecated, set this to 0.
 * @return Array of message IDs, must be dc_array_unref()'d when no longer used.
 */
@@ -1485,7 +1470,6 @@ dc_chatlist_t*     dc_get_similar_chatlist   (dc_context_t* context, uint32_t ch
 * @param from_server 1=Estimate deletion count for server, 0=Estimate deletion count for device
 * @param seconds Count messages older than the given number of seconds.
 * @return Number of messages that are older than the given number of seconds.
- *     This includes e-mails downloaded due to the `show_emails` option.
 *     Messages in the "saved messages" folder are not counted as they will not be deleted automatically.
 */
 int             dc_estimate_deletion_cnt    (dc_context_t* context, int from_server, int64_t seconds);
@@ -2127,14 +2111,9 @@ int             dc_resend_msgs               (dc_context_t* context, const uint3


 /**
- * Mark messages and reactions to them as presented to the user.
+ * Mark messages as presented to the user.
 * Typically, UIs call this function on scrolling through the message list,
 * when the messages are presented at least for a little moment.
- * UIs should pass all messages to this function, incl. outgoing and info ones, as this is used also
- * for synchronization and to track last position.
- * This should also be called when a reaction for a message being in view arrives.
- * If this is called for already presented messages, unless they have new reactions, nothing
- * happens.
 * The concrete action depends on the type of the chat and on the users settings
 * (dc_msgs_presented() may be a better name therefore, but well. :)
 *
@@ -2836,19 +2815,6 @@ int         dc_set_location                 (dc_context_t* context, double latit
 dc_array_t* dc_get_locations                (dc_context_t* context, uint32_t chat_id, uint32_t contact_id, int64_t timestamp_begin, int64_t timestamp_end);


-/**
- * Delete all locations on the current device.
- * Locations already sent cannot be deleted.
- *
- * Typically results in the event #DC_EVENT_LOCATION_CHANGED
- * with contact_id set to 0.
- *
- * @memberof dc_context_t
- * @param context The context object.
- */
-void        dc_delete_all_locations         (dc_context_t* context);
-
-
 // misc

 /**
@@ -3328,18 +3294,14 @@ void           dc_accounts_set_push_device_token (dc_accounts_t* accounts, const
 * This is similar to dc_get_event_emitter(), which, however,
 * must not be called for accounts handled by the account manager.
 *
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
+ *
 * @memberof dc_accounts_t
 * @param accounts The account manager as created by dc_accounts_new().
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
- *
- * Note: Use only one event emitter per account manager.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
 */
 dc_event_emitter_t* dc_accounts_get_event_emitter (dc_accounts_t* accounts);

@@ -4255,6 +4217,8 @@ char*             dc_msg_get_webxdc_blob      (const dc_msg_t* msg, const char*
 *   true if the Webxdc should get internet access;
 *   this is the case i.e. for experimental maps integration.
 * - self_addr: address to be used for `window.webxdc.selfAddr` in JS land.
+ * - is_app_sender: Define if the local user is the one who initially shared the webxdc application in the chat.
+ * - is_broadcast: Define if the app runs in a broadcasting context.
 * - send_update_interval: Milliseconds to wait before calling `sendUpdate()` again since the last call.
 *   Should be exposed to `webxdc.sendUpdateInterval` in JS land.
 * - send_update_max_size: Maximum number of bytes accepted for a serialized update object.
@@ -4986,17 +4950,6 @@ uint32_t        dc_msg_get_original_msg_id    (const dc_msg_t* msg);
 */
 uint32_t        dc_msg_get_saved_msg_id     (const dc_msg_t* msg);

-
-/**
- * Force the message to be sent in plain text.
- *
- * This API is for bots, there is no need to expose it in the UI.
- *
- * @memberof dc_msg_t
- * @param msg The message object.
- */
-void            dc_msg_force_plaintext        (dc_msg_t* msg);
-
 /**
 * @class dc_contact_t
 *
@@ -5834,7 +5787,7 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
 * These constants configure TLS certificate checks for IMAP and SMTP connections.
 *
 * These constants are set via dc_set_config()
- * using keys "imap_certificate_checks" and "smtp_certificate_checks".
+ * using key "imap_certificate_checks".
 *
 * @addtogroup DC_CERTCK
 * @{
@@ -5984,21 +5937,14 @@ void dc_event_channel_unref(dc_event_channel_t* event_channel);
 * To get these events, you have to create an event emitter using this function
 * and call dc_get_next_event() on the emitter.
 *
- * This is similar to dc_get_event_emitter(), which, however,
- * must not be called for accounts handled by the account manager.
+ * Events are broadcasted to all existing event emitters.
+ * Events emitted before creation of event emitter
+ * are not available to event emitter.
 * 
 * @memberof dc_event_channel_t
 * @param The event channel.
 * @return Returns the event emitter, NULL on errors.
 *     Must be freed using dc_event_emitter_unref() after usage.
- * 
- * Note: Use only one event emitter per account manager / event channel.
- * The result of having multiple event emitters is unspecified.
- * Currently events are broadcasted to all existing event emitters,
- * but previous versions delivered events to only one event emitter
- * and this behavior may change again in the future.
- * Events emitted before creation of event emitter
- * are not available to event emitter.
 */
 dc_event_emitter_t* dc_event_channel_get_event_emitter(dc_event_channel_t* event_channel);

@@ -6454,8 +6400,7 @@ void dc_event_unref(dc_event_t* event);
 * Location of one or more contact has changed.
 *
 * @param data1 (int) contact_id of the contact for which the location has changed.
- *     If the locations of several contacts have been changed,
- *     e.g. after calling dc_delete_all_locations(), this parameter is set to 0.
+ *     If the locations of several contacts have been changed, this parameter is set to 0.
 * @param data2 0
 */
 #define DC_EVENT_LOCATION_CHANGED         2035
@@ -6726,14 +6671,6 @@ void dc_event_unref(dc_event_t* event);
 #define DC_EVENT_DATA2_IS_STRING(e)  ((e)==DC_EVENT_CONFIGURE_PROGRESS || (e)==DC_EVENT_IMEX_FILE_WRITTEN || ((e)>=100 && (e)<=499))


-/*
- * Values for dc_get|set_config("show_emails")
- */
-#define DC_SHOW_EMAILS_OFF               0
-#define DC_SHOW_EMAILS_ACCEPTED_CONTACTS 1
-#define DC_SHOW_EMAILS_ALL               2
-
-
 /*
 * Values for dc_get|set_config("media_quality")
 */
@@ -7068,11 +7005,7 @@ void dc_event_unref(dc_event_t* event);
 /// Used in message summary text for notifications and chatlist.
 #define DC_STR_FORWARDED                  97

-/// "Quota exceeding, already %1$s%% used."
-///
-/// Used as device message text.
-///
-/// `%1$s` will be replaced by the percentage used
+/// @deprecated 2026-04-25
 #define DC_STR_QUOTA_EXCEEDING_MSG_BODY   98

 /// "Multi Device Synchronization"
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -60,7 +60,6 @@ use self::string::*;
 // - finally, this behaviour matches the old core-c API and UIs already depend on it

 const DC_GCM_ADDDAYMARKER: u32 = 0x01;
-const DC_GCM_INFO_ONLY: u32 = 0x02;

 // dc_context_t

@@ -1338,17 +1337,13 @@ pub unsafe extern "C" fn dc_get_chat_msgs(
    }
    let ctx = &*context;

-    let info_only = (flags & DC_GCM_INFO_ONLY) != 0;
    let add_daymarker = (flags & DC_GCM_ADDDAYMARKER) != 0;
    block_on(async move {
        Box::into_raw(Box::new(
            chat::get_chat_msgs_ex(
                ctx,
                ChatId::new(chat_id),
-                MessageListOptions {
-                    info_only,
-                    add_daymarker,
-                },
+                MessageListOptions { add_daymarker },
            )
            .await
            .unwrap_or_log_default(ctx, "failed to get chat msgs")
@@ -2546,7 +2541,7 @@ pub unsafe extern "C" fn dc_send_locations_to_chat(
    }
    let ctx = &*context;

-    block_on(location::send_locations_to_chat(
+    block_on(location::send_to_chat(
        ctx,
        ChatId::new(chat_id),
        seconds as i64,
@@ -2566,14 +2561,14 @@ pub unsafe extern "C" fn dc_is_sending_locations_to_chat(
        return 0;
    }
    let ctx = &*context;
-    let chat_id = if chat_id == 0 {
-        None
+    if chat_id == 0 {
+        block_on(location::is_sending(ctx))
+            .unwrap_or_log_default(ctx, "Failed is_sending_locations()") as libc::c_int
    } else {
-        Some(ChatId::new(chat_id))
-    };
-
-    block_on(location::is_sending_locations_to_chat(ctx, chat_id))
-        .unwrap_or_log_default(ctx, "Failed dc_is_sending_locations_to_chat()") as libc::c_int
+        block_on(location::is_sending_to_chat(ctx, ChatId::new(chat_id)))
+            .unwrap_or_log_default(ctx, "Failed is_sending_locations_to_chat()")
+            as libc::c_int
+    }
 }

 #[no_mangle]
@@ -2589,12 +2584,9 @@ pub unsafe extern "C" fn dc_set_location(
    }
    let ctx = &*context;

-    block_on(async move {
-        location::set(ctx, latitude, longitude, accuracy)
-            .await
-            .log_err(ctx)
-            .unwrap_or_default()
-    }) as libc::c_int
+    block_on(location::set(ctx, latitude, longitude, accuracy))
+        .log_err(ctx)
+        .unwrap_or_default() as libc::c_int
 }

 #[no_mangle]
@@ -2629,23 +2621,6 @@ pub unsafe extern "C" fn dc_get_locations(
    })
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_delete_all_locations(context: *mut dc_context_t) {
-    if context.is_null() {
-        eprintln!("ignoring careless call to dc_delete_all_locations()");
-        return;
-    }
-    let ctx = &*context;
-
-    block_on(async move {
-        location::delete_all(ctx)
-            .await
-            .context("Failed to delete locations")
-            .log_err(ctx)
-            .ok()
-    });
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_create_qr_svg(payload: *const libc::c_char) -> *mut libc::c_char {
    if payload.is_null() {
@@ -2826,7 +2801,7 @@ pub unsafe extern "C" fn dc_array_search_id(
 // Returns 1 if location belongs to the track of the user,
 // 0 if location was reported independently.
 #[no_mangle]
-pub unsafe fn dc_array_is_independent(
+pub unsafe extern "C" fn dc_array_is_independent(
    array: *const dc_array_t,
    index: libc::size_t,
 ) -> libc::c_int {
@@ -4054,16 +4029,6 @@ pub unsafe extern "C" fn dc_msg_get_saved_msg_id(msg: *const dc_msg_t) -> u32 {
    })
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_msg_force_plaintext(msg: *mut dc_msg_t) {
-    if msg.is_null() {
-        eprintln!("ignoring careless call to dc_msg_force_plaintext()");
-        return;
-    }
-    let ffi_msg = &mut *msg;
-    ffi_msg.message.force_plaintext();
-}
-
 // dc_contact_t

 /// FFI struct for [dc_contact_t]
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -678,7 +678,7 @@ impl CommandApi {
        ChatId::new(chat_id).get_fresh_msg_cnt(&ctx).await
    }

-    /// Gets messages to be processed by the bot and returns their IDs.
+    /// (deprecated) Gets messages to be processed by the bot and returns their IDs.
    ///
    /// Only messages with database ID higher than `last_msg_id` config value
    /// are returned. After processing the messages, the bot should
@@ -686,6 +686,13 @@ impl CommandApi {
    /// or manually updating the value to avoid getting already
    /// processed messages.
    ///
+    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
+    /// even if it is not fully downloaded yet.
+    /// The bot needs to wait for the message to be fully downloaded.
+    /// Since this is usually not the desired behavior,
+    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`types::events::EventType::IncomingMsg`]
+    /// event for getting notified about new messages.
+    ///
    /// [`markseen_msgs`]: Self::markseen_msgs
    async fn get_next_msgs(&self, account_id: u32) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
@@ -698,7 +705,7 @@ impl CommandApi {
        Ok(msg_ids)
    }

-    /// Waits for messages to be processed by the bot and returns their IDs.
+    /// (deprecated) Waits for messages to be processed by the bot and returns their IDs.
    ///
    /// This function is similar to [`get_next_msgs`],
    /// but waits for internal new message notification before returning.
@@ -709,6 +716,13 @@ impl CommandApi {
    /// To shutdown the bot, stopping I/O can be used to interrupt
    /// pending or next `wait_next_msgs` call.
    ///
+    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
+    /// even if it is not fully downloaded yet.
+    /// The bot needs to wait for the message to be fully downloaded.
+    /// Since this is usually not the desired behavior,
+    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`types::events::EventType::IncomingMsg`]
+    /// event for getting notified about new messages.
+    ///
    /// [`get_next_msgs`]: Self::get_next_msgs
    async fn wait_next_msgs(&self, account_id: u32) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
@@ -1327,11 +1341,6 @@ impl CommandApi {
    /// Mark messages as presented to the user.
    /// Typically, UIs call this function on scrolling through the message list,
    /// when the messages are presented at least for a little moment.
-    /// UIs should pass all messages to this function, incl. outgoing and info ones, as this is used
-    /// also for synchronization and to track last position.
-    /// This should also be called when a reaction for a message being in view arrives.
-    /// If this is called for already presented messages, unless they have new reactions, nothing
-    /// happens.
    /// The concrete action depends on the type of the chat and on the users settings
    /// (dc_msgs_presented() may be a better name therefore, but well. :)
    ///
@@ -1357,8 +1366,22 @@ impl CommandApi {
        markseen_msgs(&ctx, msg_ids.into_iter().map(MsgId::new).collect()).await
    }

-    /// Returns all messages of a particular chat.
+    /// Get all message IDs belonging to a chat.
    ///
+    /// The list is already sorted and starts with the oldest message.
+    /// Clients should not try to re-sort the list as this would be an expensive action
+    /// and would result in inconsistencies between clients.
+    /// Note that the messages are not necessarily sorted by their ID or by their displayed timestamp;
+    /// UIs need to handle both the case of descending message IDs
+    /// and of decreasing timestamps.
+    ///
+    /// Optionally, 'daymarkers' added to the ID array may help to
+    /// implement virtual lists.
+    ///
+    /// Parameters:
+    ///
+    /// * chat_id The chat ID of which the messages IDs should be queried.
+    /// * _info_only: Deprecated, pass `false` here.
    /// * `add_daymarker` - If `true`, add day markers as `DC_MSG_ID_DAYMARKER` to the result,
    ///   e.g. [1234, 1237, 9, 1239]. The day marker timestamp is the midnight one for the
    ///   corresponding (following) day in the local timezone.
@@ -1366,17 +1389,14 @@ impl CommandApi {
        &self,
        account_id: u32,
        chat_id: u32,
-        info_only: bool,
+        _info_only: bool,
        add_daymarker: bool,
    ) -> Result<Vec<u32>> {
        let ctx = self.get_context(account_id).await?;
        let msg = get_chat_msgs_ex(
            &ctx,
            ChatId::new(chat_id),
-            MessageListOptions {
-                info_only,
-                add_daymarker,
-            },
+            MessageListOptions { add_daymarker },
        )
        .await?;
        Ok(msg
@@ -1408,21 +1428,24 @@ impl CommandApi {
        }
    }

+    /// Get all messages belonging to a chat.
+    ///
+    /// Similar to `get_message_ids` / `getMessageIds`,
+    /// see that function for details.
+    /// The difference is that this function here returns a list of `MessageListItem`,
+    /// which is an enum of a message or a daymarker.
    async fn get_message_list_items(
        &self,
        account_id: u32,
        chat_id: u32,
-        info_only: bool,
+        _info_only: bool,
        add_daymarker: bool,
    ) -> Result<Vec<JsonrpcMessageListItem>> {
        let ctx = self.get_context(account_id).await?;
        let msg = get_chat_msgs_ex(
            &ctx,
            ChatId::new(chat_id),
-            MessageListOptions {
-                info_only,
-                add_daymarker,
-            },
+            MessageListOptions { add_daymarker },
        )
        .await?;
        Ok(msg
@@ -1859,20 +1882,6 @@ impl CommandApi {
        deltachat::contact::make_vcard(&ctx, &contacts).await
    }

-    /// Sets vCard containing the given contacts to the message draft.
-    async fn set_draft_vcard(
-        &self,
-        account_id: u32,
-        msg_id: u32,
-        contacts: Vec<u32>,
-    ) -> Result<()> {
-        let ctx = self.get_context(account_id).await?;
-        let contacts: Vec<_> = contacts.iter().map(|&c| ContactId::new(c)).collect();
-        let mut msg = Message::load_from_db(&ctx, MsgId::new(msg_id)).await?;
-        msg.make_vcard(&ctx, &contacts).await?;
-        msg.get_chat_id().set_draft(&ctx, Some(&mut msg)).await
-    }
-
    // ---------------------------------------------
    //                   chat
    // ---------------------------------------------
@@ -2097,6 +2106,21 @@ impl CommandApi {
    //                  locations
    // ---------------------------------------------

+    /// Sets current location.
+    ///
+    /// Returns true if location streaming is currently
+    /// enabled and locations should be updated.
+    ///
+    /// Location is represented as latitude and longitude in degrees
+    /// and horizontal accuracy in meters.
+    async fn set_location(&self, latitude: f64, longitude: f64, accuracy: f64) -> Result<bool> {
+        self.accounts
+            .read()
+            .await
+            .set_location(latitude, longitude, accuracy)
+            .await
+    }
+
    async fn get_locations(
        &self,
        account_id: u32,
@@ -2119,6 +2143,39 @@ impl CommandApi {
        Ok(locations.into_iter().map(|l| l.into()).collect())
    }

+    /// Enables location streaming in chat identified by `chat_id` for `seconds` seconds.
+    ///
+    /// Pass 0 as the number of seconds to disable location streaming in the chat.
+    async fn send_locations_to_chat(
+        &self,
+        account_id: u32,
+        chat_id: u32,
+        seconds: i64,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        let chat_id = ChatId::new(chat_id);
+        location::send_to_chat(&ctx, chat_id, seconds).await?;
+        Ok(())
+    }
+
+    /// Returns whether any chat is sending locations.
+    async fn is_sending_locations(&self, account_id: u32) -> Result<bool> {
+        let ctx = self.get_context(account_id).await?;
+        location::is_sending(&ctx).await
+    }
+
+    /// Returns whether `chat_id` is sending locations.
+    async fn is_sending_locations_to_chat(&self, account_id: u32, chat_id: u32) -> Result<bool> {
+        let ctx = self.get_context(account_id).await?;
+        let chat_id = ChatId::new(chat_id);
+        location::is_sending_to_chat(&ctx, chat_id).await
+    }
+
+    /// Stops sending locations to all chats.
+    async fn stop_sending_locations(&self) -> Result<()> {
+        self.accounts.read().await.stop_sending_locations().await
+    }
+
    // ---------------------------------------------
    //                   webxdc
    // ---------------------------------------------
@@ -2350,6 +2407,7 @@ impl CommandApi {
        chat::resend_msgs(&ctx, &message_ids).await
    }

+    /// @deprecated as of 2026-04; use `send_msg` with `Viewtype::Sticker` instead.
    async fn send_sticker(
        &self,
        account_id: u32,
@@ -2361,19 +2419,16 @@ impl CommandApi {
        let mut msg = Message::new(Viewtype::Sticker);
        msg.set_file_and_deduplicate(&ctx, Path::new(&sticker_path), None, None)?;

-        // JSON-rpc does not need heuristics to turn [Viewtype::Sticker] into [Viewtype::Image]
-        msg.force_sticker();
-
        let message_id = deltachat::chat::send_msg(&ctx, ChatId::new(chat_id), &mut msg).await?;
        Ok(message_id.to_u32())
    }

-    /// Send a reaction to message.
+    /// Sends a reaction to message.
    ///
-    /// Reaction is a string of emojis separated by spaces. Reaction to a
-    /// single message can be sent multiple times. The last reaction
-    /// received overrides all previously received reactions. It is
-    /// possible to remove all reactions by sending an empty string.
+    /// A reaction is a string that represents an emoji.
+    /// You can call this function again to change the emoji;
+    /// the last sent reaction overrides all previously sent reactions.
+    /// It is possible to remove the reaction by sending an empty string.
    async fn send_reaction(
        &self,
        account_id: u32,
--- a/deltachat-jsonrpc/src/api/types/login_param.rs
+++ b/deltachat-jsonrpc/src/api/types/login_param.rs
@@ -33,6 +33,12 @@ pub struct EnteredLoginParam {
    /// Imap server port.
    pub imap_port: Option<u16>,

+    /// IMAP server folder.
+    ///
+    /// Defaults to "INBOX" if not set.
+    /// Should not be an empty string.
+    pub imap_folder: Option<String>,
+
    /// Imap socket security.
    pub imap_security: Option<Socket>,

@@ -85,6 +91,7 @@ impl From<dc::EnteredLoginParam> for EnteredLoginParam {
            password: param.imap.password,
            imap_server: param.imap.server.into_option(),
            imap_port: param.imap.port.into_option(),
+            imap_folder: param.imap.folder.into_option(),
            imap_security: imap_security.into_option(),
            imap_user: param.imap.user.into_option(),
            smtp_server: param.smtp.server.into_option(),
@@ -104,14 +111,15 @@ impl TryFrom<EnteredLoginParam> for dc::EnteredLoginParam {
    fn try_from(param: EnteredLoginParam) -> Result<Self> {
        Ok(Self {
            addr: param.addr,
-            imap: dc::EnteredServerLoginParam {
+            imap: dc::EnteredImapLoginParam {
                server: param.imap_server.unwrap_or_default(),
                port: param.imap_port.unwrap_or_default(),
+                folder: param.imap_folder.unwrap_or_default(),
                security: param.imap_security.unwrap_or_default().into(),
                user: param.imap_user.unwrap_or_default(),
                password: param.password,
            },
-            smtp: dc::EnteredServerLoginParam {
+            smtp: dc::EnteredSmtpLoginParam {
                server: param.smtp_server.unwrap_or_default(),
                port: param.smtp_port.unwrap_or_default(),
                security: param.smtp_security.unwrap_or_default().into(),
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -287,8 +287,6 @@ pub enum MessageViewtype {
    Gif,

    /// Message containing a sticker, similar to image.
-    /// NB: When sending, the message viewtype may be changed to `Image` by some heuristics like
-    /// checking for transparent pixels. Use `Message::force_sticker()` to disable them.
    ///
    /// If possible, the ui should display the image without borders in a transparent way.
    /// A click on a sticker will offer to install the sticker set in some future.
--- a/deltachat-jsonrpc/src/api/types/qr.rs
+++ b/deltachat-jsonrpc/src/api/types/qr.rs
@@ -238,7 +238,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::AskVerifyContact {
                    contact_id,
                    fingerprint,
@@ -257,7 +257,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::AskVerifyGroup {
                    grpname,
                    grpid,
@@ -278,7 +278,7 @@ impl From<Qr> for QrObject {
                is_v3,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::AskJoinBroadcast {
                    name,
                    grpid,
@@ -321,7 +321,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::WithdrawVerifyContact {
                    contact_id,
                    fingerprint,
@@ -338,7 +338,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::WithdrawVerifyGroup {
                    grpname,
                    grpid,
@@ -357,7 +357,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::WithdrawJoinBroadcast {
                    name,
                    grpid,
@@ -374,7 +374,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::ReviveVerifyContact {
                    contact_id,
                    fingerprint,
@@ -391,7 +391,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::ReviveVerifyGroup {
                    grpname,
                    grpid,
@@ -410,7 +410,7 @@ impl From<Qr> for QrObject {
                authcode,
            } => {
                let contact_id = contact_id.to_u32();
-                let fingerprint = fingerprint.to_string();
+                let fingerprint = fingerprint.human_readable();
                QrObject::ReviveJoinBroadcast {
                    name,
                    grpid,
--- a/deltachat-jsonrpc/src/api/types/reactions.rs
+++ b/deltachat-jsonrpc/src/api/types/reactions.rs
@@ -24,6 +24,8 @@ pub struct JsonrpcReaction {
 #[serde(rename = "Reactions", rename_all = "camelCase")]
 pub struct JsonrpcReactions {
    /// Map from a contact to it's reaction to message.
+    /// There is only a single reaction per contact,
+    /// but this contains a list of reactions for historical reasons.
    reactions_by_contact: BTreeMap<u32, Vec<String>>,
    /// Unique reactions and their count, sorted in descending order.
    reactions: Vec<JsonrpcReaction>,
@@ -31,27 +33,16 @@ pub struct JsonrpcReactions {

 impl From<Reactions> for JsonrpcReactions {
    fn from(reactions: Reactions) -> Self {
-        let mut reactions_by_contact: BTreeMap<u32, Vec<String>> = BTreeMap::new();
-
-        for contact_id in reactions.contacts() {
-            let reaction = reactions.get(contact_id);
-            if reaction.is_empty() {
-                continue;
-            }
-            let emojis: Vec<String> = reaction
-                .emojis()
-                .into_iter()
-                .map(|emoji| emoji.to_owned())
-                .collect();
-            reactions_by_contact.insert(contact_id.to_u32(), emojis.clone());
-        }
-
-        let self_reactions = reactions_by_contact.get(&ContactId::SELF.to_u32());
+        let reactions_by_contact: BTreeMap<u32, Vec<String>> = reactions
+            .iter()
+            .map(|(key, value)| (key.to_u32(), vec![value.as_str().to_string()]))
+            .collect();
+        let self_reaction = reactions_by_contact.get(&ContactId::SELF.to_u32());

        let mut reactions_v = Vec::new();
        for (emoji, count) in reactions.emoji_sorted_by_frequency() {
-            let is_from_self = if let Some(self_reactions) = self_reactions {
-                self_reactions.contains(&emoji)
+            let is_from_self = if let Some(self_reaction) = self_reaction {
+                self_reaction.contains(&emoji)
            } else {
                false
            };
--- a/deltachat-jsonrpc/src/api/types/webxdc.rs
+++ b/deltachat-jsonrpc/src/api/types/webxdc.rs
@@ -37,6 +37,10 @@ pub struct WebxdcMessageInfo {
    internet_access: bool,
    /// Address to be used for `window.webxdc.selfAddr` in JS land.
    self_addr: String,
+    /// Define if the local user is the one who initially shared the webxdc application in the chat.
+    is_app_sender: bool,
+    /// Define if the app runs in a broadcasting context.
+    is_broadcast: bool,
    /// Milliseconds to wait before calling `sendUpdate()` again since the last call.
    /// Should be exposed to `window.sendUpdateInterval` in JS land.
    send_update_interval: usize,
@@ -60,6 +64,8 @@ impl WebxdcMessageInfo {
            request_integration: _,
            internet_access,
            self_addr,
+            is_app_sender,
+            is_broadcast,
            send_update_interval,
            send_update_max_size,
        } = message.get_webxdc_info(context).await?;
@@ -72,6 +78,8 @@ impl WebxdcMessageInfo {
            source_code_url: maybe_empty_string_to_option(source_code_url),
            internet_access,
            self_addr,
+            is_app_sender,
+            is_broadcast,
            send_update_interval,
            send_update_max_size,
        })
--- a/deltachat-jsonrpc/src/lib.rs
+++ b/deltachat-jsonrpc/src/lib.rs
@@ -85,7 +85,7 @@ mod tests {
            assert_eq!(result, response.to_owned());
        }
        {
-            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":"","smtp_certificate_checks":""}]}"#;
+            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":""}]}"#;
            let response = r#"{"jsonrpc":"2.0","id":2,"result":null}"#;
            session.handle_incoming(request).await;
            let result = receiver.recv().await?;
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.48.0-dev"
+  "version": "2.50.0-dev"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -345,7 +345,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 chatinfo\n\
                 sendlocations <seconds>\n\
                 setlocation <lat> <lng>\n\
-                 dellocations\n\
                 getlocations [<contact-id>]\n\
                 send <text>\n\
                 send-sync <text>\n\
@@ -574,7 +573,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                    );
                }
            }
-            if location::is_sending_locations_to_chat(&context, None).await? {
+            if location::is_sending(&context).await? {
                println!("Location streaming enabled.");
            }
            println!("{cnt} chats");
@@ -623,7 +622,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                &context,
                sel_chat.get_id(),
                chat::MessageListOptions {
-                    info_only: false,
                    add_daymarker: true,
                },
            )
@@ -782,11 +780,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu

            println!(
                "Location streaming: {}",
-                location::is_sending_locations_to_chat(
-                    &context,
-                    Some(sel_chat.as_ref().unwrap().get_id())
-                )
-                .await?,
+                location::is_sending_to_chat(&context, sel_chat.as_ref().unwrap().get_id()).await?,
            );
        }
        "getlocations" => {
@@ -826,12 +820,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            ensure!(!arg1.is_empty(), "No timeout given.");

            let seconds = arg1.parse()?;
-            location::send_locations_to_chat(
-                &context,
-                sel_chat.as_ref().unwrap().get_id(),
-                seconds,
-            )
-            .await?;
+            location::send_to_chat(&context, sel_chat.as_ref().unwrap().get_id(), seconds).await?;
            println!(
                "Locations will be sent to Chat#{} for {} seconds. Use 'setlocation <lat> <lng>' to play around.",
                sel_chat.as_ref().unwrap().get_id(),
@@ -853,9 +842,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                println!("Success, streaming can be stopped.");
            }
        }
-        "dellocations" => {
-            location::delete_all(&context).await?;
-        }
        "send" => {
            ensure!(sel_chat.is_some(), "No chat selected.");
            ensure!(!arg1.is_empty(), "No message text given.");
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -176,7 +176,7 @@ const DB_COMMANDS: [&str; 11] = [
    "housekeeping",
 ];

-const CHAT_COMMANDS: [&str; 40] = [
+const CHAT_COMMANDS: [&str; 39] = [
    "listchats",
    "listarchived",
    "start-realtime",
@@ -194,7 +194,6 @@ const CHAT_COMMANDS: [&str; 40] = [
    "chatinfo",
    "sendlocations",
    "setlocation",
-    "dellocations",
    "getlocations",
    "send",
    "send-sync",
--- a/deltachat-rpc-client/examples/echobot_no_hooks.py
+++ b/deltachat-rpc-client/examples/echobot_no_hooks.py
@@ -13,7 +13,7 @@ def main():
    with Rpc() as rpc:
        deltachat = DeltaChat(rpc)
        system_info = deltachat.get_system_info()
-        logging.info("Running deltachat core %s", system_info["deltachat_core_version"])
+        logging.info(f"Running deltachat core {system_info['deltachat_core_version']}")

        accounts = deltachat.get_all_accounts()
        account = accounts[0] if accounts else deltachat.add_account()
@@ -21,36 +21,30 @@ def main():
        account.set_config("bot", "1")
        if not account.is_configured():
            logging.info("Account is not configured, configuring")
-            account.set_config("addr", sys.argv[1])
-            account.set_config("mail_pw", sys.argv[2])
-            account.configure()
+            account.add_or_update_transport({"addr": sys.argv[1], "password": sys.argv[2]})
            logging.info("Configured")
        else:
            logging.info("Account is already configured")
            deltachat.start_io()

-        def process_messages():
-            for message in account.get_next_messages():
+        qr = account.get_qr_code()
+        logging.info(f"Invite link: {qr}")
+        while True:
+            event = account.wait_for_event()
+            if event.kind == EventType.INFO:
+                logging.info(event["msg"])
+            elif event.kind == EventType.WARNING:
+                logging.warning(event["msg"])
+            elif event.kind == EventType.ERROR:
+                logging.error(event["msg"])
+            elif event.kind == EventType.INCOMING_MSG:
+                logging.info("Got an incoming message")
+                message = account.get_message_by_id(event.msg_id)
                snapshot = message.get_snapshot()
                if snapshot.from_id != SpecialContactId.SELF and not snapshot.is_bot and not snapshot.is_info:
                    snapshot.chat.send_text(snapshot.text)
                snapshot.message.mark_seen()

-        # Process old messages.
-        process_messages()
-
-        while True:
-            event = account.wait_for_event()
-            if event["kind"] == EventType.INFO:
-                logging.info("%s", event["msg"])
-            elif event["kind"] == EventType.WARNING:
-                logging.warning("%s", event["msg"])
-            elif event["kind"] == EventType.ERROR:
-                logging.error("%s", event["msg"])
-            elif event["kind"] == EventType.INCOMING_MSG:
-                logging.info("Got an incoming message")
-                process_messages()
-

 if __name__ == "__main__":
    logging.basicConfig(level=logging.INFO)
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -5,7 +5,6 @@ from __future__ import annotations
 import json
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Optional, Union
-from warnings import warn

 from ._utils import AttrDict, futuremethod
 from .chat import Chat
@@ -392,8 +391,7 @@ class Account:
        """Return the list of fresh messages, newest messages first.

        This call is intended for displaying notifications.
-        If you are writing a bot, use `get_fresh_messages_in_arrival_order()` instead,
-        to process oldest messages first.
+        If you are writing a bot, process "incoming message" events instead.
        """
        fresh_msg_ids = self._rpc.get_fresh_msgs(self.id)
        return [Message(self, msg_id) for msg_id in fresh_msg_ids]
@@ -405,7 +403,15 @@ class Account:

    @futuremethod
    def wait_next_messages(self) -> list[Message]:
-        """Wait for new messages and return a list of them."""
+        """(deprecated) Wait for new messages and return a list of them. Meant for bots.
+
+        Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
+        even if it is not fully downloaded yet.
+        The bot needs to wait for the message to be fully downloaded.
+        Since this is usually not the desired behavior,
+        bots should instead use the `EventType.INCOMING_MSG`
+        event for getting notified about new messages.
+        """
        next_msg_ids = yield self._rpc.wait_next_msgs.future(self.id)
        return [Message(self, msg_id) for msg_id in next_msg_ids]

@@ -455,16 +461,6 @@ class Account:
        """Wait for reaction change event."""
        return self.wait_for_event(EventType.REACTIONS_CHANGED)

-    def get_fresh_messages_in_arrival_order(self) -> list[Message]:
-        """Return fresh messages list sorted in the order of their arrival, with ascending IDs."""
-        warn(
-            "get_fresh_messages_in_arrival_order is deprecated, use get_next_messages instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        fresh_msg_ids = sorted(self._rpc.get_fresh_msgs(self.id))
-        return [Message(self, msg_id) for msg_id in fresh_msg_ids]
-
    def export_backup(self, path, passphrase: str = "") -> None:
        """Export backup."""
        self._rpc.export_backup(self.id, str(path), passphrase)
@@ -487,3 +483,7 @@ class Account:
        """Return ICE servers for WebRTC configuration."""
        ice_servers_json = self._rpc.ice_servers(self.id)
        return json.loads(ice_servers_json)
+
+    def is_sending_locations(self) -> bool:
+        """Return True if sending locations to any chat."""
+        return self._rpc.is_sending_locations(self.id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
@@ -164,7 +164,7 @@ class Chat:
        return Message(self.account, msg_id)

    def send_sticker(self, path: str) -> Message:
-        """Send an sticker and return the resulting Message instance."""
+        """Deprecated as of 2026-04; use `send_message` with `Viewtype.STICKER` instead."""
        msg_id = self._rpc.send_sticker(self.account.id, self.id, path)
        return Message(self.account, msg_id)

@@ -206,9 +206,9 @@ class Chat:
        snapshot["message"] = Message(self.account, snapshot.id)
        return snapshot

-    def get_messages(self, info_only: bool = False, add_daymarker: bool = False) -> list[Message]:
+    def get_messages(self, add_daymarker: bool = False) -> list[Message]:
        """Get the list of messages in this chat."""
-        msgs = self._rpc.get_message_ids(self.account.id, self.id, info_only, add_daymarker)
+        msgs = self._rpc.get_message_ids(self.account.id, self.id, False, add_daymarker)
        return [Message(self.account, msg_id) for msg_id in msgs]

    def get_fresh_message_count(self) -> int:
@@ -277,6 +277,16 @@ class Chat:
        """Remove profile image of this chat."""
        self._rpc.set_chat_profile_image(self.account.id, self.id, None)

+    def send_locations(self, seconds) -> None:
+        """Enable location streaming in the chat for the given number of seconds.
+
+        Pass 0 to disable location streaming."""
+        self._rpc.send_locations_to_chat(self.account.id, self.id, seconds)
+
+    def is_sending_locations(self) -> bool:
+        """Return True if sending locations to this chat."""
+        return self._rpc.is_sending_locations_to_chat(self.account.id, self.id)
+
    def get_locations(
        self,
        contact: Optional[Contact] = None,
--- a/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
@@ -59,3 +59,11 @@ class DeltaChat:
    def set_translations(self, translations: dict[str, str]) -> None:
        """Set stock translation strings."""
        self.rpc.set_stock_strings(translations)
+
+    def set_location(self, latitude, longitude, accuracy) -> bool:
+        """Set location, return True if location streaming should continue."""
+        return self.rpc.set_location(latitude, longitude, accuracy)
+
+    def stop_sending_locations(self) -> None:
+        """Stop sending locations to all chats."""
+        return self.rpc.stop_sending_locations()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -25,7 +25,14 @@ class Message:
        return self.account._rpc

    def send_reaction(self, *reaction: str) -> "Message":
-        """Send a reaction to this message."""
+        """
+        Sends a reaction to message.
+
+        A reaction is a string that represents an emoji.
+        You can call this function again to change the emoji;
+        the last sent reaction overrides all previously sent reactions.
+        It is possible to remove the reaction by sending an empty string.
+        """
        msg_id = self._rpc.send_reaction(self.account.id, self.id, reaction)
        return Message(self.account, msg_id)

--- a/deltachat-rpc-client/tests/test_folders.py
+++ b/deltachat-rpc-client/tests/test_folders.py
@@ -1,104 +1,26 @@
-import logging
 import re
-import time

-import pytest
 from imap_tools import AND, U

-from deltachat_rpc_client import Contact, EventType, Message
+from deltachat_rpc_client import EventType


-def test_move_works(acfactory, direct_imap):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.create_folder("DeltaChat")
-    ac2.set_config("mvbox_move", "1")
-    ac2.bring_online()
-
-    chat = ac1.create_chat(ac2)
-    chat.send_text("message1")
-
-    # Message is moved to the movebox
-    ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
-
-    # Message is downloaded
-    msg = ac2.wait_for_incoming_msg().get_snapshot()
-    assert msg.text == "message1"
-
-
-def test_reactions_for_a_reordering_move(acfactory, direct_imap):
-    """When a batch of messages is moved from Inbox to DeltaChat folder with a single MOVE command,
-    their UIDs may be reordered (e.g. Gmail is known for that) which led to that messages were
-    processed by receive_imf in the wrong order, and, particularly, reactions were processed before
-    messages they refer to and thus dropped.
-    """
-    (ac1,) = acfactory.get_online_accounts(1)
+def test_moved_markseen(acfactory, direct_imap, log):
+    """Test that message already moved to DeltaChat folder is marked as seen."""
+    ac1 = acfactory.get_online_account()

    addr, password = acfactory.get_credentials()
    ac2 = acfactory.get_unconfigured_account()
    ac2.add_or_update_transport({"addr": addr, "password": password})
-    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.create_folder("DeltaChat")
-    ac2.set_config("mvbox_move", "1")
-    assert ac2.is_configured()
-
    ac2.bring_online()
-    chat1 = acfactory.get_accepted_chat(ac1, ac2)
-    ac2.stop_io()

-    logging.info("sending message + reaction from ac1 to ac2")
-    msg1 = chat1.send_text("hi")
-    msg1.wait_until_delivered()
-    # It's is sad, but messages must differ in their INTERNALDATEs to be processed in the correct
-    # order by DC, and most (if not all) mail servers provide only seconds precision.
-    time.sleep(1.1)
-    react_str = "\N{THUMBS UP SIGN}"
-    msg1.send_reaction(react_str).wait_until_delivered()
-
-    logging.info("moving messages to ac2's DeltaChat folder in the reverse order")
-    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.connect()
-    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()], reverse=True):
-        ac2_direct_imap.conn.move(uid, "DeltaChat")
-
-    logging.info("receiving messages by ac2")
-    ac2.start_io()
-    msg2 = Message(ac2, ac2.wait_for_reactions_changed().msg_id)
-    assert msg2.get_snapshot().text == msg1.get_snapshot().text
-    reactions = msg2.get_reactions()
-    contacts = [Contact(ac2, int(i)) for i in reactions.reactions_by_contact]
-    assert len(contacts) == 1
-    assert contacts[0].get_snapshot().address == ac1.get_config("addr")
-    assert list(reactions.reactions_by_contact.values())[0] == [react_str]
-
-
-def test_move_works_on_self_sent(acfactory, direct_imap):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-
-    # Create and enable movebox.
-    ac1_direct_imap = direct_imap(ac1)
-    ac1_direct_imap.create_folder("DeltaChat")
-    ac1.set_config("mvbox_move", "1")
-    ac1.set_config("bcc_self", "1")
-    ac1.bring_online()
-
-    chat = ac1.create_chat(ac2)
-    chat.send_text("message1")
-    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
-    chat.send_text("message2")
-    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
-    chat.send_text("message3")
-    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
-
-
-def test_moved_markseen(acfactory, direct_imap):
-    """Test that message already moved to DeltaChat folder is marked as seen."""
-    ac1, ac2 = acfactory.get_online_accounts(2)
+    log.section("ac2: creating DeltaChat folder")
    ac2_direct_imap = direct_imap(ac2)
    ac2_direct_imap.create_folder("DeltaChat")
-    ac2.set_config("mvbox_move", "1")
    ac2.set_config("delete_server_after", "0")
    ac2.set_config("sync_msgs", "0")  # Do not send a sync message when accepting a contact request.
+
+    ac2.add_or_update_transport({"addr": addr, "password": password, "imapFolder": "DeltaChat"})
    ac2.bring_online()

    ac2.stop_io()
@@ -108,6 +30,7 @@ def test_moved_markseen(acfactory, direct_imap):
        idle2.wait_for_new_message()

    # Emulate moving of the message to DeltaChat folder by Sieve rule.
+    log.section("ac2: moving message into DeltaChat folder")
    ac2_direct_imap.conn.move(["*"], "DeltaChat")
    ac2_direct_imap.select_folder("DeltaChat")
    assert len(list(ac2_direct_imap.conn.fetch("*", mark_seen=False))) == 1
@@ -131,17 +54,11 @@ def test_moved_markseen(acfactory, direct_imap):
    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True, uid=U(1, "*")), mark_seen=False))) == 1


-@pytest.mark.parametrize("mvbox_move", [True, False])
-def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
+def test_markseen_message_and_mdn(acfactory, direct_imap):
    ac1, ac2 = acfactory.get_online_accounts(2)

    for ac in ac1, ac2:
        ac.set_config("delete_server_after", "0")
-        if mvbox_move:
-            ac_direct_imap = direct_imap(ac)
-            ac_direct_imap.create_folder("DeltaChat")
-            ac.set_config("mvbox_move", "1")
-            ac.bring_online()

    # Do not send BCC to self, we only want to test MDN on ac1.
    ac1.set_config("bcc_self", "0")
@@ -150,10 +67,7 @@ def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
    msg = ac2.wait_for_incoming_msg()
    msg.mark_seen()

-    if mvbox_move:
-        rex = re.compile("Marked messages [0-9]+ in folder DeltaChat as seen.")
-    else:
-        rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")
+    rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")

    for ac in ac1, ac2:
        while True:
@@ -161,12 +75,11 @@ def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
            if event.kind == EventType.INFO and rex.search(event.msg):
                break

-    folder = "mvbox" if mvbox_move else "inbox"
    ac1_direct_imap = direct_imap(ac1)
    ac2_direct_imap = direct_imap(ac2)

-    ac1_direct_imap.select_config_folder(folder)
-    ac2_direct_imap.select_config_folder(folder)
+    ac1_direct_imap.select_folder("INBOX")
+    ac2_direct_imap.select_folder("INBOX")

    # Check that the mdn is marked as seen
    assert len(list(ac1_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1
--- a/deltachat-rpc-client/tests/test_location.py
+++ b/deltachat-rpc-client/tests/test_location.py
@@ -0,0 +1,32 @@
+def test_set_location(dc, acfactory) -> None:
+    # Try setting location without any accounts.
+    assert not dc.set_location(1.0, 2.0, 0.1)
+
+    # Create one account that does not stream,
+    # set location.
+    acfactory.new_configured_account()
+    assert not dc.set_location(3.0, 4.0, 0.1)
+
+
+def test_send_locations_to_chat(dc, acfactory):
+    alice, bob = acfactory.get_online_accounts(2)
+
+    assert not alice.is_sending_locations()
+    alice_chat_bob = alice.create_chat(bob)
+    assert not alice_chat_bob.is_sending_locations()
+
+    # Test starting and stopping location streaming in a chat.
+    alice_chat_bob.send_locations(3600)
+    assert alice.is_sending_locations()
+    assert alice_chat_bob.is_sending_locations()
+    alice_chat_bob.send_locations(0)
+    assert not alice.is_sending_locations()
+    assert not alice_chat_bob.is_sending_locations()
+
+    # Test stop_sending_locations() for all accounts and chats.
+    alice_chat_bob.send_locations(3600)
+    assert alice.is_sending_locations()
+    assert alice_chat_bob.is_sending_locations()
+    dc.stop_sending_locations()
+    assert not alice.is_sending_locations()
+    assert not alice_chat_bob.is_sending_locations()
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -9,12 +9,6 @@ def test_add_second_address(acfactory) -> None:
    account = acfactory.new_configured_account()
    assert len(account.list_transports()) == 1

-    # When the first transport is created,
-    # mvbox_move and only_fetch_mvbox should be disabled.
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("only_fetch_mvbox") == "0"
-    assert account.get_config("show_emails") == "2"
-
    qr = acfactory.get_account_qr()
    account.add_transport_from_qr(qr)
    assert len(account.list_transports()) == 2
@@ -32,44 +26,6 @@ def test_add_second_address(acfactory) -> None:
    account.delete_transport(second_addr)
    assert len(account.list_transports()) == 2

-    # Enabling mvbox_move or only_fetch_mvbox
-    # is not allowed when multi-transport is enabled.
-    for option in ["mvbox_move", "only_fetch_mvbox"]:
-        with pytest.raises(JsonRpcError):
-            account.set_config(option, "1")
-
-    # show_emails does not matter for multi-relay, can be set to anything
-    account.set_config("show_emails", "0")
-
-
-@pytest.mark.parametrize("key", ["mvbox_move", "only_fetch_mvbox"])
-def test_no_second_transport_with_mvbox(acfactory, key) -> None:
-    """Test that second transport cannot be configured if mvbox is used."""
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("only_fetch_mvbox") == "0"
-
-    qr = acfactory.get_account_qr()
-    account.set_config(key, "1")
-
-    with pytest.raises(JsonRpcError):
-        account.add_transport_from_qr(qr)
-
-
-def test_second_transport_without_classic_emails(acfactory) -> None:
-    """Test that second transport can be configured if classic emails are not fetched."""
-    account = acfactory.new_configured_account()
-    assert len(account.list_transports()) == 1
-
-    assert account.get_config("show_emails") == "2"
-
-    qr = acfactory.get_account_qr()
-    account.set_config("show_emails", "0")
-
-    account.add_transport_from_qr(qr)
-

 def test_change_address(acfactory) -> None:
    """Test Alice configuring a second transport and setting it as a primary one."""
@@ -147,44 +103,13 @@ def test_download_on_demand(acfactory) -> None:
        assert msg.get_snapshot().download_state == dstate


-@pytest.mark.parametrize("is_chatmail", ["0", "1"])
-def test_mvbox_move_first_transport(acfactory, is_chatmail) -> None:
-    """Test that mvbox_move is disabled by default even for non-chatmail accounts.
-    Disabling mvbox_move is required to be able to setup a second transport.
-    """
-    account = acfactory.get_unconfigured_account()
-
-    account.set_config("fix_is_chatmail", "1")
-    account.set_config("is_chatmail", is_chatmail)
-
-    # The default value when the setting is unset is "1".
-    # This is not changed for compatibility with old databases
-    # imported from backups.
-    assert account.get_config("mvbox_move") == "1"
-
-    qr = acfactory.get_account_qr()
-    account.add_transport_from_qr(qr)
-
-    # Once the first transport is set up,
-    # mvbox_move is disabled.
-    assert account.get_config("mvbox_move") == "0"
-    assert account.get_config("is_chatmail") == is_chatmail
-
-
 def test_reconfigure_transport(acfactory) -> None:
-    """Test that reconfiguring the transport works
-    even if settings not supported for multi-transport
-    like mvbox_move are enabled."""
+    """Test that reconfiguring the transport works."""
    account = acfactory.get_online_account()
-    account.set_config("mvbox_move", "1")

    [transport] = account.list_transports()
    account.add_or_update_transport(transport)

-    # Reconfiguring the transport should not reset
-    # the settings as if when configuring the first transport.
-    assert account.get_config("mvbox_move") == "1"
-

 def test_transport_synchronization(acfactory, log) -> None:
    """Test synchronization of transports between devices."""
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -416,32 +416,27 @@ def test_dont_move_sync_msgs(acfactory, direct_imap):
        time.sleep(1)


-@pytest.mark.parametrize("chat_noticed", [False, True])
-def test_reaction_seen_on_another_dev(acfactory, chat_noticed) -> None:
+def test_reaction_seen_on_another_dev(acfactory) -> None:
    alice, bob = acfactory.get_online_accounts(2)
    alice2 = alice.clone()
    alice2.start_io()

    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()
-    alice_msg = alice_chat_bob.send_text("Hello!")
+    alice_chat_bob.send_text("Hello!")

    event = bob.wait_for_incoming_msg_event()
    msg_id = event.msg_id

-    bob_msg = bob.get_message_by_id(msg_id)
-    snapshot = bob_msg.get_snapshot()
+    message = bob.get_message_by_id(msg_id)
+    snapshot = message.get_snapshot()
    snapshot.chat.accept()
-    bob_msg.send_reaction("😎")
+    message.send_reaction("😎")
    for a in [alice, alice2]:
        a.wait_for_event(EventType.INCOMING_REACTION)

    alice2.clear_all_events()
-    if chat_noticed:
-        alice_chat_bob.mark_noticed()
-    else:
-        # UIs are supposed to mark messages being in view as seen, not reactions themselves.
-        alice_msg.mark_seen()
+    alice_chat_bob.mark_noticed()
    chat_id = alice2.wait_for_event(EventType.MSGS_NOTICED).chat_id
    alice2_chat_bob = alice2.create_chat(bob)
    assert chat_id == alice2_chat_bob.id
@@ -1052,6 +1047,7 @@ def test_no_old_msg_is_fresh(acfactory):
    assert ac1.create_chat(ac2).get_fresh_message_count() == 1
    assert len(list(ac1.get_fresh_messages())) == 1

+    ac1_clone.wait_for_incoming_msg_event()
    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)

    logging.info("Send a message from ac1_clone to ac2 and check that ac1 marks the first message as 'noticed'")
--- a/deltachat-rpc-client/tests/test_webxdc.py
+++ b/deltachat-rpc-client/tests/test_webxdc.py
@@ -18,6 +18,8 @@ def test_webxdc(acfactory) -> None:
        "sourceCodeUrl": None,
        "summary": None,
        "selfAddr": webxdc_info["selfAddr"],
+        "isAppSender": False,
+        "isBroadcast": False,
        "sendUpdateInterval": 1000,
        "sendUpdateMaxSize": 18874368,
    }
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/README.md
+++ b/deltachat-rpc-server/npm-package/README.md
@@ -18,7 +18,7 @@ import { startDeltaChat } from "@deltachat/stdio-rpc-server";
 import { C } from "@deltachat/jsonrpc-client";

 async function main() {
-    const dc = await startDeltaChat("deltachat-data");
+    const dc = startDeltaChat("deltachat-data");
    console.log(await dc.rpc.getSystemInfo());
    dc.close()
 }
--- a/deltachat-rpc-server/npm-package/index.d.ts
+++ b/deltachat-rpc-server/npm-package/index.d.ts
@@ -15,7 +15,7 @@ export interface SearchOptions {
 */
 export function getRPCServerPath(
  options?: Partial<SearchOptions>
-): Promise<string>;
+): string;



@@ -33,8 +33,15 @@ export interface StartOptions {
 * @param directory directory for accounts folder
 * @param options 
 */
-export function startDeltaChat(directory: string, options?: Partial<SearchOptions & StartOptions> ): Promise<DeltaChatOverJsonRpcServer>
+export function startDeltaChat(directory: string, options?: Partial<SearchOptions & StartOptions> ): DeltaChatOverJsonRpcServer

+export class DeltaChatOverJsonRpc extends StdioDeltaChat {
+  constructor(
+    directory: string,
+    options?: Partial<SearchOptions & StartOptions>
+  );
+  readonly pathToServerBinary: string;
+}

 export namespace FnTypes {
    export type getRPCServerPath = typeof getRPCServerPath
--- a/deltachat-rpc-server/npm-package/index.js
+++ b/deltachat-rpc-server/npm-package/index.js
@@ -1,6 +1,6 @@
 //@ts-check
 import { spawn } from "node:child_process";
-import { stat } from "node:fs/promises";
+import { statSync } from "node:fs";
 import os from "node:os";
 import process from "node:process";
 import { ENV_VAR_NAME, PATH_EXECUTABLE_NAME } from "./src/const.js";
@@ -36,7 +36,7 @@ function findRPCServerInNodeModules() {
 }

 /** @type {import("./index").FnTypes.getRPCServerPath} */
-export async function getRPCServerPath(options = {}) {
+export function getRPCServerPath(options = {}) {
  const { takeVersionFromPATH, disableEnvPath } = {
    takeVersionFromPATH: false,
    disableEnvPath: false,
@@ -45,7 +45,7 @@ export async function getRPCServerPath(options = {}) {
  // 1. check if it is set as env var
  if (process.env[ENV_VAR_NAME] && !disableEnvPath) {
    try {
-      if (!(await stat(process.env[ENV_VAR_NAME])).isFile()) {
+      if (!statSync(process.env[ENV_VAR_NAME]).isFile()) {
        throw new Error(
          `expected ${ENV_VAR_NAME} to point to the deltachat-rpc-server executable`
        );
@@ -68,41 +68,49 @@ export async function getRPCServerPath(options = {}) {
 import { StdioDeltaChat } from "@deltachat/jsonrpc-client";

 /** @type {import("./index").FnTypes.startDeltaChat} */
-export async function startDeltaChat(directory, options = {}) {
-  const pathToServerBinary = await getRPCServerPath(options);
-  const server = spawn(pathToServerBinary, {
-    env: {
-      RUST_LOG: process.env.RUST_LOG,
-      DC_ACCOUNTS_PATH: directory,
-    },
-    stdio: ["pipe", "pipe", options.muteStdErr ? "ignore" : "inherit"],
-  });
-
-  server.on("error", (err) => {
-    throw new Error(FAILED_TO_START_SERVER_EXECUTABLE(pathToServerBinary, err));
-  });
-  let shouldClose = false;
-
-  server.on("exit", () => {
-    if (shouldClose) {
-      return;
-    }
-    throw new Error("Server quit");
-  });
-
-  /** @type {import('./index').DeltaChatOverJsonRpcServer} */
-  //@ts-expect-error
-  const dc = new StdioDeltaChat(server.stdin, server.stdout, true);
-
-  dc.close = () => {
-    shouldClose = true;
-    if (!server.kill()) {
-      console.log("server termination failed");
-    }
-  };
-
-  //@ts-expect-error
-  dc.pathToServerBinary = pathToServerBinary;
-
-  return dc;
+export function startDeltaChat(directory, options = {}) {
+  return new DeltaChatOverJsonRpc(directory, options);
+}
+
+export class DeltaChatOverJsonRpc extends StdioDeltaChat {
+  /**
+   *
+   * @param {string} directory
+   * @param {Partial<import("./index").SearchOptions & import("./index").StartOptions>} options
+   */
+  constructor(directory, options = {}) {
+    const pathToServerBinary = getRPCServerPath(options);
+    const server = spawn(pathToServerBinary, {
+      env: {
+        RUST_LOG: process.env.RUST_LOG,
+        DC_ACCOUNTS_PATH: directory,
+      },
+      stdio: ["pipe", "pipe", options.muteStdErr ? "ignore" : "inherit"],
+    });
+
+    server.on("error", (err) => {
+      throw new Error(
+        FAILED_TO_START_SERVER_EXECUTABLE(pathToServerBinary, err)
+      );
+    });
+    let shouldClose = false;
+
+    server.on("exit", () => {
+      if (shouldClose) {
+        return;
+      }
+      throw new Error("Server quit");
+    });
+
+    super(server.stdin, server.stdout, true);
+
+    this.close = () => {
+      shouldClose = true;
+      if (!server.kill()) {
+        console.log("server termination failed");
+      }
+    };
+
+    this.pathToServerBinary = pathToServerBinary;
+  }
 }
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.48.0-dev"
+  "version": "2.50.0-dev"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -23,7 +23,27 @@ ignore = [
    # it is a transitive dependency of iroh 0.35.0
    # which depends on ^0.102.
    # <https://rustsec.org/advisories/RUSTSEC-2026-0049>
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0098>
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0099>
    "RUSTSEC-2026-0049",
+    "RUSTSEC-2026-0098",
+    "RUSTSEC-2026-0099",
+
+    # Panic in CRL signature checks.
+    # We do not check CRL and cannot update rustls-webpki 0.102.8 
+    # which is a dependency of iroh 0.35.0.
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0104>
+    "RUSTSEC-2026-0104",
+
+    # hickory-proto 0.25.2 unbounded loop in DNSSEC code.
+    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0118>
+    "RUSTSEC-2026-0118",
+
+    # hickory-proto 0.25.2 quadratic complexity issue.
+    # Dependency of iroh 0.35.0, cannot be updated as of 2026-05-02.
+    # <https://rustsec.org/advisories/RUSTSEC-2026-0119>
+    "RUSTSEC-2026-0119"
 ]

 [bans]
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.48.0-dev"
+version = "2.50.0-dev"
 license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -254,10 +254,6 @@ class Message:
        """Quote setter."""
        lib.dc_msg_set_quote(self._dc_msg, quoted_message._dc_msg)

-    def force_plaintext(self) -> None:
-        """Force the message to be sent in plain text."""
-        lib.dc_msg_force_plaintext(self._dc_msg)
-
    @property
    def error(self) -> Optional[str]:
        """Error message."""
--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -433,7 +433,6 @@ class ACFactory:
        if self.pytestconfig.getoption("--strict-tls"):
            # Enable strict certificate checks for online accounts
            configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT)
-            configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT)

        assert "addr" in configdict and "mail_pw" in configdict
        return configdict
@@ -505,7 +504,6 @@ class ACFactory:
                "addr": cloned_from.get_config("addr"),
                "mail_pw": cloned_from.get_config("mail_pw"),
                "imap_certificate_checks": cloned_from.get_config("imap_certificate_checks"),
-                "smtp_certificate_checks": cloned_from.get_config("smtp_certificate_checks"),
            }
        configdict.update(kwargs)
        ac = self._get_cached_account(addr=configdict["addr"]) if cache else None
@@ -522,7 +520,6 @@ class ACFactory:
        ac = self.get_unconfigured_account()
        assert "addr" in configdict and "mail_pw" in configdict, configdict
        configdict.setdefault("bcc_self", False)
-        configdict.setdefault("mvbox_move", False)
        configdict.setdefault("sync_msgs", False)
        configdict.setdefault("delete_server_after", 0)
        ac.update_config(configdict)
--- a/python/tests/test_0_complex_or_slow.py
+++ b/python/tests/test_0_complex_or_slow.py
@@ -288,6 +288,7 @@ def test_use_new_verified_group_after_going_online(acfactory, data, tmp_path, lp
    assert open(contact.get_profile_image(), "rb").read() == open(avatar_path, "rb").read()

    lp.sec("ac2_offl: sending message")
+    chat2.accept()
    msg_out = chat2.send_text("hello")

    lp.sec("ac1: receiving message")
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -52,19 +52,19 @@ class TestOfflineAccountBasic:

    def test_set_config_int_conversion(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.set_config("mvbox_move", False)
-        assert ac1.get_config("mvbox_move") == "0"
-        ac1.set_config("mvbox_move", True)
-        assert ac1.get_config("mvbox_move") == "1"
-        ac1.set_config("mvbox_move", 0)
-        assert ac1.get_config("mvbox_move") == "0"
-        ac1.set_config("mvbox_move", 1)
-        assert ac1.get_config("mvbox_move") == "1"
+        ac1.set_config("bcc_self", False)
+        assert ac1.get_config("bcc_self") == "0"
+        ac1.set_config("bcc_self", True)
+        assert ac1.get_config("bcc_self") == "1"
+        ac1.set_config("bcc_self", 0)
+        assert ac1.get_config("bcc_self") == "0"
+        ac1.set_config("bcc_self", 1)
+        assert ac1.get_config("bcc_self") == "1"

    def test_update_config(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
-        ac1.update_config({"mvbox_move": False})
-        assert ac1.get_config("mvbox_move") == "0"
+        ac1.update_config({"bcc_self": True})
+        assert ac1.get_config("bcc_self") == "1"

    def test_has_bccself(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2026-03-24
+2026-04-13
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -48,19 +48,3 @@ the build machine (ask your friendly sysadmin on #deltachat Libera Chat) to type

 This will **rsync** your current checkout to the remote build machine 
 (no need to commit before) and then run either rust or python tests. 
-
-# coredeps Dockerfile
-
-`coredeps/Dockerfile` specifies an image that contains all 
-of Delta Chat's core dependencies. It is used to
-build python wheels (binary packages for Python).
-
-You can build the docker images yourself locally
-to avoid the relatively large download:
- 
-    cd scripts  # where all CI things are 
-    docker build -t deltachat/coredeps coredeps
-
-Additionally, you can install qemu and build arm64 docker image on x86\_64 machine:
-    apt-get install qemu binfmt-support qemu-user-static
-    docker build -t deltachat/coredeps-arm64 --build-arg BASEIMAGE=quay.io/pypa/manylinux2014_aarch64 coredeps
--- a/scripts/check-dev-version.py
+++ b/scripts/check-dev-version.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+#
+# Script to check that current version ends with -dev.
+# Meant to be run in CI to check that PRs are made against the -dev version.
+# If the version is not -dev, it was forgotten to be updated
+# after making a release.
+
+from pathlib import Path
+import tomllib
+import sys
+
+
+def main():
+    with Path("Cargo.toml").open("rb") as fp:
+        cargo_toml = tomllib.load(fp)
+    version = cargo_toml["package"]["version"]
+    if not version.endswith("-dev"):
+        print(f"Current version {version} does not end with -dev", file=sys.stderr)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
--- a/scripts/concourse/README.md
+++ b/scripts/concourse/README.md
@@ -1,26 +0,0 @@
-# Concourse CI pipeline
-
-`docs_wheels.yml` is a pipeline for [Concourse CI](https://concourse-ci.org/)
-that builds C documentation, Python documentation, Python wheels for `x86_64`
-and `aarch64` and Python source packages, and uploads them.
-
-To setup the pipeline run
-```
-fly -t <your-target> set-pipeline -c docs_wheels.yml -p docs_wheels -l secret.yml
-```
-where `secret.yml` contains the following secrets:
-```
-c.delta.chat:
-  private_key: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    ...
-    -----END OPENSSH PRIVATE KEY-----
-devpi:
-  login: dc
-  password: ...
-```
-
-Secrets can be read from the password manager:
-```
-fly -t b1 set-pipeline -c docs_wheels.yml -p docs_wheels -l <(pass show delta/b1.delta.chat/secret.yml)
-```
--- a/scripts/concourse/docs_wheels.yml
+++ b/scripts/concourse/docs_wheels.yml
@@ -1,305 +0,0 @@
-resources:
-  - name: deltachat-core-rust
-    type: git
-    icon: github
-    source:
-      branch: main
-      uri: https://github.com/chatmail/core.git
-
-  - name: deltachat-core-rust-release
-    type: git
-    icon: github
-    source:
-      branch: main
-      uri: https://github.com/chatmail/core.git
-      tag_filter: "v*"
-
-jobs:
-  - name: python-x86_64
-    plan:
-      - get: deltachat-core-rust
-      - get: deltachat-core-rust-release
-        trigger: true
-
-      # Build manylinux image with additional dependencies
-      - task: build-coredeps
-        privileged: true
-        config:
-          inputs:
-            # Building the latest, not tagged coredeps
-            - name: deltachat-core-rust
-          image_resource:
-            source:
-              repository: concourse/oci-build-task
-            type: registry-image
-          outputs:
-            - name: coredeps-image
-              path: image
-          params:
-            CONTEXT: deltachat-core-rust/scripts/coredeps
-            UNPACK_ROOTFS: "true"
-            BUILD_ARG_BASEIMAGE: quay.io/pypa/manylinux2014_x86_64
-          platform: linux
-          caches:
-            - path: cache
-          run:
-            path: build
-
-      # Use built image to build python wheels
-      - task: build-wheels
-        image: coredeps-image
-        config:
-          inputs:
-            - name: deltachat-core-rust-release
-              path: .
-          outputs:
-            # Binary wheels
-            - name: py-wheels
-              path: ./python/.docker-tox/wheelhouse/
-          platform: linux
-          run:
-            path: bash
-            args:
-              - -exc
-              - |
-                scripts/run_all.sh
-
-      # Upload x86_64 wheels and source packages
-      - task: upload-wheels
-        config:
-          inputs:
-            - name: py-wheels
-          image_resource:
-            type: registry-image
-            source:
-              repository: debian
-          platform: linux
-          run:
-            path: sh
-            args:
-              - -ec
-              - |
-                apt-get update -y
-                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
-                python3 -m venv env
-                env/bin/pip install --upgrade pip
-                env/bin/pip install devpi
-                env/bin/devpi use https://m.devpi.net/dc/master
-                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
-                env/bin/devpi upload py-wheels/*manylinux201*
-
-  - name: python-aarch64
-    plan:
-      - get: deltachat-core-rust
-      - get: deltachat-core-rust-release
-        trigger: true
-
-      # Build manylinux image with additional dependencies
-      - task: build-coredeps
-        privileged: true
-        config:
-          inputs:
-            # Building the latest, not tagged coredeps
-            - name: deltachat-core-rust
-          image_resource:
-            source:
-              repository: concourse/oci-build-task
-            type: registry-image
-          outputs:
-            - name: coredeps-image
-              path: image
-          params:
-            CONTEXT: deltachat-core-rust/scripts/coredeps
-            UNPACK_ROOTFS: "true"
-            BUILD_ARG_BASEIMAGE: quay.io/pypa/manylinux2014_aarch64
-          platform: linux
-          caches:
-            - path: cache
-          run:
-            path: build
-
-      # Use built image to build python wheels
-      - task: build-wheels
-        image: coredeps-image
-        config:
-          inputs:
-            - name: deltachat-core-rust-release
-              path: .
-          outputs:
-            - name: py-wheels
-              path: ./python/.docker-tox/wheelhouse/
-          platform: linux
-          run:
-            path: bash
-            args:
-              - -exc
-              - |
-                scripts/run_all.sh
-
-      # Upload aarch64 wheels
-      - task: upload-wheels
-        config:
-          inputs:
-            - name: py-wheels
-          image_resource:
-            type: registry-image
-            source:
-              repository: debian
-          platform: linux
-          run:
-            path: sh
-            args:
-              - -ec
-              - |
-                apt-get update -y
-                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
-                python3 -m venv env
-                env/bin/pip install --upgrade pip
-                env/bin/pip install devpi
-                env/bin/devpi use https://m.devpi.net/dc/master
-                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
-                env/bin/devpi upload py-wheels/*manylinux201*
-
-  - name: python-musl-x86_64
-    plan:
-      - get: deltachat-core-rust
-      - get: deltachat-core-rust-release
-        trigger: true
-
-      # Build manylinux image with additional dependencies
-      - task: build-coredeps
-        privileged: true
-        config:
-          inputs:
-            # Building the latest, not tagged coredeps
-            - name: deltachat-core-rust
-          image_resource:
-            source:
-              repository: concourse/oci-build-task
-            type: registry-image
-          outputs:
-            - name: coredeps-image
-              path: image
-          params:
-            CONTEXT: deltachat-core-rust/scripts/coredeps
-            UNPACK_ROOTFS: "true"
-            BUILD_ARG_BASEIMAGE: quay.io/pypa/musllinux_1_1_x86_64
-          platform: linux
-          caches:
-            - path: cache
-          run:
-            path: build
-
-      # Use built image to build python wheels
-      - task: build-wheels
-        image: coredeps-image
-        config:
-          inputs:
-            - name: deltachat-core-rust-release
-              path: .
-          outputs:
-            - name: py-wheels
-              path: ./python/.docker-tox/wheelhouse/
-          platform: linux
-          run:
-            path: bash
-            args:
-              - -exc
-              - |
-                scripts/run_all.sh
-
-      # Upload musl x86_64 wheels
-      - task: upload-wheels
-        config:
-          inputs:
-            - name: py-wheels
-          image_resource:
-            type: registry-image
-            source:
-              repository: debian
-          platform: linux
-          run:
-            path: sh
-            args:
-              - -ec
-              - |
-                apt-get update -y
-                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
-                python3 -m venv env
-                env/bin/pip install --upgrade pip
-                env/bin/pip install devpi
-                env/bin/devpi use https://m.devpi.net/dc/master
-                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
-                env/bin/devpi upload py-wheels/*musllinux_1_1_x86_64*
-
-  - name: python-musl-aarch64
-    plan:
-      - get: deltachat-core-rust
-      - get: deltachat-core-rust-release
-        trigger: true
-
-      # Build manylinux image with additional dependencies
-      - task: build-coredeps
-        privileged: true
-        config:
-          inputs:
-            # Building the latest, not tagged coredeps
-            - name: deltachat-core-rust
-          image_resource:
-            source:
-              repository: concourse/oci-build-task
-            type: registry-image
-          outputs:
-            - name: coredeps-image
-              path: image
-          params:
-            CONTEXT: deltachat-core-rust/scripts/coredeps
-            UNPACK_ROOTFS: "true"
-            BUILD_ARG_BASEIMAGE: quay.io/pypa/musllinux_1_1_aarch64
-          platform: linux
-          caches:
-            - path: cache
-          run:
-            path: build
-
-      # Use built image to build python wheels
-      - task: build-wheels
-        image: coredeps-image
-        config:
-          inputs:
-            - name: deltachat-core-rust-release
-              path: .
-          outputs:
-            - name: py-wheels
-              path: ./python/.docker-tox/wheelhouse/
-          platform: linux
-          run:
-            path: bash
-            args:
-              - -exc
-              - |
-                scripts/run_all.sh
-
-      # Upload musl aarch64 wheels
-      - task: upload-wheels
-        config:
-          inputs:
-            - name: py-wheels
-          image_resource:
-            type: registry-image
-            source:
-              repository: debian
-          platform: linux
-          run:
-            path: sh
-            args:
-              - -ec
-              - |
-                apt-get update -y
-                apt-get install -y --no-install-recommends python3-pip python3-setuptools python3-venv
-                python3 -m venv env
-                env/bin/pip install --upgrade pip
-                env/bin/pip install devpi
-                env/bin/devpi use https://m.devpi.net/dc/master
-                env/bin/devpi login ((devpi.login)) --password ((devpi.password))
-                env/bin/devpi upload py-wheels/*musllinux_1_1_aarch64*
--- a/scripts/coredeps/Dockerfile
+++ b/scripts/coredeps/Dockerfile
@@ -1,9 +0,0 @@
-ARG BASEIMAGE=quay.io/pypa/manylinux2014_x86_64
-#ARG BASEIMAGE=quay.io/pypa/musllinux_1_1_x86_64
-#ARG BASEIMAGE=quay.io/pypa/manylinux2014_aarch64
-
-FROM $BASEIMAGE
-RUN pipx install tox
-COPY install-rust.sh /scripts/
-RUN /scripts/install-rust.sh
-RUN if command -v yum; then yum install -y perl-IPC-Cmd; fi
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Install Rust
-#
-# Path from https://forge.rust-lang.org/infra/other-installation-methods.html
-#
-# Avoid using rustup here as it depends on reading /proc/self/exe and
-# has problems running under QEMU.
-RUST_VERSION=1.94.0
-
-ARCH="$(uname -m)"
-test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
-
-curl "https://static.rust-lang.org/dist/rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC.tar.gz" | tar xz
-cd "rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC"
-./install.sh --prefix=/usr --components=rustc,cargo,"rust-std-$ARCH-unknown-linux-$LIBC"
-rustc --version
-cd ..
-rm -fr "rust-${RUST_VERSION}-$ARCH-unknown-linux-$LIBC"
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=996c4bc82be5a7404f70b185ff062da33bfa98d9
+REV=ad097ee40579c884e7757de2d3bb0a51f481a32a

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -8,6 +8,7 @@ use std::sync::Arc;
 use anyhow::{Context as _, Result, bail, ensure};
 use async_channel::{self, Receiver, Sender};
 use futures::FutureExt as _;
+use futures::future;
 use futures_lite::FutureExt as _;
 use serde::{Deserialize, Serialize};
 use tokio::fs;
@@ -22,6 +23,7 @@ use tokio::time::{Duration, sleep};

 use crate::context::{Context, ContextBuilder};
 use crate::events::{Event, EventEmitter, EventType, Events};
+use crate::location;
 use crate::log::warn;
 use crate::push::PushSubscriber;
 use crate::stock_str::StockStrings;
@@ -536,6 +538,38 @@ impl Accounts {
        self.push_subscriber.set_device_token(token).await;
        Ok(())
    }
+
+    /// Sets location for all accounts.
+    ///
+    /// Returns true if location should still be streamed.
+    pub async fn set_location(&self, latitude: f64, longitude: f64, accuracy: f64) -> Result<bool> {
+        let continue_streaming = future::try_join_all(self.accounts.iter().map(
+            |(account_id, account)| async move {
+                location::set(account, latitude, longitude, accuracy)
+                    .await
+                    .with_context(|| format!("Failed to set location for account {account_id}"))
+            },
+        ))
+        .await?
+        .into_iter()
+        .any(|continue_streaming| continue_streaming);
+        Ok(continue_streaming)
+    }
+
+    /// Stops sending locations to all chats.
+    pub async fn stop_sending_locations(&self) -> Result<()> {
+        future::try_join_all(
+            self.accounts
+                .iter()
+                .map(|(account_id, account)| async move {
+                    location::stop_sending(account).await.with_context(|| {
+                        format!("Failed to stop sending locations for account {account_id}")
+                    })
+                }),
+        )
+        .await?;
+        Ok(())
+    }
 }

 /// Configuration file name.
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -4,9 +4,8 @@

 use std::collections::BTreeMap;
 use std::fmt;
-use std::str::FromStr;

-use anyhow::{Context as _, Error, Result, bail};
+use anyhow::{Context as _, Result, bail};

 use crate::key::{DcKey, SignedPublicKey};

@@ -28,10 +27,8 @@ impl fmt::Display for EncryptPreference {
    }
 }

-impl FromStr for EncryptPreference {
-    type Err = Error;
-
-    fn from_str(s: &str) -> Result<Self> {
+impl EncryptPreference {
+    fn new(s: &str) -> Result<Self> {
        match s {
            "mutual" => Ok(EncryptPreference::Mutual),
            "nopreference" => Ok(EncryptPreference::NoPreference),
@@ -85,10 +82,8 @@ impl fmt::Display for Aheader {
    }
 }

-impl FromStr for Aheader {
-    type Err = Error;
-
-    fn from_str(s: &str) -> Result<Self> {
+impl Aheader {
+    pub(crate) fn from_str(s: &str) -> Result<Self> {
        let mut attributes: BTreeMap<String, String> = s
            .split(';')
            .filter_map(|a| {
@@ -116,7 +111,7 @@ impl FromStr for Aheader {

        let prefer_encrypt = attributes
            .remove("prefer-encrypt")
-            .and_then(|raw| raw.parse().ok())
+            .and_then(|raw| EncryptPreference::new(&raw).ok())
            .unwrap_or_default();

        let verified = attributes.remove("_verified").is_some();
@@ -144,8 +139,9 @@ mod tests {

    #[test]
    fn test_from_str() -> Result<()> {
-        let h: Aheader =
-            format!("addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}").parse()?;
+        let h = Aheader::from_str(&format!(
+            "addr=me@mail.com; prefer-encrypt=mutual; keydata={RAWKEY}"
+        ))?;

        assert_eq!(h.addr, "me@mail.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::Mutual);
@@ -157,7 +153,7 @@ mod tests {
    #[test]
    fn test_from_str_reset() -> Result<()> {
        let raw = format!("addr=reset@example.com; prefer-encrypt=reset; keydata={RAWKEY}");
-        let h: Aheader = raw.parse()?;
+        let h = Aheader::from_str(&raw)?;

        assert_eq!(h.addr, "reset@example.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
@@ -167,7 +163,7 @@ mod tests {
    #[test]
    fn test_from_str_non_critical() -> Result<()> {
        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; keydata={RAWKEY}");
-        let h: Aheader = raw.parse()?;
+        let h = Aheader::from_str(&raw)?;

        assert_eq!(h.addr, "me@mail.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::NoPreference);
@@ -177,7 +173,7 @@ mod tests {
    #[test]
    fn test_from_str_superflous_critical() {
        let raw = format!("addr=me@mail.com; _foo=one; _bar=two; other=me; keydata={RAWKEY}");
-        assert!(raw.parse::<Aheader>().is_err());
+        assert!(Aheader::from_str(&raw).is_err());
    }

    #[test]
--- a/src/authres.rs
+++ b/src/authres.rs
@@ -1,561 +0,0 @@
-//! Parsing and handling of the Authentication-Results header.
-//! See the comment on [`handle_authres`] for more.
-
-use std::borrow::Cow;
-use std::collections::BTreeSet;
-use std::fmt;
-use std::sync::LazyLock;
-
-use anyhow::Result;
-use deltachat_contact_tools::EmailAddress;
-use mailparse::MailHeaderMap;
-use mailparse::ParsedMail;
-
-use crate::config::Config;
-use crate::context::Context;
-use crate::headerdef::HeaderDef;
-
-/// `authres` is short for the Authentication-Results header, defined in
-/// <https://datatracker.ietf.org/doc/html/rfc8601>, which contains info
-/// about whether DKIM and SPF passed.
-///
-/// To mitigate From forgery, we remember for each sending domain whether it is known
-/// to have valid DKIM. If an email from such a domain comes with invalid DKIM,
-/// we don't allow changing the autocrypt key.
-///
-/// See <https://github.com/deltachat/deltachat-core-rust/issues/3507>.
-pub(crate) async fn handle_authres(
-    context: &Context,
-    mail: &ParsedMail<'_>,
-    from: &str,
-) -> Result<DkimResults> {
-    let from_domain = match EmailAddress::new(from) {
-        Ok(email) => email.domain,
-        Err(e) => {
-            return Err(anyhow::format_err!("invalid email {from}: {e:#}"));
-        }
-    };
-
-    let authres = parse_authres_headers(&mail.get_headers(), &from_domain);
-    update_authservid_candidates(context, &authres).await?;
-    compute_dkim_results(context, authres).await
-}
-
-#[derive(Debug)]
-pub(crate) struct DkimResults {
-    /// Whether DKIM passed for this particular e-mail.
-    pub dkim_passed: bool,
-}
-
-impl fmt::Display for DkimResults {
-    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
-        write!(fmt, "DKIM Results: Passed={}", self.dkim_passed)?;
-        Ok(())
-    }
-}
-
-type AuthservId = String;
-
-#[derive(Debug, PartialEq)]
-enum DkimResult {
-    /// The header explicitly said that DKIM passed
-    Passed,
-    /// The header explicitly said that DKIM failed
-    Failed,
-    /// The header didn't say anything about DKIM; this might mean that it wasn't
-    /// checked, but it might also mean that it failed. This is because some providers
-    /// (e.g. ik.me, mail.ru, posteo.de) don't add `dkim=none` to their
-    /// Authentication-Results if there was no DKIM.
-    Nothing,
-}
-
-type ParsedAuthresHeaders = Vec<(AuthservId, DkimResult)>;
-
-fn parse_authres_headers(
-    headers: &mailparse::headers::Headers<'_>,
-    from_domain: &str,
-) -> ParsedAuthresHeaders {
-    let mut res = Vec::new();
-    for header_value in headers.get_all_values(HeaderDef::AuthenticationResults.into()) {
-        let header_value = remove_comments(&header_value);
-
-        if let Some(mut authserv_id) = header_value.split(';').next() {
-            if authserv_id.contains(char::is_whitespace) || authserv_id.is_empty() {
-                // Outlook violates the RFC by not adding an authserv-id at all, which we notice
-                // because there is whitespace in the first identifier before the ';'.
-                // Authentication-Results-parsing still works securely because they remove incoming
-                // Authentication-Results headers.
-                // We just use an arbitrary authserv-id, it will work for Outlook, and in general,
-                // with providers not implementing the RFC correctly, someone can trick us
-                // into thinking that an incoming email is DKIM-correct, anyway.
-                // The most important thing here is that we have some valid `authserv_id`.
-                authserv_id = "invalidAuthservId";
-            }
-            let dkim_passed = parse_one_authres_header(&header_value, from_domain);
-            res.push((authserv_id.to_string(), dkim_passed));
-        }
-    }
-
-    res
-}
-
-/// The headers can contain comments that look like this:
-/// ```text
-/// Authentication-Results: (this is a comment) gmx.net; (another; comment) dkim=pass;
-/// ```
-fn remove_comments(header: &str) -> Cow<'_, str> {
-    // In Pomsky, this is:
-    //     "(" Codepoint* lazy ")"
-    // See https://playground.pomsky-lang.org/?text=%22(%22%20Codepoint*%20lazy%20%22)%22
-    static RE: LazyLock<regex::Regex> =
-        LazyLock::new(|| regex::Regex::new(r"\([\s\S]*?\)").unwrap());
-
-    RE.replace_all(header, " ")
-}
-
-/// Parses a single Authentication-Results header, like:
-///
-/// ```text
-/// Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com
-/// ```
-fn parse_one_authres_header(header_value: &str, from_domain: &str) -> DkimResult {
-    if let Some((before_dkim_part, dkim_to_end)) = header_value.split_once("dkim=") {
-        // Check that the character right before `dkim=` is a space or a tab
-        // so that we wouldn't e.g. mistake `notdkim=pass` for `dkim=pass`
-        if before_dkim_part.ends_with(' ') || before_dkim_part.ends_with('\t') {
-            let dkim_part = dkim_to_end.split(';').next().unwrap_or_default();
-            let dkim_parts: Vec<_> = dkim_part.split_whitespace().collect();
-            if let Some(&"pass") = dkim_parts.first() {
-                // DKIM headers contain a header.d or header.i field
-                // that says which domain signed. We have to check ourselves
-                // that this is the same domain as in the From header.
-                let header_d: &str = &format!("header.d={}", &from_domain);
-                let header_i: &str = &format!("header.i=@{}", &from_domain);
-
-                if dkim_parts.contains(&header_d) || dkim_parts.contains(&header_i) {
-                    // We have found a `dkim=pass` header!
-                    return DkimResult::Passed;
-                }
-            } else {
-                // dkim=fail, dkim=none, ...
-                return DkimResult::Failed;
-            }
-        }
-    }
-
-    DkimResult::Nothing
-}
-
-/// ## About authserv-ids
-///
-/// After having checked DKIM, our email server adds an Authentication-Results header.
-///
-/// Now, an attacker could just add an Authentication-Results header that says dkim=pass
-/// in order to make us think that DKIM was correct in their From-forged email.
-///
-/// In order to prevent this, each email server adds its authserv-id to the
-/// Authentication-Results header, e.g. Testrun's authserv-id is `testrun.org`, Gmail's
-/// is `mx.google.com`. When Testrun gets a mail delivered from outside, it will then
-/// remove any Authentication-Results headers whose authserv-id is also `testrun.org`.
-///
-/// We need to somehow find out the authserv-id(s) of our email server, so that
-/// we can use the Authentication-Results with the right authserv-id.
-///
-/// ## What this function does
-///
-/// When receiving an email, this function is called and updates the candidates for
-/// our server's authserv-id, i.e. what we think our server's authserv-id is.
-///
-/// Usually, every incoming email has Authentication-Results  with our server's
-/// authserv-id, so, the intersection of the existing authserv-ids and the incoming
-/// authserv-ids for our server's authserv-id is a good guess for our server's
-/// authserv-id. When this intersection is empty, we assume that the authserv-id has
-/// changed and start over with the new authserv-ids.
-///
-/// See [`handle_authres`].
-async fn update_authservid_candidates(
-    context: &Context,
-    authres: &ParsedAuthresHeaders,
-) -> Result<()> {
-    let mut new_ids: BTreeSet<&str> = authres
-        .iter()
-        .map(|(authserv_id, _dkim_passed)| authserv_id.as_str())
-        .collect();
-    if new_ids.is_empty() {
-        // The incoming message doesn't contain any authentication results, maybe it's a
-        // self-sent or a mailer-daemon message
-        return Ok(());
-    }
-
-    let old_config = context.get_config(Config::AuthservIdCandidates).await?;
-    let old_ids = parse_authservid_candidates_config(&old_config);
-    let intersection: BTreeSet<&str> = old_ids.intersection(&new_ids).copied().collect();
-    if !intersection.is_empty() {
-        new_ids = intersection;
-    }
-    // If there were no AuthservIdCandidates previously, just start with
-    // the ones from the incoming email
-
-    if old_ids != new_ids {
-        let new_config = new_ids.into_iter().collect::<Vec<_>>().join(" ");
-        context
-            .set_config_internal(Config::AuthservIdCandidates, Some(&new_config))
-            .await?;
-    }
-    Ok(())
-}
-
-/// Use the parsed authres and the authservid candidates to compute whether DKIM passed
-/// and whether a keychange should be allowed.
-///
-/// We track in the `sending_domains` table whether we get positive Authentication-Results
-/// for mails from a contact (meaning that their provider properly authenticates against
-/// our provider).
-///
-/// Once a contact is known to come with positive Authentication-Resutls (dkim: pass),
-/// we don't accept Autocrypt key changes if they come with negative Authentication-Results.
-async fn compute_dkim_results(
-    context: &Context,
-    mut authres: ParsedAuthresHeaders,
-) -> Result<DkimResults> {
-    let mut dkim_passed = false;
-
-    let ids_config = context.get_config(Config::AuthservIdCandidates).await?;
-    let ids = parse_authservid_candidates_config(&ids_config);
-
-    // Remove all foreign authentication results
-    authres.retain(|(authserv_id, _dkim_passed)| ids.contains(authserv_id.as_str()));
-
-    if authres.is_empty() {
-        // If the authentication results are empty, then our provider doesn't add them
-        // and an attacker could just add their own Authentication-Results, making us
-        // think that DKIM passed. So, in this case, we can as well assume that DKIM passed.
-        dkim_passed = true;
-    } else {
-        for (_authserv_id, current_dkim_passed) in authres {
-            match current_dkim_passed {
-                DkimResult::Passed => {
-                    dkim_passed = true;
-                    break;
-                }
-                DkimResult::Failed => {
-                    dkim_passed = false;
-                    break;
-                }
-                DkimResult::Nothing => {
-                    // Continue looking for an Authentication-Results header
-                }
-            }
-        }
-    }
-
-    Ok(DkimResults { dkim_passed })
-}
-
-fn parse_authservid_candidates_config(config: &Option<String>) -> BTreeSet<&str> {
-    config
-        .as_deref()
-        .map(|c| c.split_whitespace().collect())
-        .unwrap_or_default()
-}
-
-#[cfg(test)]
-mod tests {
-    use tokio::fs;
-    use tokio::io::AsyncReadExt;
-
-    use super::*;
-    use crate::mimeparser;
-    use crate::test_utils::TestContext;
-    use crate::test_utils::TestContextManager;
-    use crate::tools;
-
-    #[test]
-    fn test_remove_comments() {
-        let header = "Authentication-Results: mx3.messagingengine.com;
-    dkim=pass (1024-bit rsa key sha256) header.d=riseup.net;"
-            .to_string();
-        assert_eq!(
-            remove_comments(&header),
-            "Authentication-Results: mx3.messagingengine.com;
-    dkim=pass   header.d=riseup.net;"
-        );
-
-        let header = ") aaa (".to_string();
-        assert_eq!(remove_comments(&header), ") aaa (");
-
-        let header = "((something weird) no comment".to_string();
-        assert_eq!(remove_comments(&header), "  no comment");
-
-        let header = "🎉(🎉(🎉))🎉(".to_string();
-        assert_eq!(remove_comments(&header), "🎉 )🎉(");
-
-        // Comments are allowed to include whitespace
-        let header = "(com\n\t\r\nment) no comment (comment)".to_string();
-        assert_eq!(remove_comments(&header), "  no comment  ");
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_parse_authentication_results() -> Result<()> {
-        let t = TestContext::new().await;
-        t.configure_addr("alice@gmx.net").await;
-        let bytes = b"Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com
-Authentication-Results:  gmx.net; dkim=pass header.i=@amazonses.com";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
-        assert_eq!(
-            actual,
-            vec![
-                ("gmx.net".to_string(), DkimResult::Passed),
-                ("gmx.net".to_string(), DkimResult::Nothing)
-            ]
-        );
-
-        let bytes = b"Authentication-Results:  gmx.net; notdkim=pass header.i=@slack.com
-Authentication-Results:  gmx.net; notdkim=pass header.i=@amazonses.com";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
-        assert_eq!(
-            actual,
-            vec![
-                ("gmx.net".to_string(), DkimResult::Nothing),
-                ("gmx.net".to_string(), DkimResult::Nothing)
-            ]
-        );
-
-        let bytes = b"Authentication-Results:  gmx.net; dkim=pass header.i=@amazonses.com";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
-        assert_eq!(actual, vec![("gmx.net".to_string(), DkimResult::Nothing)],);
-
-        // Weird Authentication-Results from Outlook without an authserv-id
-        let bytes = b"Authentication-Results: spf=pass (sender IP is 40.92.73.85)
-    smtp.mailfrom=hotmail.com; dkim=pass (signature was verified)
-    header.d=hotmail.com;dmarc=pass action=none
-    header.from=hotmail.com;compauth=pass reason=100";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "hotmail.com");
-        // At this point, the most important thing to test is that there are no
-        // authserv-ids with whitespace in them.
-        assert_eq!(
-            actual,
-            vec![("invalidAuthservId".to_string(), DkimResult::Passed)]
-        );
-
-        let bytes = b"Authentication-Results:  gmx.net; dkim=none header.i=@slack.com
-Authentication-Results:  gmx.net; dkim=pass header.i=@slack.com";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "slack.com");
-        assert_eq!(
-            actual,
-            vec![
-                ("gmx.net".to_string(), DkimResult::Failed),
-                ("gmx.net".to_string(), DkimResult::Passed)
-            ]
-        );
-
-        // ';' in comments
-        let bytes = b"Authentication-Results: mx1.riseup.net;
-	dkim=pass (1024-bit key; unprotected) header.d=yandex.ru header.i=@yandex.ru header.a=rsa-sha256 header.s=mail header.b=avNJu6sw;
-	dkim-atps=neutral";
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "yandex.ru");
-        assert_eq!(
-            actual,
-            vec![("mx1.riseup.net".to_string(), DkimResult::Passed)]
-        );
-
-        let bytes = br#"Authentication-Results: box.hispanilandia.net;
-	dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq";
-	dkim-atps=neutral
-Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org
-Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#;
-        let mail = mailparse::parse_mail(bytes)?;
-        let actual = parse_authres_headers(&mail.get_headers(), "disroot.org");
-        assert_eq!(
-            actual,
-            vec![
-                ("box.hispanilandia.net".to_string(), DkimResult::Failed),
-                ("box.hispanilandia.net".to_string(), DkimResult::Nothing),
-                ("box.hispanilandia.net".to_string(), DkimResult::Nothing),
-            ]
-        );
-
-        Ok(())
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_update_authservid_candidates() -> Result<()> {
-        let t = TestContext::new_alice().await;
-
-        update_authservid_candidates_test(&t, &["mx3.messagingengine.com"]).await;
-        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
-        assert_eq!(candidates, "mx3.messagingengine.com");
-
-        // "mx4.messagingengine.com" seems to be the new authserv-id, DC should accept it
-        update_authservid_candidates_test(&t, &["mx4.messagingengine.com"]).await;
-        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
-        assert_eq!(candidates, "mx4.messagingengine.com");
-
-        // A message without any Authentication-Results headers shouldn't remove all
-        // candidates since it could be a mailer-daemon message or so
-        update_authservid_candidates_test(&t, &[]).await;
-        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
-        assert_eq!(candidates, "mx4.messagingengine.com");
-
-        update_authservid_candidates_test(&t, &["mx4.messagingengine.com", "someotherdomain.com"])
-            .await;
-        let candidates = t.get_config(Config::AuthservIdCandidates).await?.unwrap();
-        assert_eq!(candidates, "mx4.messagingengine.com");
-
-        Ok(())
-    }
-
-    /// Calls update_authservid_candidates(), meant for using in a test.
-    ///
-    /// update_authservid_candidates() only looks at the keys of its
-    /// `authentication_results` parameter. So, this function takes `incoming_ids`
-    /// and adds some AuthenticationResults to get the HashMap we need.
-    async fn update_authservid_candidates_test(context: &Context, incoming_ids: &[&str]) {
-        let v = incoming_ids
-            .iter()
-            .map(|id| (id.to_string(), DkimResult::Passed))
-            .collect();
-        update_authservid_candidates(context, &v).await.unwrap()
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_realworld_authentication_results() -> Result<()> {
-        let mut test_failed = false;
-
-        let dir = tools::read_dir("test-data/message/dkimchecks-2022-09-28/".as_ref())
-            .await
-            .unwrap();
-        let mut bytes = Vec::new();
-        for entry in dir {
-            if !entry.file_type().await.unwrap().is_dir() {
-                continue;
-            }
-            let self_addr = entry.file_name().into_string().unwrap();
-            let self_domain = EmailAddress::new(&self_addr).unwrap().domain;
-            let authres_parsing_works = [
-                "ik.me",
-                "web.de",
-                "posteo.de",
-                "gmail.com",
-                "hotmail.com",
-                "mail.ru",
-                "aol.com",
-                "yahoo.com",
-                "icloud.com",
-                "fastmail.com",
-                "mail.de",
-                "outlook.com",
-                "gmx.de",
-                "testrun.org",
-            ]
-            .contains(&self_domain.as_str());
-
-            let t = TestContext::new().await;
-            t.configure_addr(&self_addr).await;
-            if !authres_parsing_works {
-                println!("========= Receiving as {} =========", &self_addr);
-            }
-
-            // Simulate receiving all emails once, so that we have the correct authserv-ids
-            let mut dir = tools::read_dir(&entry.path()).await.unwrap();
-
-            // The ordering in which the emails are received can matter;
-            // the test _should_ pass for every ordering.
-            dir.sort_by_key(|d| d.file_name());
-            //rand::seq::SliceRandom::shuffle(&mut dir[..], &mut rand::rng());
-
-            for entry in &dir {
-                let mut file = fs::File::open(entry.path()).await?;
-                bytes.clear();
-                file.read_to_end(&mut bytes).await.unwrap();
-
-                let mail = mailparse::parse_mail(&bytes)?;
-                let from = &mimeparser::get_from(&mail.headers).unwrap().addr;
-
-                let res = handle_authres(&t, &mail, from).await?;
-                let from_domain = EmailAddress::new(from).unwrap().domain;
-
-                // delta.blinzeln.de and gmx.de have invalid DKIM, so the DKIM check should fail
-                let expected_result = (from_domain != "delta.blinzeln.de") && (from_domain != "gmx.de")
-                    // These are (fictional) forged emails where the attacker added a fake
-                    // Authentication-Results before sending the email
-                    && from != "forged-authres-added@example.com"
-                    // Other forged emails
-                    && !from.starts_with("forged");
-
-                if res.dkim_passed != expected_result {
-                    if authres_parsing_works {
-                        println!(
-                            "!!!!!! FAILURE Receiving {:?} wrong result: !!!!!!",
-                            entry.path(),
-                        );
-                        test_failed = true;
-                    }
-                    println!("From {}: {}", from_domain, res.dkim_passed);
-                }
-            }
-        }
-
-        assert!(!test_failed);
-        Ok(())
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_handle_authres() {
-        let t = TestContext::new().await;
-
-        // Even if the format is wrong and parsing fails, handle_authres() shouldn't
-        // return an Err because this would prevent the message from being added
-        // to the database and downloaded again and again
-        let bytes = b"From: invalid@from.com
-Authentication-Results: dkim=";
-        let mail = mailparse::parse_mail(bytes).unwrap();
-        handle_authres(&t, &mail, "invalid@rom.com").await.unwrap();
-    }
-
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_authres_in_mailinglist_ignored() -> Result<()> {
-        let mut tcm = TestContextManager::new();
-        let alice = tcm.alice().await;
-        let bob = tcm.bob().await;
-
-        // Bob knows his server's authserv-id
-        bob.set_config(Config::AuthservIdCandidates, Some("example.net"))
-            .await?;
-
-        let alice_bob_chat = alice.create_chat(&bob).await;
-        let mut sent = alice.send_text(alice_bob_chat.id, "hellooo").await;
-        sent.payload
-            .insert_str(0, "List-Post: <mailto:deltachat-community.example.net>\n");
-        sent.payload
-            .insert_str(0, "Authentication-Results: example.net; dkim=fail\n");
-        let rcvd = bob.recv_msg(&sent).await;
-        assert!(rcvd.error.is_none());
-
-        // Do the same without the mailing list header, this time the failed
-        // authres isn't ignored
-        let mut sent = alice
-            .send_text(alice_bob_chat.id, "hellooo without mailing list")
-            .await;
-        sent.payload
-            .insert_str(0, "Authentication-Results: example.net; dkim=fail\n");
-        let rcvd = bob.recv_msg(&sent).await;
-
-        // The message info should contain a warning:
-        assert!(
-            rcvd.id
-                .get_info(&bob)
-                .await
-                .unwrap()
-                .contains("DKIM Results: Passed=false")
-        );
-
-        Ok(())
-    }
-}
--- a/src/blob.rs
+++ b/src/blob.rs
@@ -10,8 +10,8 @@ use anyhow::{Context as _, Result, ensure, format_err};
 use base64::Engine as _;
 use futures::StreamExt;
 use image::ImageReader;
-use image::codecs::jpeg::JpegEncoder;
 use image::{DynamicImage, GenericImage, GenericImageView, ImageFormat, Pixel, Rgba};
+use image::{codecs::jpeg::JpegEncoder, metadata::Orientation};
 use num_traits::FromPrimitive;
 use tokio::{fs, task};
 use tokio_stream::wrappers::ReadDirStream;
@@ -284,10 +284,6 @@ impl<'a> BlobObject<'a> {
    ///
    /// Recoding is only done for [`Viewtype::Image`]. For [`Viewtype::File`], if it's a correct
    /// image, `*viewtype` is set to [`Viewtype::Image`].
-    ///
-    /// On some platforms images are passed to Core as [`Viewtype::Sticker`]. We recheck if the
-    /// image is a true sticker assuming that it must have at least one fully transparent corner,
-    /// otherwise `*viewtype` is set to [`Viewtype::Image`].
    pub async fn check_or_recode_image(
        &mut self,
        context: &Context,
@@ -362,7 +358,10 @@ impl<'a> BlobObject<'a> {
                return Ok(name);
            }
            let mut img = imgreader.decode().context("image decode failure")?;
-            let orientation = exif.as_ref().map(|exif| exif_orientation(exif, context));
+            let orientation = exif
+                .as_ref()
+                .map(|exif| exif_orientation(exif, context))
+                .unwrap_or(Orientation::NoTransforms);
            let mut encoded = Vec::new();

            if *vt == Viewtype::Sticker {
@@ -381,13 +380,7 @@ impl<'a> BlobObject<'a> {
                    return Ok(name);
                }
            }
-
-            img = match orientation {
-                Some(90) => img.rotate90(),
-                Some(180) => img.rotate180(),
-                Some(270) => img.rotate270(),
-                _ => img,
-            };
+            img.apply_orientation(orientation);

            // max_wh is the maximum image width and height, i.e. the resolution-limit.
            // target_wh target-resolution for resizing the image.
@@ -468,7 +461,7 @@ impl<'a> BlobObject<'a> {
                            ));
                        }

-                        target_wh = target_wh * 2 / 3;
+                        target_wh = target_wh * 7 / 8;
                    } else {
                        info!(
                            context,
@@ -551,18 +544,17 @@ fn image_metadata(file: &std::fs::File) -> Result<(u64, Option<exif::Exif>)> {
    Ok((len, exif))
 }

-fn exif_orientation(exif: &exif::Exif, context: &Context) -> i32 {
-    if let Some(orientation) = exif.get_field(exif::Tag::Orientation, exif::In::PRIMARY) {
-        // possible orientation values are described at http://sylvana.net/jpegcrop/exif_orientation.html
-        // we only use rotation, in practise, flipping is not used.
-        match orientation.value.get_uint(0) {
-            Some(3) => return 180,
-            Some(6) => return 90,
-            Some(8) => return 270,
-            other => warn!(context, "Exif orientation value ignored: {other:?}."),
-        }
+fn exif_orientation(exif: &exif::Exif, context: &Context) -> Orientation {
+    if let Some(orientation) = exif.get_field(exif::Tag::Orientation, exif::In::PRIMARY)
+        && let Some(val) = orientation.value.get_uint(0)
+        && let Ok(val) = TryInto::<u8>::try_into(val)
+    {
+        return Orientation::from_exif(val).unwrap_or({
+            warn!(context, "Exif orientation value ignored: {val:?}.");
+            Orientation::NoTransforms
+        });
    }
-    0
+    Orientation::NoTransforms
 }

 /// All files in the blobdir.
--- a/src/blob/blob_tests.rs
+++ b/src/blob/blob_tests.rs
@@ -305,7 +305,7 @@ async fn test_recode_image_2() {
        has_exif: true,
        original_width: 2000,
        original_height: 1800,
-        orientation: 270,
+        orientation: Some(Orientation::Rotate270),
        compressed_width: 1800,
        compressed_height: 2000,
        ..Default::default()
@@ -336,6 +336,28 @@ async fn test_recode_image_2() {
    assert_correct_rotation(&img_rotated);
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_recode_image_vflipped() {
+    let bytes = include_bytes!("../../test-data/image/rectangle200x180-vflipped.jpg");
+    let img_rotated = SendImageCheckMediaquality {
+        viewtype: Viewtype::Image,
+        media_quality_config: "0",
+        bytes,
+        extension: "jpg",
+        has_exif: true,
+        original_width: 200,
+        original_height: 180,
+        orientation: Some(Orientation::FlipVertical),
+        compressed_width: 200,
+        compressed_height: 180,
+        ..Default::default()
+    }
+    .test()
+    .await
+    .unwrap();
+    assert_correct_rotation(&img_rotated);
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_recode_image_bad_exif() {
    // `exiftool` reports for this file "Bad offset for IFD0 XResolution", still Exif must be
@@ -423,7 +445,6 @@ async fn test_recode_image_balanced_png() {
    .await
    .unwrap();

-    // This will be sent as Image, see [`BlobObject::check_or_recode_image()`] for explanation.
    SendImageCheckMediaquality {
        viewtype: Viewtype::Sticker,
        media_quality_config: "0",
@@ -431,6 +452,7 @@ async fn test_recode_image_balanced_png() {
        extension: "png",
        original_width: 1920,
        original_height: 1080,
+        res_viewtype: Some(Viewtype::Sticker),
        compressed_width: 1920,
        compressed_height: 1080,
        ..Default::default()
@@ -530,7 +552,7 @@ struct SendImageCheckMediaquality<'a> {
    pub(crate) has_exif: bool,
    pub(crate) original_width: u32,
    pub(crate) original_height: u32,
-    pub(crate) orientation: i32,
+    pub(crate) orientation: Option<Orientation>,
    pub(crate) res_viewtype: Option<Viewtype>,
    pub(crate) compressed_width: u32,
    pub(crate) compressed_height: u32,
@@ -546,7 +568,7 @@ impl SendImageCheckMediaquality<'_> {
        let has_exif = self.has_exif;
        let original_width = self.original_width;
        let original_height = self.original_height;
-        let orientation = self.orientation;
+        let orientation = self.orientation.unwrap_or(Orientation::NoTransforms);
        let res_viewtype = self.res_viewtype.unwrap_or(Viewtype::Image);
        let compressed_width = self.compressed_width;
        let compressed_height = self.compressed_height;
@@ -712,8 +734,6 @@ async fn test_send_gif_as_sticker() -> Result<()> {
    let chat = alice.get_self_chat().await;
    let sent = alice.send_msg(chat.id, &mut msg).await;
    let msg = Message::load_from_db(alice, sent.sender_msg_id).await?;
-    // Message::force_sticker() wasn't used, still Viewtype::Sticker is preserved because of the
-    // extension.
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
    Ok(())
 }
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -1,12 +1,11 @@
 //! # Chat module.

 use std::cmp;
-use std::collections::{BTreeSet, HashMap, HashSet};
+use std::collections::{BTreeSet, HashMap};
 use std::fmt;
 use std::io::Cursor;
 use std::marker::Sync;
 use std::path::{Path, PathBuf};
-use std::str::FromStr;
 use std::time::Duration;

 use anyhow::{Context as _, Result, anyhow, bail, ensure};
@@ -23,8 +22,9 @@ use crate::chatlist_events;
 use crate::color::str_to_color;
 use crate::config::Config;
 use crate::constants::{
-    Blocked, Chattype, DC_CHAT_ID_ALLDONE_HINT, DC_CHAT_ID_ARCHIVED_LINK, DC_CHAT_ID_LAST_SPECIAL,
-    DC_CHAT_ID_TRASH, DC_RESEND_USER_AVATAR_DAYS, EDITED_PREFIX, TIMESTAMP_SENT_TOLERANCE,
+    self, Blocked, Chattype, DC_CHAT_ID_ALLDONE_HINT, DC_CHAT_ID_ARCHIVED_LINK,
+    DC_CHAT_ID_LAST_SPECIAL, DC_CHAT_ID_TRASH, DC_RESEND_USER_AVATAR_DAYS, EDITED_PREFIX,
+    TIMESTAMP_SENT_TOLERANCE,
 };
 use crate::contact::{self, Contact, ContactId, Origin};
 use crate::context::Context;
@@ -34,7 +34,7 @@ use crate::download::{
 };
 use crate::ephemeral::{Timer as EphemeralTimer, start_chat_ephemeral_timers};
 use crate::events::EventType;
-use crate::key::self_fingerprint;
+use crate::key::{Fingerprint, self_fingerprint};
 use crate::location;
 use crate::log::{LogExt, warn};
 use crate::logged_debug_assert;
@@ -477,12 +477,17 @@ impl ChatId {
    /// Adds message "Messages are end-to-end encrypted".
    pub(crate) async fn add_e2ee_notice(self, context: &Context, timestamp: i64) -> Result<()> {
        let text = stock_str::messages_e2ee_info_msg(context);
+
+        // Sort this notice to the very beginning of the chat.
+        // We don't want any message to appear before this notice
+        // which is normally added when encrypted chat is created.
+        let sort_timestamp = 0;
        add_info_msg_with_cmd(
            context,
            self,
            &text,
            SystemMessage::ChatE2ee,
-            Some(timestamp),
+            Some(sort_timestamp),
            timestamp,
            None,
            None,
@@ -492,6 +497,27 @@ impl ChatId {
        Ok(())
    }

+    /// Adds info message to the beginning of the chat.
+    ///
+    /// Used for messages such as
+    /// "Others will only see this group after you sent a first message."
+    pub(crate) async fn add_start_info_message(self, context: &Context, text: &str) -> Result<()> {
+        let sort_timestamp = 0;
+        add_info_msg_with_cmd(
+            context,
+            self,
+            text,
+            SystemMessage::Unknown,
+            Some(sort_timestamp),
+            time(),
+            None,
+            None,
+            None,
+        )
+        .await?;
+        Ok(())
+    }
+
    /// Archives or unarchives a chat.
    pub async fn set_visibility(self, context: &Context, visibility: ChatVisibility) -> Result<()> {
        self.set_visibility_ex(context, Sync, visibility).await
@@ -925,6 +951,17 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            .unwrap_or(0))
    }

+    /// Returns timestamp of us joining the chat if we are the member of the chat.
+    pub(crate) async fn join_timestamp(self, context: &Context) -> Result<Option<i64>> {
+        context
+            .sql
+            .query_get_value(
+                "SELECT add_timestamp FROM chats_contacts WHERE chat_id=? AND contact_id=?",
+                (self, ContactId::SELF),
+            )
+            .await
+    }
+
    /// Returns timestamp of the latest message in the chat,
    /// including hidden messages or a draft if there is one.
    pub(crate) async fn get_timestamp(self, context: &Context) -> Result<Option<i64>> {
@@ -1151,7 +1188,6 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
    /// prefer plaintext emails.
    ///
    /// To get more verbose summary for a contact, including its key fingerprint, use [`Contact::get_encrinfo`].
-    #[expect(clippy::arithmetic_side_effects)]
    pub async fn get_encryption_info(self, context: &Context) -> Result<String> {
        let chat = Chat::load_from_db(context, self).await?;
        if !chat.is_encrypted(context).await? {
@@ -1174,7 +1210,8 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            );
            let fingerprint = contact
                .fingerprint()
-                .context("Contact does not have a fingerprint in encrypted chat")?;
+                .context("Contact does not have a fingerprint in encrypted chat")?
+                .human_readable();
            if let Some(public_key) = contact.public_key(context).await? {
                if let Some(relay_addrs) = addresses_from_public_key(&public_key) {
                    let relays = relay_addrs.join(",");
@@ -1212,15 +1249,11 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
    /// corresponding event in case of a system message (usually the current system time).
    /// `always_sort_to_bottom` makes this adjust the returned timestamp up so that the message goes
    /// to the chat bottom.
-    /// `received` -- whether the message is received. Otherwise being sent.
-    /// `incoming` -- whether the message is incoming.
    pub(crate) async fn calc_sort_timestamp(
        self,
        context: &Context,
        message_timestamp: i64,
        always_sort_to_bottom: bool,
-        received: bool,
-        incoming: bool,
    ) -> Result<i64> {
        let mut sort_timestamp = cmp::min(message_timestamp, smeared_time(context));

@@ -1240,38 +1273,6 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
                    (self, MessageState::OutDraft),
                )
                .await?
-        } else if received {
-            // Received messages shouldn't mingle with just sent ones and appear somewhere in the
-            // middle of the chat, so we go after the newest non fresh message.
-            //
-            // But if a received outgoing message is older than some seen message, better sort the
-            // received message purely by timestamp. We could place it just before that seen
-            // message, but anyway the user may not notice it.
-            //
-            // NB: Received outgoing messages may break sorting of fresh incoming ones, but this
-            // shouldn't happen frequently. Seen incoming messages don't really break sorting of
-            // fresh ones, they rather mean that older incoming messages are actually seen as well.
-            context
-                .sql
-                .query_row_optional(
-                    "SELECT MAX(timestamp), MAX(IIF(state=?,timestamp_sent,0))
-                     FROM msgs
-                     WHERE chat_id=? AND hidden=0 AND state>?
-                     HAVING COUNT(*) > 0",
-                    (MessageState::InSeen, self, MessageState::InFresh),
-                    |row| {
-                        let ts: i64 = row.get(0)?;
-                        let ts_sent_seen: i64 = row.get(1)?;
-                        Ok((ts, ts_sent_seen))
-                    },
-                )
-                .await?
-                .and_then(|(ts, ts_sent_seen)| {
-                    match incoming || ts_sent_seen <= message_timestamp {
-                        true => Some(ts),
-                        false => None,
-                    }
-                })
        } else {
            None
        };
@@ -1282,7 +1283,16 @@ SELECT id, rfc724_mid, pre_rfc724_mid, timestamp, ?, 1 FROM msgs WHERE chat_id=?
            sort_timestamp = last_msg_time;
        }

-        Ok(sort_timestamp)
+        if let Some(join_timestamp) = self.join_timestamp(context).await? {
+            // If we are the member of the chat, don't add messages
+            // before the timestamp of us joining it.
+            // This is needed to avoid sorting "Member added"
+            // or automatically sent bot welcome messages
+            // above SecureJoin system messages.
+            Ok(std::cmp::max(sort_timestamp, join_timestamp))
+        } else {
+            Ok(sort_timestamp)
+        }
    }
 }

@@ -1742,7 +1752,6 @@ impl Chat {
    ///
    /// If `update_msg_id` is set, that record is reused;
    /// if `update_msg_id` is None, a new record is created.
-    #[expect(clippy::arithmetic_side_effects)]
    async fn prepare_msg_raw(
        &mut self,
        context: &Context,
@@ -2458,10 +2467,7 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
            .with_context(|| format!("attachment missing for message of type #{}", msg.viewtype))?;
        let mut maybe_image = false;

-        if msg.viewtype == Viewtype::File
-            || msg.viewtype == Viewtype::Image
-            || msg.viewtype == Viewtype::Sticker && !msg.param.exists(Param::ForceSticker)
-        {
+        if msg.viewtype == Viewtype::File || msg.viewtype == Viewtype::Image {
            // Correct the type, take care not to correct already very special
            // formats as GIF or VOICE.
            //
@@ -2469,12 +2475,7 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
            // - from FILE to AUDIO/VIDEO/IMAGE
            // - from FILE/IMAGE to GIF */
            if let Some((better_type, _)) = message::guess_msgtype_from_suffix(msg) {
-                if msg.viewtype == Viewtype::Sticker {
-                    if better_type != Viewtype::Image {
-                        // UIs don't want conversions of `Sticker` to anything other than `Image`.
-                        msg.param.set_int(Param::ForceSticker, 1);
-                    }
-                } else if better_type == Viewtype::Image {
+                if better_type == Viewtype::Image {
                    maybe_image = true;
                } else if better_type != Viewtype::Webxdc
                    || context
@@ -2494,10 +2495,7 @@ async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
        if msg.viewtype == Viewtype::Vcard {
            msg.try_set_vcard(context, &blob.to_abs_path()).await?;
        }
-        if msg.viewtype == Viewtype::File && maybe_image
-            || msg.viewtype == Viewtype::Image
-            || msg.viewtype == Viewtype::Sticker && !msg.param.exists(Param::ForceSticker)
-        {
+        if msg.viewtype == Viewtype::File && maybe_image || msg.viewtype == Viewtype::Image {
            let new_name = blob
                .check_or_recode_image(context, msg.get_filename(), &mut msg.viewtype)
                .await?;
@@ -2618,7 +2616,7 @@ pub async fn send_msg(context: &Context, chat_id: ChatId, msg: &mut Message) ->
    if msg.state != MessageState::Undefined && msg.state != MessageState::OutPreparing {
        msg.param.remove(Param::GuaranteeE2ee);
        msg.param.remove(Param::ForcePlaintext);
-        msg.update_param(context).await?;
+        // create_send_msg_jobs() will update `param` in the db.
    }

    // protect all system messages against RTLO attacks
@@ -2723,7 +2721,19 @@ async fn prepare_send_msg(
        None
    };

-    // ... then change the MessageState in the message object
+    if matches!(
+        msg.state,
+        MessageState::Undefined | MessageState::OutPreparing
+    )
+        // Legacy SecureJoin "v*-request" messages are unencrypted.
+        && msg.param.get_cmd() != SystemMessage::SecurejoinMessage
+        && chat.is_encrypted(context).await?
+    {
+        msg.param.set_int(Param::GuaranteeE2ee, 1);
+        if !msg.id.is_unset() {
+            msg.update_param(context).await?;
+        }
+    }
    msg.state = MessageState::OutPending;

    msg.timestamp_sort = create_smeared_timestamp(context);
@@ -2769,15 +2779,13 @@ async fn render_mime_message_and_pre_message(

        let mut mimefactory_post_msg = mimefactory.clone();
        mimefactory_post_msg.set_as_post_message();
-        let rendered_msg = mimefactory_post_msg
-            .render(context)
+        let rendered_msg = Box::pin(mimefactory_post_msg.render(context))
            .await
            .context("Failed to render post-message")?;

        let mut mimefactory_pre_msg = mimefactory;
        mimefactory_pre_msg.set_as_pre_message_for(&rendered_msg);
-        let rendered_pre_msg = mimefactory_pre_msg
-            .render(context)
+        let rendered_pre_msg = Box::pin(mimefactory_pre_msg.render(context))
            .await
            .context("pre-message failed to render")?;

@@ -2792,7 +2800,7 @@ async fn render_mime_message_and_pre_message(

        Ok((Some(rendered_pre_msg), rendered_msg))
    } else {
-        Ok((None, mimefactory.render(context).await?))
+        Ok((None, Box::pin(mimefactory.render(context)).await?))
    }
 }

@@ -2921,11 +2929,26 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        msg.param.remove(Param::GuaranteeE2ee);
    }
    msg.subject.clone_from(&rendered_msg.subject);
+    // Sort the message to the bottom. Employ `msgs_index7` to compute `timestamp`.
    context
        .sql
        .execute(
-            "UPDATE msgs SET pre_rfc724_mid=?, subject=?, param=? WHERE id=?",
+            "
+UPDATE msgs SET
+    timestamp=(
+        SELECT MAX(timestamp) FROM msgs INDEXED BY msgs_index7 WHERE
+            -- From `InFresh` to `OutMdnRcvd` inclusive except `OutDraft`.
+            state IN(10,13,16,18,20,24,26,28) AND
+            hidden IN(0,1) AND
+            chat_id=? AND
+            id<=?
+    ),
+    pre_rfc724_mid=?, subject=?, param=?
+WHERE id=?
+            ",
            (
+                msg.chat_id,
+                msg.id,
                &msg.pre_rfc724_mid,
                &msg.subject,
                msg.param.to_string(),
@@ -2990,7 +3013,6 @@ pub async fn send_text_msg(
 }

 /// Sends chat members a request to edit the given message's text.
-#[expect(clippy::arithmetic_side_effects)]
 pub async fn send_edit_request(context: &Context, msg_id: MsgId, new_text: String) -> Result<()> {
    let mut original_msg = Message::load_from_db(context, msg_id).await?;
    ensure!(
@@ -3075,9 +3097,6 @@ async fn donation_request_maybe(context: &Context) -> Result<()> {
 /// Chat message list request options.
 #[derive(Debug)]
 pub struct MessageListOptions {
-    /// Return only info messages.
-    pub info_only: bool,
-
    /// Add day markers before each date regarding the local timezone.
    pub add_daymarker: bool,
 }
@@ -3088,56 +3107,27 @@ pub async fn get_chat_msgs(context: &Context, chat_id: ChatId) -> Result<Vec<Cha
        context,
        chat_id,
        MessageListOptions {
-            info_only: false,
            add_daymarker: false,
        },
    )
    .await
 }

-/// Returns messages belonging to the chat according to the given options.
+/// Returns messages belonging to the chat according to the given options,
+/// sorted by oldest message first.
 #[expect(clippy::arithmetic_side_effects)]
 pub async fn get_chat_msgs_ex(
    context: &Context,
    chat_id: ChatId,
    options: MessageListOptions,
 ) -> Result<Vec<ChatItem>> {
-    let MessageListOptions {
-        info_only,
-        add_daymarker,
-    } = options;
-    let process_row = if info_only {
-        |row: &rusqlite::Row| {
-            // is_info logic taken from Message.is_info()
-            let params = row.get::<_, String>("param")?;
-            let (from_id, to_id) = (
-                row.get::<_, ContactId>("from_id")?,
-                row.get::<_, ContactId>("to_id")?,
-            );
-            let is_info_msg: bool = from_id == ContactId::INFO
-                || to_id == ContactId::INFO
-                || match Params::from_str(&params) {
-                    Ok(p) => {
-                        let cmd = p.get_cmd();
-                        cmd != SystemMessage::Unknown && cmd != SystemMessage::AutocryptSetupMessage
-                    }
-                    _ => false,
-                };
-
-            Ok((
-                row.get::<_, i64>("timestamp")?,
-                row.get::<_, MsgId>("id")?,
-                !is_info_msg,
-            ))
-        }
-    } else {
-        |row: &rusqlite::Row| {
-            Ok((
-                row.get::<_, i64>("timestamp")?,
-                row.get::<_, MsgId>("id")?,
-                false,
-            ))
-        }
+    let MessageListOptions { add_daymarker } = options;
+    let process_row = |row: &rusqlite::Row| {
+        Ok((
+            row.get::<_, i64>("timestamp")?,
+            row.get::<_, MsgId>("id")?,
+            false,
+        ))
    };
    let process_rows = |rows: rusqlite::AndThenRows<_>| {
        // It is faster to sort here rather than
@@ -3172,39 +3162,18 @@ pub async fn get_chat_msgs_ex(
        Ok(ret)
    };

-    let items = if info_only {
-        context
-            .sql
-            .query_map(
-        // GLOB is used here instead of LIKE because it is case-sensitive
-                "SELECT m.id AS id, m.timestamp AS timestamp, m.param AS param, m.from_id AS from_id, m.to_id AS to_id
-               FROM msgs m
-              WHERE m.chat_id=?
-                AND m.hidden=0
-                AND (
-                    m.param GLOB '*\nS=*' OR param GLOB 'S=*'
-                    OR m.from_id == ?
-                    OR m.to_id == ?
-                );",
-                (chat_id, ContactId::INFO, ContactId::INFO),
-                process_row,
-                process_rows,
-            )
-            .await?
-    } else {
-        context
-            .sql
-            .query_map(
-                "SELECT m.id AS id, m.timestamp AS timestamp
+    let items = context
+        .sql
+        .query_map(
+            "SELECT m.id AS id, m.timestamp AS timestamp
               FROM msgs m
              WHERE m.chat_id=?
                AND m.hidden=0;",
-                (chat_id,),
-                process_row,
-                process_rows,
-            )
-            .await?
-    };
+            (chat_id,),
+            process_row,
+            process_rows,
+        )
+        .await?;
    Ok(items)
 }

@@ -3622,7 +3591,7 @@ pub(crate) async fn create_group_ex(
            // Add "Messages in this chat use classic email and are not encrypted." message.
            stock_str::chat_unencrypted_explanation(context)
        };
-        add_info_msg(context, chat_id, &text).await?;
+        chat_id.add_start_info_message(context, &text).await?;
    }
    if let (true, true) = (sync.into(), !grpid.is_empty()) {
        let id = SyncId::Grpid(grpid);
@@ -3753,7 +3722,7 @@ pub(crate) async fn update_chat_contacts_table(
    context: &Context,
    timestamp: i64,
    id: ChatId,
-    contacts: &HashSet<ContactId>,
+    contacts: &BTreeSet<ContactId>,
 ) -> Result<()> {
    context
        .sql
@@ -3979,9 +3948,47 @@ pub(crate) async fn add_contact_to_chat_ex(
    if sync.into() {
        chat.sync_contacts(context).await.log_err(context).ok();
    }
+    if chat.typ == Chattype::OutBroadcast {
+        resend_last_msgs(context, chat.id, &contact)
+            .await
+            .log_err(context)
+            .ok();
+    }
    Ok(true)
 }

+async fn resend_last_msgs(context: &Context, chat_id: ChatId, to_contact: &Contact) -> Result<()> {
+    let msgs: Vec<MsgId> = context
+        .sql
+        .query_map_vec(
+            "
+SELECT id
+FROM msgs
+WHERE chat_id=?
+    AND hidden=0
+    AND NOT ( -- Exclude info and system messages
+        param GLOB '*\nS=*' OR param GLOB 'S=*'
+        OR from_id=?
+        OR to_id=?
+    )
+    AND type!=?
+ORDER BY timestamp DESC, id DESC LIMIT ?",
+            (
+                chat_id,
+                ContactId::INFO,
+                ContactId::INFO,
+                Viewtype::Webxdc,
+                constants::N_MSGS_TO_NEW_BROADCAST_MEMBER,
+            ),
+            |row: &rusqlite::Row| Ok(row.get::<_, MsgId>(0)?),
+        )
+        .await?
+        .into_iter()
+        .rev()
+        .collect();
+    resend_msgs_ex(context, &msgs, to_contact.fingerprint()).await
+}
+
 /// Returns true if an avatar should be attached in the given chat.
 ///
 /// This function does not check if the avatar is set.
@@ -4121,61 +4128,56 @@ pub async fn remove_contact_from_chat(
        delete_broadcast_secret(context, chat_id).await?;
    }

-    if matches!(
-        chat.typ,
-        Chattype::Group | Chattype::OutBroadcast | Chattype::InBroadcast
-    ) {
-        if !chat.is_self_in_chat(context).await? {
-            let err_msg = format!(
-                "Cannot remove contact {contact_id} from chat {chat_id}: self not in group."
-            );
-            context.emit_event(EventType::ErrorSelfNotInGroup(err_msg.clone()));
-            bail!("{err_msg}");
-        } else {
-            let mut sync = Nosync;
+    ensure!(
+        matches!(
+            chat.typ,
+            Chattype::Group | Chattype::OutBroadcast | Chattype::InBroadcast
+        ),
+        "Cannot remove members from non-group chats."
+    );

-            if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
-                remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
-            } else {
-                remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
-            }
+    if !chat.is_self_in_chat(context).await? {
+        let err_msg =
+            format!("Cannot remove contact {contact_id} from chat {chat_id}: self not in group.");
+        context.emit_event(EventType::ErrorSelfNotInGroup(err_msg.clone()));
+        bail!("{err_msg}");
+    }

-            // We do not return an error if the contact does not exist in the database.
-            // This allows to delete dangling references to deleted contacts
-            // in case of the database becoming inconsistent due to a bug.
-            if let Some(contact) = Contact::get_by_id_optional(context, contact_id).await? {
-                if chat.is_promoted() {
-                    let addr = contact.get_addr();
-                    let fingerprint = contact.fingerprint().map(|f| f.hex());
+    let mut sync = Nosync;

-                    let res = send_member_removal_msg(
-                        context,
-                        &chat,
-                        contact_id,
-                        addr,
-                        fingerprint.as_deref(),
-                    )
+    if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
+        remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
+    } else {
+        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
+    }
+
+    // We do not return an error if the contact does not exist in the database.
+    // This allows to delete dangling references to deleted contacts
+    // in case of the database becoming inconsistent due to a bug.
+    if let Some(contact) = Contact::get_by_id_optional(context, contact_id).await? {
+        if chat.is_promoted() {
+            let addr = contact.get_addr();
+            let fingerprint = contact.fingerprint().map(|f| f.hex());
+
+            let res =
+                send_member_removal_msg(context, &chat, contact_id, addr, fingerprint.as_deref())
                    .await;

-                    if contact_id == ContactId::SELF {
-                        res?;
-                    } else if let Err(e) = res {
-                        warn!(
-                            context,
-                            "remove_contact_from_chat({chat_id}, {contact_id}): send_msg() failed: {e:#}."
-                        );
-                    }
-                } else {
-                    sync = Sync;
-                }
-            }
-            context.emit_event(EventType::ChatModified(chat_id));
-            if sync.into() {
-                chat.sync_contacts(context).await.log_err(context).ok();
+            if contact_id == ContactId::SELF {
+                res?;
+            } else if let Err(e) = res {
+                warn!(
+                    context,
+                    "remove_contact_from_chat({chat_id}, {contact_id}): send_msg() failed: {e:#}."
+                );
            }
+        } else {
+            sync = Sync;
        }
-    } else {
-        bail!("Cannot remove members from non-group chats.");
+    }
+    context.emit_event(EventType::ChatModified(chat_id));
+    if sync.into() {
+        chat.sync_contacts(context).await.log_err(context).ok();
    }

    Ok(())
@@ -4584,7 +4586,6 @@ pub async fn save_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
 /// the copy contains a reference to the original message
 /// as well as to the original chat in case the original message gets deleted.
 /// Returns data needed to add a `SaveMessage` sync item.
-#[expect(clippy::arithmetic_side_effects)]
 pub(crate) async fn save_copy_in_self_talk(
    context: &Context,
    src_msg_id: MsgId,
@@ -4651,10 +4652,26 @@ pub(crate) async fn save_copy_in_self_talk(
    Ok(msg.rfc724_mid)
 }

-/// Resends given messages with the same Message-ID.
+/// Resends given messages to members of the corresponding chats.
 ///
 /// This is primarily intended to make existing webxdcs available to new chat members.
 pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
+    resend_msgs_ex(context, msg_ids, None).await
+}
+
+/// Resends given messages to a contact with fingerprint `to_fingerprint` or, if it's `None`, to
+/// members of the corresponding chats.
+///
+/// NB: Actually `to_fingerprint` is only passed for `OutBroadcast` chats when a new member is
+/// added. Regarding webxdcs: It is not trivial to resend only the own status updates,
+/// and it is not trivial to resend them only to the newly-joined member,
+/// so that for now, [`resend_last_msgs`] does not automatically resend webxdcs at all.
+pub(crate) async fn resend_msgs_ex(
+    context: &Context,
+    msg_ids: &[MsgId],
+    to_fingerprint: Option<Fingerprint>,
+) -> Result<()> {
+    let to_fingerprint = to_fingerprint.map(|f| f.hex());
    let mut msgs: Vec<Message> = Vec::new();
    for msg_id in msg_ids {
        let msg = Message::load_from_db(context, *msg_id).await?;
@@ -4673,10 +4690,17 @@ pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
            | MessageState::OutFailed
            | MessageState::OutDelivered
            | MessageState::OutMdnRcvd => {
-                message::update_msg_state(context, msg.id, MessageState::OutPending).await?
+                // Broadcast owners shouldn't see spinners on messages being auto-re-sent to new
+                // subscribers (otherwise big channel owners will see spinners most of the time).
+                if to_fingerprint.is_none() {
+                    message::update_msg_state(context, msg.id, MessageState::OutPending).await?;
+                }
            }
            msg_state => bail!("Unexpected message state {msg_state}"),
        }
+        if let Some(to_fingerprint) = &to_fingerprint {
+            msg.param.set(Param::Arg4, to_fingerprint.clone());
+        }
        if create_send_msg_jobs(context, &mut msg).await?.is_empty() {
            continue;
        }
@@ -4688,7 +4712,8 @@ pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
            chat_id: msg.chat_id,
            msg_id: msg.id,
        });
-        // note(treefit): only matters if it is the last message in chat (but probably to expensive to check, debounce also solves it)
+        // The event only matters if the message is last in the chat.
+        // But it's probably too expensive check, and UIs anyways need to debounce.
        chatlist_events::emit_chatlist_item_changed(context, msg.chat_id);

        if msg.viewtype == Viewtype::Webxdc {
@@ -4881,8 +4906,6 @@ pub async fn was_device_msg_ever_added(context: &Context, label: &str) -> Result
 //   no wrong information are shown in the device chat
 // - deletion in `devmsglabels` makes sure,
 //   deleted messages are reset and useful messages can be added again
-// - we reset the config-option `QuotaExceeding`
-//   that is used as a helper to drive the corresponding device message.
 pub(crate) async fn delete_and_reset_all_device_msgs(context: &Context) -> Result<()> {
    context
        .sql
@@ -4898,9 +4921,6 @@ pub(crate) async fn delete_and_reset_all_device_msgs(context: &Context) -> Resul
            (),
        )
        .await?;
-    context
-        .set_config_internal(Config::QuotaExceeding, None)
-        .await?;
    Ok(())
 }

@@ -4938,15 +4958,8 @@ pub(crate) async fn add_info_msg_with_cmd(
        ts
    } else {
        let sort_to_bottom = true;
-        let (received, incoming) = (false, false);
        chat_id
-            .calc_sort_timestamp(
-                context,
-                smeared_time(context),
-                sort_to_bottom,
-                received,
-                incoming,
-            )
+            .calc_sort_timestamp(context, smeared_time(context), sort_to_bottom)
            .await?
    };

@@ -5024,7 +5037,7 @@ async fn set_contacts_by_addrs(context: &Context, id: ChatId, addrs: &[String])
        chat.typ == Chattype::OutBroadcast,
        "{id} is not a broadcast list",
    );
-    let mut contacts = HashSet::new();
+    let mut contacts = BTreeSet::new();
    for addr in addrs {
        let contact_addr = ContactAddress::new(addr)?;
        let contact = Contact::add_or_lookup(context, "", &contact_addr, Origin::Hidden)
@@ -5032,7 +5045,7 @@ async fn set_contacts_by_addrs(context: &Context, id: ChatId, addrs: &[String])
            .0;
        contacts.insert(contact);
    }
-    let contacts_old = HashSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
+    let contacts_old = BTreeSet::<ContactId>::from_iter(get_chat_contacts(context, id).await?);
    if contacts == contacts_old {
        return Ok(());
    }
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -3,11 +3,11 @@ use std::sync::Arc;
 use super::*;
 use crate::Event;
 use crate::chatlist::get_archived_cnt;
-use crate::constants::{DC_GCL_ARCHIVED_ONLY, DC_GCL_NO_SPECIALS};
+use crate::constants::{DC_GCL_ARCHIVED_ONLY, DC_GCL_NO_SPECIALS, N_MSGS_TO_NEW_BROADCAST_MEMBER};
 use crate::ephemeral::Timer;
 use crate::headerdef::HeaderDef;
 use crate::imex::{ImexMode, has_backup, imex};
-use crate::message::{MessengerMessage, delete_msgs};
+use crate::message::{Message, MessengerMessage, delete_msgs};
 use crate::mimeparser::{self, MimeMessage};
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
@@ -2032,12 +2032,6 @@ async fn test_classic_email_chat() -> Result<()> {
    let msgs = get_chat_msgs(&alice, chat_id).await?;
    assert_eq!(msgs.len(), 1);

-    // Alice disables receiving classic emails.
-    alice
-        .set_config(Config::ShowEmails, Some("0"))
-        .await
-        .unwrap();
-
    // Already received classic email should still be in the chat.
    assert_eq!(chat_id.get_fresh_msg_cnt(&alice).await?, 1);

@@ -2075,13 +2069,7 @@ async fn test_chat_get_color_encrypted() -> Result<()> {
    Ok(())
 }

-async fn test_sticker(
-    filename: &str,
-    bytes: &[u8],
-    res_viewtype: Viewtype,
-    w: i32,
-    h: i32,
-) -> Result<()> {
+async fn test_sticker(filename: &str, bytes: &[u8], w: i32, h: i32) -> Result<()> {
    let alice = TestContext::new_alice().await;
    let bob = TestContext::new_bob().await;
    let alice_chat = alice.create_chat(&bob).await;
@@ -2097,7 +2085,7 @@ async fn test_sticker(

    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.chat_id, bob_chat.id);
-    assert_eq!(msg.get_viewtype(), res_viewtype);
+    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
    assert_eq!(msg.get_filename().unwrap(), filename);
    assert_eq!(msg.get_width(), w);
    assert_eq!(msg.get_height(), h);
@@ -2111,7 +2099,6 @@ async fn test_sticker_png() -> Result<()> {
    test_sticker(
        "sticker.png",
        include_bytes!("../../test-data/image/logo.png"),
-        Viewtype::Sticker,
        135,
        135,
    )
@@ -2123,7 +2110,6 @@ async fn test_sticker_jpeg() -> Result<()> {
    test_sticker(
        "sticker.jpg",
        include_bytes!("../../test-data/image/avatar1000x1000.jpg"),
-        Viewtype::Image,
        1000,
        1000,
    )
@@ -2131,10 +2117,33 @@ async fn test_sticker_jpeg() -> Result<()> {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_sticker_jpeg_force() {
-    let alice = TestContext::new_alice().await;
-    let bob = TestContext::new_bob().await;
-    let alice_chat = alice.create_chat(&bob).await;
+async fn test_sticker_gif() -> Result<()> {
+    test_sticker(
+        "sticker.gif",
+        include_bytes!("../../test-data/image/logo.gif"),
+        135,
+        135,
+    )
+    .await
+}
+
+/// Tests that stickers are sent as stickers.
+///
+/// Previously there was heuristic that stickers
+/// were sometimes turned into non-stickers,
+/// e.g. when it looked like UI sent
+/// a screenshot dragged from the gallery into chat
+/// as a sticker.
+///
+/// We have no such heuristic anymore,
+/// if such heuristic is needed on some platform,
+/// UI code should implement it.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_sticker_no_heuristics() {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let alice_chat = alice.create_chat(bob).await;

    let file = alice.get_blobdir().join("sticker.jpg");
    tokio::fs::write(
@@ -2144,53 +2153,38 @@ async fn test_sticker_jpeg_force() {
    .await
    .unwrap();

-    // Images without force_sticker should be turned into [Viewtype::Image]
+    // Send a sticker.
    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
+    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
        .unwrap();
-    let file = msg.get_file(&alice).unwrap();
-    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
-    let msg = bob.recv_msg(&sent_msg).await;
-    assert_eq!(msg.get_viewtype(), Viewtype::Image);
-
-    // Images with `force_sticker = true` should keep [Viewtype::Sticker]
-    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
-        .unwrap();
-    msg.force_sticker();
+    let file = msg.get_file(alice).unwrap();
    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);

-    // Images with `force_sticker = true` should keep [Viewtype::Sticker]
-    // even on drafted messages
+    // Send a sticker reusing the file.
    let mut msg = Message::new(Viewtype::Sticker);
-    msg.set_file_and_deduplicate(&alice, &file, Some("sticker.jpg"), None)
+    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
+        .unwrap();
+    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
+    let msg = bob.recv_msg(&sent_msg).await;
+    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
+
+    // Set sticker as a draft, then send it.
+    let mut msg = Message::new(Viewtype::Sticker);
+    msg.set_file_and_deduplicate(alice, &file, Some("sticker.jpg"), None)
        .unwrap();
-    msg.force_sticker();
    alice_chat
        .id
-        .set_draft(&alice, Some(&mut msg))
+        .set_draft(alice, Some(&mut msg))
        .await
        .unwrap();
-    let mut msg = alice_chat.id.get_draft(&alice).await.unwrap().unwrap();
+    let mut msg = alice_chat.id.get_draft(alice).await.unwrap().unwrap();
    let sent_msg = alice.send_msg(alice_chat.id, &mut msg).await;
    let msg = bob.recv_msg(&sent_msg).await;
    assert_eq!(msg.get_viewtype(), Viewtype::Sticker);
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_sticker_gif() -> Result<()> {
-    test_sticker(
-        "sticker.gif",
-        include_bytes!("../../test-data/image/logo.gif"),
-        Viewtype::Sticker,
-        135,
-        135,
-    )
-    .await
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_sticker_forward() -> Result<()> {
    // create chats
@@ -2692,6 +2686,49 @@ async fn test_resend_own_message() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_resend_doesnt_resort_msg() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let alice_grp = create_group(alice, "").await?;
+    let sent1 = alice.send_text(alice_grp, "hi").await;
+    let sent1_ts = Message::load_from_db(alice, sent1.sender_msg_id)
+        .await?
+        .timestamp_sort;
+
+    SystemTime::shift(Duration::from_secs(60));
+    add_contact_to_chat(alice, alice_grp, alice.add_or_lookup_contact_id(bob).await).await?;
+    let sent2 = alice
+        .send_text(
+            alice_grp,
+            "Let's test resending, there are very few tests on it",
+        )
+        .await;
+    let resent_msg_id = sent1.sender_msg_id;
+    resend_msgs(alice, &[resent_msg_id]).await?;
+    assert_eq!(
+        resent_msg_id.get_state(alice).await?,
+        MessageState::OutPending
+    );
+    alice.pop_sent_msg().await;
+    assert_eq!(
+        resent_msg_id.get_state(alice).await?,
+        MessageState::OutDelivered
+    );
+    assert_eq!(
+        Message::load_from_db(alice, sent1.sender_msg_id)
+            .await?
+            .timestamp_sort,
+        sent1_ts
+    );
+    assert_eq!(
+        alice.get_last_msg_id_in(alice_grp).await,
+        sent2.sender_msg_id
+    );
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_resend_foreign_message_fails() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -2792,7 +2829,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&vc_pubkey).await;
-        assert!(parsed_by_bob.decrypting_failed);
+        assert!(parsed_by_bob.decryption_error.is_some());

        charlie.recv_msg_trash(&vc_pubkey).await;
    }
@@ -2805,6 +2842,15 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
            "alice@example.org charlie@example.net"
        );

+        // Check additionally that subscribers don't send "Chat-Group-Name*" headers.
+        let parsed = alice.parse_msg(&request_with_auth).await;
+        assert!(parsed.get_header(HeaderDef::ChatGroupName).is_none());
+        assert!(
+            parsed
+                .get_header(HeaderDef::ChatGroupNameTimestamp)
+                .is_none()
+        );
+
        alice.recv_msg_trash(&request_with_auth).await;
    }

@@ -2821,7 +2867,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&member_added).await;
-        assert!(parsed_by_bob.decrypting_failed);
+        assert!(parsed_by_bob.decryption_error.is_some());

        let rcvd = charlie.recv_msg(&member_added).await;
        assert_eq!(rcvd.param.get_cmd(), SystemMessage::MemberAddedToGroup);
@@ -2836,7 +2882,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&hi_msg).await;
-        assert_eq!(parsed_by_bob.decrypting_failed, false);
+        assert!(parsed_by_bob.decryption_error.is_none());
    }

    tcm.section("Alice removes Charlie. Bob must not see it.");
@@ -2853,7 +2899,7 @@ async fn test_broadcast_members_cant_see_each_other() -> Result<()> {
        assert_eq!(parsed.decoded_data_contains("bob@example.net"), false);

        let parsed_by_bob = bob.parse_msg(&member_removed).await;
-        assert!(parsed_by_bob.decrypting_failed);
+        assert!(parsed_by_bob.decryption_error.is_some());

        let rcvd = charlie.recv_msg(&member_removed).await;
        assert_eq!(rcvd.param.get_cmd(), SystemMessage::MemberRemovedFromGroup);
@@ -2947,6 +2993,56 @@ async fn test_broadcast_change_name() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_broadcast_resend_to_new_member() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    let alice_bc_id = create_broadcast(alice, "Channel".to_string()).await?;
+    let qr = get_securejoin_qr(alice, Some(alice_bc_id)).await.unwrap();
+
+    tcm.exec_securejoin_qr(bob, alice, &qr).await;
+    let mut alice_msg_ids = Vec::new();
+    for i in 0..(N_MSGS_TO_NEW_BROADCAST_MEMBER + 1) {
+        alice_msg_ids.push(
+            alice
+                .send_text(alice_bc_id, &i.to_string())
+                .await
+                .sender_msg_id,
+        );
+    }
+    let fiona_bc_id = tcm.exec_securejoin_qr(fiona, alice, &qr).await;
+    for msg_id in alice_msg_ids {
+        assert_eq!(msg_id.get_state(alice).await?, MessageState::OutDelivered);
+    }
+    for i in 0..N_MSGS_TO_NEW_BROADCAST_MEMBER {
+        let rev_order = false;
+        let resent_msg = alice
+            .pop_sent_msg_ex(rev_order, Duration::ZERO)
+            .await
+            .unwrap();
+        let fiona_msg = fiona.recv_msg(&resent_msg).await;
+        assert_eq!(fiona_msg.chat_id, fiona_bc_id);
+        assert_eq!(fiona_msg.text, (i + 1).to_string());
+        assert!(resent_msg.recipients.contains("fiona@example.net"));
+        assert!(!resent_msg.recipients.contains("bob@"));
+        // The message is undecryptable for Bob, he mustn't be able to know yet that somebody joined
+        // the broadcast even if he is a postman in this land. E.g. Fiona may leave after fetching
+        // the news, Bob won't know about that.
+        assert!(
+            MimeMessage::from_bytes(bob, resent_msg.payload().as_bytes())
+                .await?
+                .decryption_error
+                .is_some()
+        );
+        bob.recv_msg_trash(&resent_msg).await;
+    }
+    assert!(alice.pop_sent_msg_opt(Duration::ZERO).await.is_none());
+    Ok(())
+}
+
 /// - Alice has multiple devices
 /// - Alice creates a broadcast and sends a message into it
 /// - Alice's second device sees the broadcast
@@ -3768,14 +3864,7 @@ async fn test_leave_broadcast_multidevice() -> Result<()> {
    // The contact should be marked as verified.
    check_direct_chat_is_hidden_and_contact_is_verified(alice, bob0).await;
    check_direct_chat_is_hidden_and_contact_is_verified(bob0, alice).await;
-
-    // TODO: There is a known bug in `observe_securejoin_on_other_device()`:
-    // When Bob joins a group or broadcast with his first device,
-    // then a chat with Alice will pop up on his second device.
-    // When it's fixed, the 2 following lines can be replaced with
-    // `check_direct_chat_is_hidden_and_contact_is_verified(bob1, alice).await;`
-    let bob1_alice_contact = bob1.add_or_lookup_contact_no_key(alice).await;
-    assert!(bob1_alice_contact.is_verified(bob1).await.unwrap());
+    check_direct_chat_is_hidden_and_contact_is_verified(bob1, alice).await;

    tcm.section("Alice sends first message to broadcast.");
    let sent_msg = alice.send_text(alice_chat_id, "Hello!").await;
@@ -5034,6 +5123,31 @@ async fn test_do_not_overwrite_draft() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_outgoing_msg_after_another_from_future() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let t = &tcm.alice().await;
+    let chat_id = t.get_self_chat().await.id;
+
+    // Simulate sending a message with clock set to the future.
+    SystemTime::shift(Duration::from_secs(3600));
+    let msg_id = send_text_msg(t, chat_id, "test".to_string()).await?;
+    SystemTime::shift_back(Duration::from_secs(3600));
+
+    let timestamp_sent: i64 = t
+        .sql
+        .query_get_value("SELECT timestamp_sent FROM msgs WHERE id=?", (msg_id,))
+        .await?
+        .unwrap();
+    // Let's have a check here that locally sent messages have zero `timestamp_sent`, it can be a
+    // useful invariant.
+    assert_eq!(timestamp_sent, 0);
+
+    let msg_id = send_text_msg(t, chat_id, "Fixed my clock".to_string()).await?;
+    assert_eq!(t.get_last_msg_in(chat_id).await.id, msg_id);
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_info_contact_id() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -5702,7 +5816,7 @@ async fn test_send_delete_request() -> Result<()> {
    let sent2 = alice.pop_sent_msg().await;
    assert_eq!(alice_chat.id.get_msg_cnt(alice).await?, E2EE_INFO_MSGS + 1);

-    // Bob receives both messages and has nothing the end
+    // Bob receives both messages and has nothing at the end
    let bob_msg = bob.recv_msg(&sent1).await;
    assert_eq!(bob_msg.text, "wtf");
    assert_eq!(bob_msg.chat_id.get_msg_cnt(bob).await?, E2EE_INFO_MSGS + 2);
@@ -5710,6 +5824,11 @@ async fn test_send_delete_request() -> Result<()> {
    bob.recv_msg_opt(&sent2).await;
    assert_eq!(bob_msg.chat_id.get_msg_cnt(bob).await?, E2EE_INFO_MSGS + 1);

+    // ... even if he receives messages in reverse order.
+    let bob2 = &tcm.bob().await;
+    bob2.recv_msg_opt(&sent2).await;
+    assert!(bob2.recv_msg_opt(&sent1).await.is_none());
+
    // Alice has another device, and there is also nothing at the end
    let alice2 = &tcm.alice().await;
    alice2.recv_msg(&sent0).await;
@@ -6112,3 +6231,118 @@ async fn test_leftgrps() -> Result<()> {

    Ok(())
 }
+
+/// Tests that if the message arrives late,
+/// it can still be sorted above the last seen message.
+///
+/// Versions 2.47 and below always sorted incoming messages
+/// after the last seen message, but with
+/// the introduction of multi-relay it is possible
+/// that some messages arrive only to some relays
+/// and are fetched after the already arrived seen message.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_late_message_above_seen() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let charlie = &tcm.charlie().await;
+
+    let alice_chat_id = alice
+        .create_group_with_members("Group", &[bob, charlie])
+        .await;
+    let alice_sent = alice.send_text(alice_chat_id, "Hello everyone!").await;
+    let bob_chat_id = bob.recv_msg(&alice_sent).await.chat_id;
+    bob_chat_id.accept(bob).await?;
+    let charlie_chat_id = charlie.recv_msg(&alice_sent).await.chat_id;
+    charlie_chat_id.accept(charlie).await?;
+
+    // Bob sends a message, but the message is delayed.
+    let bob_sent = bob.send_text(bob_chat_id, "Hello from Bob!").await;
+    SystemTime::shift(Duration::from_secs(1000));
+
+    let charlie_sent = charlie
+        .send_text(charlie_chat_id, "Hello from Charlie!")
+        .await;
+
+    // Alice immediately receives a message from Charlie and reads it.
+    let alice_received_from_charlie = alice.recv_msg(&charlie_sent).await;
+    assert_eq!(
+        alice_received_from_charlie.get_text(),
+        "Hello from Charlie!"
+    );
+    message::markseen_msgs(alice, vec![alice_received_from_charlie.id]).await?;
+
+    // Bob message arrives later, it should be above the message from Charlie.
+    let alice_received_from_bob = alice.recv_msg(&bob_sent).await;
+    assert_eq!(alice_received_from_bob.get_text(), "Hello from Bob!");
+
+    // The last message in the chat is still from Charlie.
+    let last_msg = alice.get_last_msg_in(alice_chat_id).await;
+    assert_eq!(last_msg.get_text(), "Hello from Charlie!");
+
+    Ok(())
+}
+
+/// Tests that start message for unpromoted groups sticks to the top of the chat.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_unpromoted_group_start_message() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // Start messages are disabled for test context by default,
+    // but this test is specifically about start messages.
+    alice.set_config(Config::SkipStartMessages, None).await?;
+
+    // Shift the clock forward, so we can rewind it back later.
+    SystemTime::shift(Duration::from_secs(3600));
+
+    // Alice creates unpromoted group with Bob.
+    let chat_id = create_group(alice, "Group").await?;
+    let bob_id = alice.add_or_lookup_contact_id(bob).await;
+    add_contact_to_chat(alice, chat_id, bob_id).await?;
+
+    let [
+        ChatItem::Message {
+            msg_id: e2ee_msg_id,
+        },
+        ChatItem::Message {
+            msg_id: info_msg_id,
+        },
+    ] = get_chat_msgs(alice, chat_id).await?[..]
+    else {
+        panic!("Expected two messages in the chat");
+    };
+    let msg = Message::load_from_db(alice, e2ee_msg_id).await?;
+    assert_eq!(msg.text, "Messages are end-to-end encrypted.");
+    let msg = Message::load_from_db(alice, info_msg_id).await?;
+    assert_eq!(
+        msg.text,
+        "Others will only see this group after you sent a first message."
+    );
+
+    // Alice rewinds the clock.
+    SystemTime::shift_back(Duration::from_secs(3600));
+
+    let text_msg_id = send_text_msg(alice, chat_id, "Hello".to_string()).await?;
+
+    let [
+        ChatItem::Message {
+            msg_id: e2ee_msg_id2,
+        },
+        ChatItem::Message {
+            msg_id: info_msg_id2,
+        },
+        ChatItem::Message {
+            msg_id: text_msg_id2,
+        },
+    ] = get_chat_msgs(alice, chat_id).await?[..]
+    else {
+        panic!("Expected three messages in the chat");
+    };
+    assert_eq!(e2ee_msg_id2, e2ee_msg_id);
+    assert_eq!(info_msg_id2, info_msg_id);
+    assert_eq!(text_msg_id2, text_msg_id);
+
+    Ok(())
+}
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -142,7 +142,7 @@ impl Chatlist {
                   AND c.blocked!=1
                   AND c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=?2 AND add_timestamp >= remove_timestamp)
                 GROUP BY c.id
-                 ORDER BY c.archived=?3 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY c.archived=?3 DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
                (MessageState::OutDraft, query_contact_id, ChatVisibility::Pinned),
                process_row,
            ).await?
@@ -168,7 +168,7 @@ impl Chatlist {
                   AND c.blocked!=1
                   AND c.archived=1
                 GROUP BY c.id
-                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft,),
                    process_row,
                )
@@ -204,7 +204,7 @@ impl Chatlist {
                   AND IFNULL(c.name_normalized,c.name) LIKE ?3
                   AND (NOT ?4 OR EXISTS (SELECT 1 FROM msgs m WHERE m.chat_id = c.id AND m.state == ?5 AND hidden=0))
                 GROUP BY c.id
-                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                 ORDER BY IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, str_like_cmd, only_unread, MessageState::InFresh),
                    process_row,
                )
@@ -253,7 +253,7 @@ impl Chatlist {
                       AND NOT c.archived=?
                       AND (c.type!=? OR c.id IN(SELECT chat_id FROM chats_contacts WHERE contact_id=? AND add_timestamp >= remove_timestamp))
                     GROUP BY c.id
-                     ORDER BY c.id=? DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                     ORDER BY c.id=? DESC, c.archived=? DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
                    (
                        MessageState::OutDraft, skip_id, ChatVisibility::Archived,
                        Chattype::Group, ContactId::SELF,
@@ -279,7 +279,7 @@ impl Chatlist {
                       AND (c.blocked=0 OR c.blocked=2)
                       AND NOT c.archived=?
                     GROUP BY c.id
-                     ORDER BY c.id=0 DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
+                     ORDER BY c.id=0 DESC, c.archived=? DESC, IFNULL(NULLIF(m.timestamp,0),c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, ChatVisibility::Archived, ChatVisibility::Pinned),
                    process_row,
                ).await?
--- a/src/config.rs
+++ b/src/config.rs
@@ -42,50 +42,85 @@ use crate::{constants, stats};
 )]
 #[strum(serialize_all = "snake_case")]
 pub enum Config {
+    /// Deprecated(2026-04).
+    /// Use ConfiguredAddr, [`crate::login_param::EnteredLoginParam`],
+    /// or add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Email address, used in the `From:` field.
    Addr,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// IMAP server hostname.
    MailServer,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// IMAP server username.
    MailUser,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// IMAP server password.
    MailPw,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// IMAP server port.
    MailPort,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// IMAP server security (e.g. TLS, STARTTLS).
    MailSecurity,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// How to check TLS certificates.
    ///
    /// "IMAP" in the name is for compatibility,
    /// this actually applies to both IMAP and SMTP connections.
    ImapCertificateChecks,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// SMTP server hostname.
    SendServer,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// SMTP server username.
    SendUser,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// SMTP server password.
    SendPw,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// SMTP server port.
    SendPort,

+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// SMTP server security (e.g. TLS, STARTTLS).
    SendSecurity,

-    /// Deprecated option for backwards compatibility.
+    /// Deprecated(2026-04).
+    /// Use EnteredLoginParam and add_transport{from_qr}()/list_transports() instead.
    ///
-    /// Certificate checks for SMTP are actually controlled by `imap_certificate_checks` config.
-    SmtpCertificateChecks,
-
    /// Whether to use OAuth 2.
    ///
    /// Historically contained other bitflags, which are now deprecated.
@@ -155,22 +190,6 @@ pub enum Config {
    #[strum(props(default = "1"))]
    MdnsEnabled,

-    /// True if chat messages should be moved to a separate folder. Auto-sent messages like sync
-    /// ones are moved there anyway.
-    #[strum(props(default = "1"))]
-    MvboxMove,
-
-    /// Watch for new messages in the "Mvbox" (aka DeltaChat folder) only.
-    ///
-    /// This will not entirely disable other folders, e.g. the spam folder will also still
-    /// be watched for new messages.
-    #[strum(props(default = "0"))]
-    OnlyFetchMvbox,
-
-    /// Whether to show classic emails or only chat messages.
-    #[strum(props(default = "2"))] // also change ShowEmails.default() on changes
-    ShowEmails,
-
    /// Quality of the media files to send.
    #[strum(props(default = "0"))] // also change MediaQuality.default() on changes
    MediaQuality,
@@ -197,32 +216,47 @@ pub enum Config {
    /// The primary email address.
    ConfiguredAddr,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// List of configured IMAP servers as a JSON array.
    ConfiguredImapServers,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured IMAP server hostname.
    ///
    /// This is replaced by `configured_imap_servers` for new configurations.
    ConfiguredMailServer,

-    /// Configured IMAP server port.
+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
    ///
-    /// This is replaced by `configured_imap_servers` for new configurations.
+    /// Configured IMAP server port.
    ConfiguredMailPort,

-    /// Configured IMAP server security (e.g. TLS, STARTTLS).
+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
    ///
-    /// This is replaced by `configured_imap_servers` for new configurations.
+    /// Configured IMAP server security (e.g. TLS, STARTTLS).
    ConfiguredMailSecurity,

-    /// Configured IMAP server username.
+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
    ///
-    /// This is set if user has configured username manually.
+    /// Configured IMAP server username.
    ConfiguredMailUser,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured IMAP server password.
    ConfiguredMailPw,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured TLS certificate checks.
    /// This option is saved on successful configuration
    /// and should not be modified manually.
@@ -231,52 +265,68 @@ pub enum Config {
    /// but has "IMAP" in the name for backwards compatibility.
    ConfiguredImapCertificateChecks,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// List of configured SMTP servers as a JSON array.
    ConfiguredSmtpServers,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured SMTP server hostname.
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendServer,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured SMTP server port.
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendPort,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured SMTP server security (e.g. TLS, STARTTLS).
    ///
    /// This is replaced by `configured_smtp_servers` for new configurations.
    ConfiguredSendSecurity,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured SMTP server username.
    ///
    /// This is set if user has configured username manually.
    ConfiguredSendUser,

+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
+    ///
    /// Configured SMTP server password.
    ConfiguredSendPw,

-    /// Deprecated, stored for backwards compatibility.
+    /// Deprecated(2026-04).
+    /// Use ConfiguredLoginParam and add_transport{from_qr}()/list_transports() instead.
    ///
-    /// ConfiguredImapCertificateChecks is actually used.
-    ConfiguredSmtpCertificateChecks,
-
    /// Whether OAuth 2 is used with configured provider.
    ConfiguredServerFlags,

    /// Configured folder for incoming messages.
    ConfiguredInboxFolder,

-    /// Configured folder for chat messages.
-    ConfiguredMvboxFolder,
-
    /// Unix timestamp of the last successful configuration.
    ConfiguredTimestamp,

    /// ID of the configured provider from the provider database.
    ConfiguredProvider,

+    /// Deprecated(2026-04).
+    /// Use [`Context::is_configured()`] instead.
+    ///
    /// True if account is configured.
    Configured,

@@ -317,11 +367,6 @@ pub enum Config {
    #[strum(props(default = "0"))]
    NotifyAboutWrongPw,

-    /// If a warning about exceeding quota was shown recently,
-    /// this is the percentage of quota at the time the warning was given.
-    /// Unset, when quota falls below minimal warning threshold again.
-    QuotaExceeding,
-
    /// Timestamp of the last time housekeeping was run
    LastHousekeeping,

@@ -362,15 +407,6 @@ pub enum Config {
    #[strum(props(default = "1"))]
    SyncMsgs,

-    /// Space-separated list of all the authserv-ids which we believe
-    /// may be the one of our email server.
-    ///
-    /// See `crate::authres::update_authservid_candidates`.
-    AuthservIdCandidates,
-
-    /// Make all outgoing messages with Autocrypt header "multipart/signed".
-    SignUnencrypted,
-
    /// Let the core save all events to the database.
    /// This value is used internally to remember the MsgId of the logging xdc
    #[strum(props(default = "0"))]
@@ -465,21 +501,13 @@ impl Config {
    pub(crate) fn is_synced(&self) -> bool {
        matches!(
            self,
-            Self::Displayname
-                | Self::MdnsEnabled
-                | Self::MvboxMove
-                | Self::ShowEmails
-                | Self::Selfavatar
-                | Self::Selfstatus,
+            Self::Displayname | Self::MdnsEnabled | Self::Selfavatar | Self::Selfstatus,
        )
    }

    /// Whether the config option needs an IO scheduler restart to take effect.
    pub(crate) fn needs_io_restart(&self) -> bool {
-        matches!(
-            self,
-            Config::MvboxMove | Config::OnlyFetchMvbox | Config::ConfiguredAddr
-        )
+        matches!(self, Config::ConfiguredAddr)
    }
 }

@@ -594,13 +622,6 @@ impl Context {
            .is_some_and(|x| x != 0))
    }

-    /// Returns true if movebox ("DeltaChat" folder) should be watched.
-    pub(crate) async fn should_watch_mvbox(&self) -> Result<bool> {
-        Ok(self.get_config_bool(Config::MvboxMove).await?
-            || self.get_config_bool(Config::OnlyFetchMvbox).await?
-            || !self.get_config_bool(Config::IsChatmail).await?)
-    }
-
    /// Returns true if sync messages should be sent.
    pub(crate) async fn should_send_sync_msgs(&self) -> Result<bool> {
        Ok(self.get_config_bool(Config::SyncMsgs).await?
@@ -682,13 +703,10 @@ impl Context {
            | Config::ProxyEnabled
            | Config::BccSelf
            | Config::MdnsEnabled
-            | Config::MvboxMove
-            | Config::OnlyFetchMvbox
            | Config::Configured
            | Config::Bot
            | Config::NotifyAboutWrongPw
            | Config::SyncMsgs
-            | Config::SignUnencrypted
            | Config::DisableIdle => {
                ensure!(
                    matches!(value, None | Some("0") | Some("1")),
@@ -706,11 +724,6 @@ impl Context {
    pub async fn set_config(&self, key: Config, value: Option<&str>) -> Result<()> {
        Self::check_config(key, value)?;

-        let n_transports = self.count_transports().await?;
-        if n_transports > 1 && matches!(key, Config::MvboxMove | Config::OnlyFetchMvbox) {
-            bail!("Cannot reconfigure {key} when multiple transports are configured");
-        }
-
        let _pause = match key.needs_io_restart() {
            true => self.scheduler.pause(self).await?,
            _ => Default::default(),
@@ -789,12 +802,6 @@ impl Context {
                    .set_raw_config(key.as_ref(), value.map(|s| s.to_lowercase()).as_deref())
                    .await?;
            }
-            Config::MvboxMove => {
-                self.sql.set_raw_config(key.as_ref(), value).await?;
-                self.sql
-                    .set_raw_config(constants::DC_FOLDERS_CONFIGURED_KEY, None)
-                    .await?;
-            }
            Config::ConfiguredAddr => {
                let Some(addr) = value else {
                    bail!("Cannot unset configured_addr");
@@ -933,16 +940,23 @@ impl Context {
    /// Determine whether the specified addr maps to the/a self addr.
    /// Returns `false` if no addresses are configured.
    pub(crate) async fn is_self_addr(&self, addr: &str) -> Result<bool> {
+        // Employ the config cache to optimize for `ConfiguredAddr` passed.
+        if !addr.is_empty()
+            && addr_cmp(
+                addr,
+                &self
+                    .get_config(Config::ConfiguredAddr)
+                    .await?
+                    .unwrap_or_default(),
+            )
+        {
+            return Ok(true);
+        }
        Ok(self
-            .get_config(Config::ConfiguredAddr)
+            .get_all_self_addrs()
            .await?
            .iter()
-            .any(|a| addr_cmp(addr, a))
-            || self
-                .get_secondary_self_addrs()
-                .await?
-                .iter()
-                .any(|a| addr_cmp(addr, a)))
+            .any(|a| addr_cmp(addr, a)))
    }

    /// Sets `primary_new` as the new primary self address and saves the old
@@ -989,14 +1003,6 @@ impl Context {
            .await
    }

-    /// Returns all secondary self addresses.
-    pub(crate) async fn get_secondary_self_addrs(&self) -> Result<Vec<String>> {
-        self.sql.query_map_vec("SELECT addr FROM transports WHERE addr NOT IN (SELECT value FROM config WHERE keyname='configured_addr')", (), |row| {
-            let addr: String = row.get(0)?;
-            Ok(addr)
-        }).await
-    }
-
    /// Returns all published secondary self addresses.
    /// See `[Context::set_transport_unpublished]`
    pub(crate) async fn get_published_secondary_self_addrs(&self) -> Result<Vec<String>> {
--- a/src/config/config_tests.rs
+++ b/src/config/config_tests.rs
@@ -196,13 +196,6 @@ async fn test_sync() -> Result<()> {
    sync(&alice0, &alice1).await;
    assert_eq!(alice1.get_config_bool(Config::MdnsEnabled).await?, false);

-    for key in [Config::ShowEmails, Config::MvboxMove] {
-        let val = alice0.get_config_bool(key).await?;
-        alice0.set_config_bool(key, !val).await?;
-        sync(&alice0, &alice1).await;
-        assert_eq!(alice1.get_config_bool(key).await?, !val);
-    }
-
    // `Config::SyncMsgs` mustn't be synced.
    alice0.set_config_bool(Config::SyncMsgs, false).await?;
    alice0.set_config_bool(Config::SyncMsgs, true).await?;
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -76,7 +76,7 @@ impl Context {
    /// Deprecated since 2025-02; use `add_transport_from_qr()`
    /// or `add_or_update_transport()` instead.
    pub async fn configure(&self) -> Result<()> {
-        let mut param = EnteredLoginParam::load(self).await?;
+        let mut param = EnteredLoginParam::load_legacy(self).await?;

        self.add_transport_inner(&mut param).await
    }
@@ -150,7 +150,7 @@ impl Context {
            progress!(self, 0, Some(error_msg.clone()));
            bail!(error_msg);
        } else {
-            param.save(self).await?;
+            param.save_legacy(self).await?;
            progress!(self, 1000);
        }

@@ -243,11 +243,6 @@ impl Context {
                        Ok((id, add_timestamp))
                    },
                )?;
-                transaction.execute("DELETE FROM imap WHERE transport_id=?", (transport_id,))?;
-                transaction.execute(
-                    "DELETE FROM imap_sync WHERE transport_id=?",
-                    (transport_id,),
-                )?;

                // Removal timestamp should not be lower than addition timestamp
                // to be accepted by other devices when synced.
@@ -266,6 +261,7 @@ impl Context {
            .await?;
        send_sync_transports(self).await?;
        self.quota.write().await.remove(&removed_transport_id);
+        self.restart_io_if_running().await;

        Ok(())
    }
@@ -320,31 +316,16 @@ impl Context {
                    (&param.addr,),
                )
                .await?
-        {
-            // Should be checked before `MvboxMove` because the latter makes no sense in presense of
-            // `OnlyFetchMvbox` and even grayed out in the UIs in this case.
-            if self.get_config(Config::OnlyFetchMvbox).await?.as_deref() != Some("0") {
-                bail!(
-                    "To use additional relays, disable the legacy option \"Settings / Advanced / Only Fetch from DeltaChat Folder\"."
-                );
-            }
-            if self.get_config(Config::MvboxMove).await?.as_deref() != Some("0") {
-                bail!(
-                    "To use additional relays, disable the legacy option \"Settings / Advanced / Move automatically to DeltaChat Folder\"."
-                );
-            }
-
-            if self
+            && self
                .sql
                .count("SELECT COUNT(*) FROM transports", ())
                .await?
                >= MAX_TRANSPORT_RELAYS
-            {
-                bail!(
-                    "You have reached the maximum number of relays ({}).",
-                    MAX_TRANSPORT_RELAYS
-                )
-            }
+        {
+            bail!(
+                "You have reached the maximum number of relays ({}).",
+                MAX_TRANSPORT_RELAYS
+            )
        }

        let provider = match configure(self, param).await {
@@ -557,6 +538,7 @@ async fn get_configured_param(
            .collect(),
        imap_user: param.imap.user.clone(),
        imap_password: param.imap.password.clone(),
+        imap_folder: Some(param.imap.folder.clone()).filter(|folder| !folder.is_empty()),
        smtp: servers
            .iter()
            .filter_map(|params| {
@@ -649,10 +631,6 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'
    progress!(ctx, 900);

    let is_configured = ctx.is_configured().await?;
-    if !is_configured {
-        ctx.sql.set_raw_config("mvbox_move", Some("0")).await?;
-        ctx.sql.set_raw_config("only_fetch_mvbox", None).await?;
-    }
    if !ctx.get_config_bool(Config::FixIsChatmail).await? {
        if imap_session.is_chatmail() {
            ctx.sql.set_raw_config("is_chatmail", Some("1")).await?;
@@ -816,7 +794,7 @@ pub enum Error {
 mod tests {
    use super::*;
    use crate::config::Config;
-    use crate::login_param::EnteredServerLoginParam;
+    use crate::login_param::EnteredImapLoginParam;
    use crate::test_utils::TestContext;

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -835,7 +813,7 @@ mod tests {
        let entered_param = EnteredLoginParam {
            addr: "alice@example.org".to_string(),

-            imap: EnteredServerLoginParam {
+            imap: EnteredImapLoginParam {
                user: "alice@example.net".to_string(),
                password: "foobar".to_string(),
                ..Default::default()
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -36,17 +36,6 @@ pub enum Blocked {
    Request = 2,
 }

-#[derive(
-    Debug, Default, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql,
-)]
-#[repr(u8)]
-pub enum ShowEmails {
-    Off = 0,
-    AcceptedContacts = 1,
-    #[default] // also change Config.ShowEmails props(default) on changes
-    All = 2,
-}
-
 #[derive(
    Debug, Default, Display, Clone, Copy, PartialEq, Eq, FromPrimitive, ToPrimitive, FromSql, ToSql,
 )]
@@ -199,7 +188,7 @@ pub const WORSE_IMAGE_BYTES: usize = 130_000;
 // max. width/height and bytes of an avatar
 pub(crate) const BALANCED_AVATAR_SIZE: u32 = 512;
 pub(crate) const BALANCED_AVATAR_BYTES: usize = 60_000;
-pub(crate) const WORSE_AVATAR_SIZE: u32 = 128;
+pub(crate) const WORSE_AVATAR_SIZE: u32 = 256;
 pub(crate) const WORSE_AVATAR_BYTES: usize = 20_000; // this also fits to Outlook servers don't allowing headers larger than 32k.

 // max. width/height of images scaled down because of being too huge
@@ -210,11 +199,6 @@ pub const WORSE_IMAGE_SIZE: u32 = 640;
 /// usage by UIs.
 pub const MAX_RCVD_IMAGE_PIXELS: u32 = 50_000_000;

-// Key for the folder configuration version (see below).
-pub(crate) const DC_FOLDERS_CONFIGURED_KEY: &str = "folders_configured";
-// this value can be increased if the folder configuration is changed and must be redone on next program start
-pub(crate) const DC_FOLDERS_CONFIGURED_VERSION: i32 = 5;
-
 // If more recipients are needed in SMTP's `RCPT TO:` header, the recipient list is split into
 // chunks. This does not affect MIME's `To:` header. Can be overwritten by setting
 // `max_smtp_rcpt_to` in the provider db.
@@ -249,6 +233,9 @@ Here is what to do:

 If you have any questions, please send an email to delta@merlinux.eu or ask at https://support.delta.chat/."#;

+/// How many recent messages should be re-sent to a new broadcast member.
+pub(crate) const N_MSGS_TO_NEW_BROADCAST_MEMBER: usize = 10;
+
 #[cfg(test)]
 mod tests {
    use num_traits::FromPrimitive;
@@ -264,18 +251,6 @@ mod tests {
        assert_eq!(Chattype::OutBroadcast, Chattype::from_i32(160).unwrap());
    }

-    #[test]
-    fn test_showemails_values() {
-        // values may be written to disk and must not change
-        assert_eq!(ShowEmails::All, ShowEmails::default());
-        assert_eq!(ShowEmails::Off, ShowEmails::from_i32(0).unwrap());
-        assert_eq!(
-            ShowEmails::AcceptedContacts,
-            ShowEmails::from_i32(1).unwrap()
-        );
-        assert_eq!(ShowEmails::All, ShowEmails::from_i32(2).unwrap());
-    }
-
    #[test]
    fn test_blocked_values() {
        // values may be written to disk and must not change
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -1182,7 +1182,9 @@ VALUES (?, ?, ?, ?, ?, ?)
        let mut ret = Vec::new();
        let flag_add_self = (listflags & constants::DC_GCL_ADD_SELF) != 0;
        let flag_address = (listflags & constants::DC_GCL_ADDRESS) != 0;
-        let minimal_origin = if context.get_config_bool(Config::Bot).await? {
+        let minimal_origin = if context.get_config_bool(Config::Bot).await?
+            || query.is_some_and(may_be_valid_addr)
+        {
            Origin::Unknown
        } else {
            Origin::IncomingReplyTo
@@ -1394,7 +1396,7 @@ WHERE addr=?
        let Some(fingerprint_other) = contact.fingerprint() else {
            return Ok(stock_str::encr_none(context));
        };
-        let fingerprint_other = fingerprint_other.to_string();
+        let fingerprint_other = fingerprint_other.human_readable();

        let stock_message = if contact.public_key(context).await?.is_some() {
            stock_str::messages_are_e2ee(context)
@@ -1408,7 +1410,7 @@ WHERE addr=?
        let fingerprint_self = load_self_public_key(context)
            .await?
            .dc_fingerprint()
-            .to_string();
+            .human_readable();
        if addr < contact.addr {
            cat_fingerprint(
                &mut ret,
@@ -2066,7 +2068,6 @@ pub(crate) async fn mark_contact_id_as_verified(
    Ok(())
 }

-#[expect(clippy::arithmetic_side_effects)]
 fn cat_fingerprint(ret: &mut String, name: &str, addr: &str, fingerprint: &str) {
    *ret += &format!("\n\n{name} ({addr}):\n{fingerprint}");
 }
--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -4,6 +4,7 @@ use super::*;
 use crate::chat::{Chat, get_chat_contacts, send_text_msg};
 use crate::chatlist::Chatlist;
 use crate::receive_imf::receive_imf;
+use crate::securejoin::get_securejoin_qr;
 use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote, sync};

 #[test]
@@ -154,6 +155,50 @@ async fn test_get_contacts() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_search_contacts_from_group() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    let alice_chat_id = chat::create_group(alice, "").await?;
+    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
+    let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
+    tcm.exec_securejoin_qr(fiona, alice, &qr).await;
+
+    // Workaround for "member added" for fiona not sent to bob.
+    let gossip_period = alice.get_config_int(Config::GossipPeriod).await?;
+    SystemTime::shift(Duration::from_secs(gossip_period.try_into()?));
+    send_text_msg(alice, alice_chat_id, "hello".to_string()).await?;
+    let sent_msg = alice.pop_sent_msg().await;
+    bob.recv_msg(&sent_msg).await;
+    fiona.recv_msg(&sent_msg).await;
+
+    let contacts = Contact::get_all(bob, 0, None).await?;
+    let bob_alice_id = bob.add_or_lookup_contact_id(alice).await;
+    assert_eq!(contacts.len(), 1);
+    assert_eq!(contacts[0], bob_alice_id);
+
+    let contacts = Contact::get_all(fiona, 0, None).await?;
+    let fiona_alice_id = fiona.add_or_lookup_contact_id(alice).await;
+    assert_eq!(contacts.len(), 1);
+    assert_eq!(contacts[0], fiona_alice_id);
+
+    // Sending to the group adds new members to the contact list.
+    send_text_msg(bob, bob_chat_id, "hello".to_string()).await?;
+    fiona.recv_msg(&bob.pop_sent_msg().await).await;
+    let contacts = Contact::get_all(bob, 0, None).await?;
+    let bob_fiona_id = bob.add_or_lookup_contact_id(fiona).await;
+    assert_eq!(contacts.len(), 2);
+    assert_eq!(contacts[0], bob_alice_id);
+    assert_eq!(contacts[1], bob_fiona_id);
+    let contacts = Contact::get_all(fiona, 0, None).await?;
+    assert_eq!(contacts.len(), 1);
+    assert_eq!(contacts[0], fiona_alice_id);
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_is_self_addr() -> Result<()> {
    let t = TestContext::new().await;
@@ -420,12 +465,16 @@ async fn test_delete() -> Result<()> {
    Contact::delete(&alice, contact_id).await?;
    let contact = Contact::get_by_id(&alice, contact_id).await?;
    assert_eq!(contact.origin, Origin::Hidden);
+
+    // Hidden contacts are found when searching by email address
    assert_eq!(
        Contact::get_all(&alice, 0, Some("bob@example.net"))
            .await?
            .len(),
-        0
+        1
    );
+    // Hidden contacts are not found by a non-address query
+    assert_eq!(Contact::get_all(&alice, 0, Some("bob")).await?.len(), 0);

    // Delete chat.
    chat.get_id().delete(&alice).await?;
@@ -483,7 +532,7 @@ async fn test_delete_and_recreate_contact() -> Result<()> {
        Contact::get_all(&t, 0, Some("bob@example.net"))
            .await?
            .len(),
-        0
+        1
    );

    let contact_id3 = t.add_or_lookup_contact_id(&bob).await;
--- a/src/context.rs
+++ b/src/context.rs
@@ -20,16 +20,16 @@ use crate::constants::{self, DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT, DC_VERSI
 use crate::contact::{Contact, ContactId};
 use crate::debug_logging::DebugLogging;
 use crate::events::{Event, EventEmitter, EventType, Events};
-use crate::imap::{FolderMeaning, Imap, ServerMetadata};
+use crate::imap::{Imap, ServerMetadata};
 use crate::key::self_fingerprint;
 use crate::log::warn;
 use crate::logged_debug_assert;
 use crate::message::{self, MessageState, MsgId};
-use crate::net::tls::TlsSessionStore;
+use crate::net::tls::{SpkiHashStore, TlsSessionStore};
 use crate::peer_channels::Iroh;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
-use crate::scheduler::{ConnectivityStore, SchedulerState, convert_folder_meaning};
+use crate::scheduler::{ConnectivityStore, SchedulerState};
 use crate::sql::Sql;
 use crate::stock_str::StockStrings;
 use crate::timesmearing::SmearedTimestamp;
@@ -308,6 +308,13 @@ pub struct InnerContext {
    /// TLS session resumption cache.
    pub(crate) tls_session_store: TlsSessionStore,

+    /// Store for TLS SPKI hashes.
+    ///
+    /// Used to remember public keys
+    /// of TLS certificates to accept them
+    /// even after they expire.
+    pub(crate) spki_hash_store: SpkiHashStore,
+
    /// Iroh for realtime peer channels.
    pub(crate) iroh: Arc<RwLock<Option<Iroh>>>,

@@ -511,6 +518,7 @@ impl Context {
            push_subscriber,
            push_subscribed: AtomicBool::new(false),
            tls_session_store: TlsSessionStore::new(),
+            spki_hash_store: SpkiHashStore::new(),
            iroh: Arc::new(RwLock::new(None)),
            self_fingerprint: OnceLock::new(),
            self_public_key: Mutex::new(None),
@@ -623,17 +631,10 @@ impl Context {
            let mut session = connection.prepare(self).await?;

            // Fetch IMAP folders.
-            // Inbox is fetched before Mvbox because fetching from Inbox
-            // may result in moving some messages to Mvbox.
-            for folder_meaning in [FolderMeaning::Inbox, FolderMeaning::Mvbox] {
-                if let Some((_folder_config, watch_folder)) =
-                    convert_folder_meaning(self, folder_meaning).await?
-                {
-                    connection
-                        .fetch_move_delete(self, &mut session, &watch_folder, folder_meaning)
-                        .await?;
-                }
-            }
+            let folder = connection.folder.clone();
+            connection
+                .fetch_move_delete(self, &mut session, &folder)
+                .await?;

            // Update quota (to send warning if full) - but only check it once in a while.
            // note: For now this only checks quota of primary transport,
@@ -644,7 +645,7 @@ impl Context {
                    DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT,
                )
                .await
-                && let Err(err) = self.update_recent_quota(&mut session).await
+                && let Err(err) = self.update_recent_quota(&mut session, &folder).await
            {
                warn!(self, "Failed to update quota: {err:#}.");
            }
@@ -842,7 +843,7 @@ impl Context {

    /// Returns information about the context as key-value pairs.
    pub async fn get_info(&self) -> Result<BTreeMap<&'static str, String>> {
-        let secondary_addrs = self.get_secondary_self_addrs().await?.join(", ");
+        let all_self_addrs = self.get_all_self_addrs().await?.join(", ");
        let all_transports: Vec<String> = ConfiguredLoginParam::load_all(self)
            .await?
            .into_iter()
@@ -884,23 +885,6 @@ impl Context {
            Err(err) => format!("<key failure: {err}>"),
        };

-        let mvbox_move = self.get_config_int(Config::MvboxMove).await?;
-        let only_fetch_mvbox = self.get_config_int(Config::OnlyFetchMvbox).await?;
-        let folders_configured = self
-            .sql
-            .get_raw_config_int(constants::DC_FOLDERS_CONFIGURED_KEY)
-            .await?
-            .unwrap_or_default();
-
-        let configured_inbox_folder = self
-            .get_config(Config::ConfiguredInboxFolder)
-            .await?
-            .unwrap_or_else(|| "<unset>".to_string());
-        let configured_mvbox_folder = self
-            .get_config(Config::ConfiguredMvboxFolder)
-            .await?
-            .unwrap_or_else(|| "<unset>".to_string());
-
        let mut res = get_info();

        // insert values
@@ -961,11 +945,7 @@ impl Context {
            }
        }

-        res.insert("secondary_addrs", secondary_addrs);
-        res.insert(
-            "show_emails",
-            self.get_config_int(Config::ShowEmails).await?.to_string(),
-        );
+        res.insert("all_self_addrs", all_self_addrs);
        res.insert(
            "who_can_call_me",
            self.get_config_int(Config::WhoCanCallMe).await?.to_string(),
@@ -976,14 +956,6 @@ impl Context {
                .await?
                .to_string(),
        );
-        res.insert("mvbox_move", mvbox_move.to_string());
-        res.insert("only_fetch_mvbox", only_fetch_mvbox.to_string());
-        res.insert(
-            constants::DC_FOLDERS_CONFIGURED_KEY,
-            folders_configured.to_string(),
-        );
-        res.insert("configured_inbox_folder", configured_inbox_folder);
-        res.insert("configured_mvbox_folder", configured_mvbox_folder);
        res.insert("mdns_enabled", mdns_enabled.to_string());
        res.insert("bcc_self", bcc_self.to_string());
        res.insert("sync_msgs", sync_msgs.to_string());
@@ -1019,24 +991,6 @@ impl Context {
                .await?
                .to_string(),
        );
-        res.insert(
-            "quota_exceeding",
-            self.get_config_int(Config::QuotaExceeding)
-                .await?
-                .to_string(),
-        );
-        res.insert(
-            "authserv_id_candidates",
-            self.get_config(Config::AuthservIdCandidates)
-                .await?
-                .unwrap_or_default(),
-        );
-        res.insert(
-            "sign_unencrypted",
-            self.get_config_int(Config::SignUnencrypted)
-                .await?
-                .to_string(),
-        );
        res.insert(
            "debug_logging",
            self.get_config_int(Config::DebugLogging).await?.to_string(),
@@ -1142,10 +1096,17 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

-    /// Returns a list of messages with database ID higher than requested.
+    /// (deprecated) Returns a list of messages with database ID higher than requested.
    ///
    /// Blocked contacts and chats are excluded,
    /// but self-sent messages and contact requests are included in the results.
+    ///
+    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
+    /// even if it is not fully downloaded yet.
+    /// The bot needs to wait for the message to be fully downloaded.
+    /// Since this is usually not the desired behavior,
+    /// bots should instead use the [`EventType::IncomingMsg`]
+    /// event for getting notified about new messages.
    pub async fn get_next_msgs(&self) -> Result<Vec<MsgId>> {
        let last_msg_id = match self.get_config(Config::LastMsgId).await? {
            Some(s) => MsgId::new(s.parse()?),
@@ -1194,7 +1155,7 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

-    /// Returns a list of messages with database ID higher than last marked as seen.
+    /// (deprecated) Returns a list of messages with database ID higher than last marked as seen.
    ///
    /// This function is supposed to be used by bot to request messages
    /// that are not processed yet.
@@ -1204,6 +1165,13 @@ ORDER BY m.timestamp DESC,m.id DESC",
    /// shortly after notification or notification is manually triggered
    /// to interrupt waiting.
    /// Notification may be manually triggered by calling [`Self::stop_io`].
+    ///
+    /// Deprecated 2026-04: This returns the message's id as soon as the first part arrives,
+    /// even if it is not fully downloaded yet.
+    /// The bot needs to wait for the message to be fully downloaded.
+    /// Since this is usually not the desired behavior,
+    /// bots should instead use the #DC_EVENT_INCOMING_MSG / [`EventType::IncomingMsg`]
+    /// event for getting notified about new messages.
    pub async fn wait_next_msgs(&self) -> Result<Vec<MsgId>> {
        self.new_msgs_notify.notified().await;
        let list = self.get_next_msgs().await?;
@@ -1283,12 +1251,6 @@ ORDER BY m.timestamp DESC,m.id DESC",
        Ok(list)
    }

-    /// Returns true if given folder name is the name of the "DeltaChat" folder.
-    pub async fn is_mvbox(&self, folder_name: &str) -> Result<bool> {
-        let mvbox = self.get_config(Config::ConfiguredMvboxFolder).await?;
-        Ok(mvbox.as_deref() == Some(folder_name))
-    }
-
    pub(crate) fn derive_blobdir(dbfile: &Path) -> PathBuf {
        let mut blob_fname = OsString::new();
        blob_fname.push(dbfile.file_name().unwrap_or_default());
--- a/src/context/context_tests.rs
+++ b/src/context/context_tests.rs
@@ -284,7 +284,6 @@ async fn test_get_info_completeness() {
        "send_security",
        "server_flags",
        "skip_start_messages",
-        "smtp_certificate_checks",
        "proxy_url",      // May contain passwords, don't leak it to the logs.
        "socks5_enabled", // SOCKS5 options are deprecated.
        "socks5_host",
@@ -603,10 +602,7 @@ async fn test_get_next_msgs() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_cache_is_cleared_when_io_is_started() -> Result<()> {
    let alice = TestContext::new_alice().await;
-    assert_eq!(
-        alice.get_config(Config::ShowEmails).await?,
-        Some("2".to_string())
-    );
+    assert_eq!(alice.get_config(Config::Displayname).await?, None);

    // Change the config circumventing the cache
    // This simulates what the notification plugin on iOS might do
@@ -614,24 +610,21 @@ async fn test_cache_is_cleared_when_io_is_started() -> Result<()> {
    alice
        .sql
        .execute(
-            "INSERT OR REPLACE INTO config (keyname, value) VALUES ('show_emails', '0')",
+            "INSERT OR REPLACE INTO config (keyname, value) VALUES ('displayname', 'Alice 2')",
            (),
        )
        .await?;

    // Alice's Delta Chat doesn't know about it yet:
-    assert_eq!(
-        alice.get_config(Config::ShowEmails).await?,
-        Some("2".to_string())
-    );
+    assert_eq!(alice.get_config(Config::Displayname).await?, None);

    // Starting IO will fail of course because no server settings are configured,
    // but it should invalidate the caches:
    alice.start_io().await;

    assert_eq!(
-        alice.get_config(Config::ShowEmails).await?,
-        Some("0".to_string())
+        alice.get_config(Config::Displayname).await?,
+        Some("Alice 2".to_string())
    );

    Ok(())
--- a/src/download.rs
+++ b/src/download.rs
@@ -173,9 +173,7 @@ pub(crate) async fn download_msg(
    if msg_transport_id != transport_id {
        return Ok(None);
    }
-    session
-        .fetch_single_msg(context, &server_folder, server_uid, rfc724_mid)
-        .await?;
+    Box::pin(session.fetch_single_msg(context, &server_folder, server_uid, rfc724_mid)).await?;
    Ok(Some(()))
 }

@@ -204,8 +202,11 @@ impl Session {
        let mut uid_message_ids: BTreeMap<u32, String> = BTreeMap::new();
        uid_message_ids.insert(uid, rfc724_mid);
        let (sender, receiver) = async_channel::unbounded();
-        self.fetch_many_msgs(context, folder, vec![uid], &uid_message_ids, sender)
-            .await?;
+        {
+            let _fetch_msgs_lock_guard = context.fetch_msgs_mutex.lock().await;
+            self.fetch_many_msgs(context, folder, vec![uid], &uid_message_ids, sender)
+                .await?;
+        }
        if receiver.recv().await.is_err() {
            bail!("Failed to fetch UID {uid}");
        }
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -79,16 +79,6 @@ impl EncryptHelper {

        Ok(ctext)
    }
-
-    /// Signs the passed-in `mail` using the private key from `context`.
-    /// Returns the payload and the signature.
-    pub async fn sign(self, context: &Context, mail: &MimePart<'static>) -> Result<String> {
-        let sign_key = load_self_secret_key(context).await?;
-        let mut buffer = Vec::new();
-        mail.clone().write_part(&mut buffer)?;
-        let signature = pgp::pk_calc_signature(buffer, &sign_key)?;
-        Ok(signature)
-    }
 }

 /// Ensures a private key exists for the configured user.
--- a/src/events/chatlist_events.rs
+++ b/src/events/chatlist_events.rs
@@ -89,13 +89,9 @@ mod test_chatlist_events {
            .get_matching(|evt| match evt {
                EventType::ChatlistItemChanged {
                    chat_id: Some(ev_chat_id),
-                } => {
-                    if ev_chat_id == &chat_id {
-                        first_event_is_item.store(true, Ordering::Relaxed);
-                        true
-                    } else {
-                        false
-                    }
+                } if ev_chat_id == &chat_id => {
+                    first_event_is_item.store(true, Ordering::Relaxed);
+                    true
                }
                EventType::ChatlistChanged => true,
                _ => false,
--- a/src/events/payload.rs
+++ b/src/events/payload.rs
@@ -234,8 +234,7 @@ pub enum EventType {
    /// Location of one or more contact has changed.
    ///
    /// @param data1 (u32) contact_id of the contact for which the location has changed.
-    ///     If the locations of several contacts have been changed,
-    ///     eg. after calling dc_delete_all_locations(), this parameter is set to `None`.
+    ///     If the locations of several contacts have been changed, this parameter is set to `None`.
    LocationChanged(Option<ContactId>),

    /// Inform about the configuration progress started by configure().
--- a/src/html.rs
+++ b/src/html.rs
@@ -86,8 +86,7 @@ impl HtmlMsgParser {
    /// Function takes a raw mime-message string,
    /// searches for the main-text part
    /// and returns that as parser.html
-    #[expect(clippy::arithmetic_side_effects)]
-    pub async fn from_bytes<'a>(
+    pub fn from_bytes<'a>(
        context: &Context,
        rawmime: &'a [u8],
    ) -> Result<(Self, mailparse::ParsedMail<'a>)> {
@@ -99,14 +98,14 @@ impl HtmlMsgParser {

        let parsedmail = mailparse::parse_mail(rawmime).context("Failed to parse mail")?;

-        parser.collect_texts_recursive(context, &parsedmail).await?;
+        parser.collect_texts_recursive(context, &parsedmail)?;

        if parser.html.is_empty() {
            if let Some(plain) = &parser.plain {
                parser.html = plain.to_html();
            }
        } else {
-            parser.cid_to_data_recursive(context, &parsedmail).await?;
+            parser.cid_to_data_recursive(context, &parsedmail)?;
        }
        parser.html += &mem::take(&mut parser.msg_html);
        Ok((parser, parsedmail))
@@ -120,8 +119,7 @@ impl HtmlMsgParser {
    /// Usually, there is at most one plain-text and one HTML-text part,
    /// multiple plain-text parts might be used for mailinglist-footers,
    /// therefore we use the first one.
-    #[expect(clippy::arithmetic_side_effects)]
-    async fn collect_texts_recursive<'a>(
+    fn collect_texts_recursive<'a>(
        &'a mut self,
        context: &'a Context,
        mail: &'a mailparse::ParsedMail<'a>,
@@ -129,7 +127,7 @@ impl HtmlMsgParser {
        match get_mime_multipart_type(&mail.ctype) {
            MimeMultipartType::Multiple => {
                for cur_data in &mail.subparts {
-                    Box::pin(self.collect_texts_recursive(context, cur_data)).await?
+                    self.collect_texts_recursive(context, cur_data)?
                }
                Ok(())
            }
@@ -138,7 +136,7 @@ impl HtmlMsgParser {
                if raw.is_empty() {
                    return Ok(());
                }
-                let (parser, mail) = Box::pin(HtmlMsgParser::from_bytes(context, &raw)).await?;
+                let (parser, mail) = HtmlMsgParser::from_bytes(context, &raw)?;
                if !parser.html.is_empty() {
                    let mut text = "\r\n\r\n".to_string();
                    for h in mail.headers {
@@ -201,7 +199,7 @@ impl HtmlMsgParser {

    /// Replace cid:-protocol by the data:-protocol where appropriate.
    /// This allows the final html-file to be self-contained.
-    async fn cid_to_data_recursive<'a>(
+    fn cid_to_data_recursive<'a>(
        &'a mut self,
        context: &'a Context,
        mail: &'a mailparse::ParsedMail<'a>,
@@ -209,7 +207,7 @@ impl HtmlMsgParser {
        match get_mime_multipart_type(&mail.ctype) {
            MimeMultipartType::Multiple => {
                for cur_data in &mail.subparts {
-                    Box::pin(self.cid_to_data_recursive(context, cur_data)).await?;
+                    self.cid_to_data_recursive(context, cur_data)?;
                }
                Ok(())
            }
@@ -271,7 +269,7 @@ impl MsgId {

        let rawmime = rawmime?;
        if !rawmime.is_empty() {
-            match HtmlMsgParser::from_bytes(context, &rawmime).await {
+            match HtmlMsgParser::from_bytes(context, &rawmime) {
                Err(err) => {
                    warn!(context, "get_html: parser error: {:#}", err);
                    Ok(None)
@@ -289,7 +287,6 @@ impl MsgId {
 mod tests {
    use super::*;
    use crate::chat::{self, Chat, forward_msgs, save_msgs};
-    use crate::config::Config;
    use crate::constants;
    use crate::contact::ContactId;
    use crate::message::{MessengerMessage, Viewtype};
@@ -300,7 +297,7 @@ mod tests {
    async fn test_htmlparse_plain_unspecified() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_unspecified.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -318,7 +315,7 @@ This message does not have Content-Type nor Subject.<br/>
    async fn test_htmlparse_plain_iso88591() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_iso88591.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -336,7 +333,7 @@ message with a non-UTF-8 encoding: äöüßÄÖÜ<br/>
    async fn test_htmlparse_plain_flowed() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_plain_flowed.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert!(parser.plain.unwrap().flowed);
        assert_eq!(
            parser.html,
@@ -358,7 +355,7 @@ and will be wrapped as usual.<br/>
    async fn test_htmlparse_alt_plain() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_plain.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert_eq!(
            parser.html,
            r#"<!DOCTYPE html>
@@ -378,7 +375,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();

        // on windows, `\r\n` linends are returned from mimeparser,
        // however, rust multiline-strings use just `\n`;
@@ -396,7 +393,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_alt_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert_eq!(
            parser.html.replace('\r', ""), // see comment in test_htmlparse_html()
            r##"<html>
@@ -410,7 +407,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_htmlparse_alt_plain_html() {
        let t = TestContext::new().await;
        let raw = include_bytes!("../test-data/message/text_alt_plain_html.eml");
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert_eq!(
            parser.html.replace('\r', ""), // see comment in test_htmlparse_html()
            r##"<html>
@@ -434,7 +431,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
        assert!(test.find("data:").is_none());

        // parsing converts cid: to data:
-        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).await.unwrap();
+        let (parser, _) = HtmlMsgParser::from_bytes(&t.ctx, raw).unwrap();
        assert!(parser.html.contains("<html>"));
        assert!(!parser.html.contains("Content-Id:"));
        assert!(parser.html.contains("data:image/jpeg;base64,/9j/4AAQ"));
@@ -557,13 +554,7 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x
    async fn test_html_forwarding_encrypted() {
        let mut tcm = TestContextManager::new();
        // Alice receives a non-delta html-message
-        // (`ShowEmails=AcceptedContacts` lets Alice actually receive non-delta messages for known
-        // contacts, the contact is marked as known by creating a chat using `chat_with_contact()`)
        let alice = &tcm.alice().await;
-        alice
-            .set_config(Config::ShowEmails, Some("1"))
-            .await
-            .unwrap();
        let chat = alice
            .create_chat_with_contact("", "sender@testrun.org")
            .await;
@@ -581,10 +572,6 @@ test some special html-characters as &lt; &gt; and &amp; but also &quot; and &#x

        // receive the message on another device
        let alice = &tcm.alice().await;
-        alice
-            .set_config(Config::ShowEmails, Some("0"))
-            .await
-            .unwrap();
        let msg = alice.recv_msg(&msg).await;
        assert_eq!(msg.chat_id, alice.get_self_chat().await.id);
        assert_eq!(msg.get_from_id(), ContactId::SELF);
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -27,13 +27,14 @@ use crate::calls::{
 use crate::chat::{self, ChatId, ChatIdBlocked, add_device_msg};
 use crate::chatlist_events;
 use crate::config::Config;
-use crate::constants::{self, Blocked, DC_VERSION_STR};
+use crate::constants::{Blocked, DC_VERSION_STR};
 use crate::contact::ContactId;
 use crate::context::Context;
+use crate::ensure_and_debug_assert;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
 use crate::log::{LogExt, warn};
-use crate::message::{self, Message, MessageState, MessengerMessage, MsgId};
+use crate::message::{self, Message, MessageState, MsgId};
 use crate::mimeparser;
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionStream;
@@ -91,6 +92,9 @@ pub(crate) struct Imap {

    oauth2: bool,

+    /// Watched folder.
+    pub(crate) folder: String,
+
    authentication_failed_once: bool,

    pub(crate) connectivity: ConnectivityStore,
@@ -162,7 +166,6 @@ pub enum FolderMeaning {
    /// Spam folder.
    Spam,
    Inbox,
-    Mvbox,
    Trash,

    /// Virtual folders.
@@ -174,19 +177,6 @@ pub enum FolderMeaning {
    Virtual,
 }

-impl FolderMeaning {
-    pub fn to_config(self) -> Option<Config> {
-        match self {
-            FolderMeaning::Unknown => None,
-            FolderMeaning::Spam => None,
-            FolderMeaning::Inbox => Some(Config::ConfiguredInboxFolder),
-            FolderMeaning::Mvbox => Some(Config::ConfiguredMvboxFolder),
-            FolderMeaning::Trash => None,
-            FolderMeaning::Virtual => None,
-        }
-    }
-}
-
 struct UidGrouper<T: Iterator<Item = (i64, u32, String)>> {
    inner: Peekable<T>,
 }
@@ -263,6 +253,11 @@ impl Imap {
        let addr = &param.addr;
        let strict_tls = param.strict_tls(proxy_config.is_some());
        let oauth2 = param.oauth2;
+        let folder = param
+            .imap_folder
+            .clone()
+            .unwrap_or_else(|| "INBOX".to_string());
+        ensure_and_debug_assert!(!folder.is_empty(), "Watched folder name cannot be empty");
        let (resync_request_sender, resync_request_receiver) = async_channel::bounded(1);
        Ok(Imap {
            transport_id,
@@ -273,6 +268,7 @@ impl Imap {
            proxy_config,
            strict_tls,
            oauth2,
+            folder,
            authentication_failed_once: false,
            connectivity: Default::default(),
            conn_last_try: UNIX_EPOCH,
@@ -490,22 +486,14 @@ impl Imap {
    /// that folders are created and IMAP capabilities are determined.
    pub(crate) async fn prepare(&mut self, context: &Context) -> Result<Session> {
        let configuring = false;
-        let mut session = match self.connect(context, configuring).await {
+        let session = match self.connect(context, configuring).await {
            Ok(session) => session,
            Err(err) => {
-                self.connectivity.set_err(context, &err);
+                self.connectivity.set_err(context, format!("{err:#}"));
                return Err(err);
            }
        };

-        let folders_configured = context
-            .sql
-            .get_raw_config_int(constants::DC_FOLDERS_CONFIGURED_KEY)
-            .await?;
-        if folders_configured.unwrap_or_default() < constants::DC_FOLDERS_CONFIGURED_VERSION {
-            self.configure_folders(context, &mut session).await?;
-        }
-
        Ok(session)
    }

@@ -518,15 +506,15 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        watch_folder: &str,
-        folder_meaning: FolderMeaning,
    ) -> Result<()> {
+        ensure_and_debug_assert!(!watch_folder.is_empty(), "Watched folder cannot be empty");
        if !context.sql.is_open().await {
            // probably shutdown
            bail!("IMAP operation attempted while it is torn down");
        }

        let msgs_fetched = self
-            .fetch_new_messages(context, session, watch_folder, folder_meaning)
+            .fetch_new_messages(context, session, watch_folder)
            .await
            .context("fetch_new_messages")?;
        if msgs_fetched && context.get_config_delete_device_after().await?.is_some() {
@@ -554,19 +542,9 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        folder: &str,
-        folder_meaning: FolderMeaning,
    ) -> Result<bool> {
        let transport_id = session.transport_id();

-        if should_ignore_folder(context, folder, folder_meaning).await? {
-            info!(
-                context,
-                "Transport {transport_id}: Not fetching from {folder:?}."
-            );
-            session.new_mail = false;
-            return Ok(false);
-        }
-
        let folder_exists = session
            .select_with_uidvalidity(context, folder)
            .await
@@ -589,9 +567,8 @@ impl Imap {

        let mut read_cnt = 0;
        loop {
-            let (n, fetch_more) = self
-                .fetch_new_msg_batch(context, session, folder, folder_meaning)
-                .await?;
+            let (n, fetch_more) =
+                Box::pin(self.fetch_new_msg_batch(context, session, folder)).await?;
            read_cnt += n;
            if !fetch_more {
                return Ok(read_cnt > 0);
@@ -606,7 +583,6 @@ impl Imap {
        context: &Context,
        session: &mut Session,
        folder: &str,
-        folder_meaning: FolderMeaning,
    ) -> Result<(usize, bool)> {
        let transport_id = self.transport_id;
        let uid_validity = get_uidvalidity(context, transport_id, folder).await?;
@@ -676,13 +652,7 @@ impl Imap {
                info!(context, "Deleting locally deleted message {message_id}.");
            }

-            let _target;
-            let target = if delete {
-                ""
-            } else {
-                _target = target_folder(context, folder, folder_meaning, &headers).await?;
-                &_target
-            };
+            let target = if delete { "" } else { folder };

            context
                .sql
@@ -710,18 +680,9 @@ impl Imap {
            // message, move it to the movebox and then download the second message before
            // downloading the first one, if downloading from inbox before moving is allowed.
            if folder == target
-                // Never download messages directly from the spam folder.
-                // If the sender is known, the message will be moved to the Inbox or Mvbox
-                // and then we download the message from there.
-                // Also see `spam_target_folder_cfg()`.
-                && folder_meaning != FolderMeaning::Spam
-                && prefetch_should_download(
-                    context,
-                    &headers,
-                    &message_id,
-                    fetch_response.flags(),
-                )
-                .await.context("prefetch_should_download")?
+                && prefetch_should_download(context, &headers, &message_id, fetch_response.flags())
+                    .await
+                    .context("prefetch_should_download")?
            {
                if headers
                    .get_header_value(HeaderDef::ChatIsPostMessage)
@@ -730,10 +691,19 @@ impl Imap {
                    info!(context, "{message_id:?} is a post-message.");
                    available_post_msgs.push(message_id.clone());

-                    if download_limit.is_none_or(|download_limit| size <= download_limit) {
-                        download_later.push(message_id.clone());
+                    let is_bot = context.get_config_bool(Config::Bot).await?;
+                    if is_bot && download_limit.is_none_or(|download_limit| size <= download_limit)
+                    {
+                        uids_fetch.push(uid);
+                        uid_message_ids.insert(uid, message_id);
+                    } else {
+                        if download_limit.is_none_or(|download_limit| size <= download_limit) {
+                            // Download later after all the small messages are downloaded,
+                            // so that large messages don't delay receiving small messages
+                            download_later.push(message_id.clone());
+                        }
+                        largest_uid_skipped = Some(uid);
                    }
-                    largest_uid_skipped = Some(uid);
                } else {
                    info!(context, "{message_id:?} is not a post-message.");
                    if download_limit.is_none_or(|download_limit| size <= download_limit) {
@@ -1103,15 +1073,22 @@ impl Session {
            return Ok(());
        }

+        context
+            .sql
+            .execute(
+                "DELETE FROM imap_markseen WHERE id NOT IN (SELECT imap.id FROM imap)",
+                (),
+            )
+            .await?;
+
        let transport_id = self.transport_id();
-        let rows = context
+        let mut rows = context
            .sql
            .query_map_vec(
                "SELECT imap.id, uid, folder FROM imap, imap_markseen
                 WHERE imap.id = imap_markseen.id
                 AND imap.transport_id=?
-                 AND target = folder
-                 ORDER BY folder, uid",
+                 AND target = folder",
                (transport_id,),
                |row| {
                    let rowid: i64 = row.get(0)?;
@@ -1122,6 +1099,16 @@ impl Session {
            )
            .await?;

+        // Number of SQL results is expected to be low as
+        // we usually don't have many messages to mark on IMAP at once.
+        // We are sorting outside of SQL to avoid SQLite constructing a query plan
+        // that scans the whole `imap` table. Scanning `imap_markseen` is fine
+        // as it should not have many items.
+        // If you change the SQL query, test it with `EXPLAIN QUERY PLAN`.
+        rows.sort_unstable_by(|(_rowid1, uid1, folder1), (_rowid2, uid2, folder2)| {
+            (folder1, uid1).cmp(&(folder2, uid2))
+        });
+
        for (folder, rowid_set, uid_set) in UidGrouper::from(rows) {
            let folder_exists = match self.select_with_uidvalidity(context, &folder).await {
                Err(err) => {
@@ -1645,13 +1632,8 @@ impl Session {
            // Store new encrypted device token on the server
            // even if it is the same as the old one.
            if let Some(encrypted_device_token) = new_encrypted_device_token {
-                let folder = context
-                    .get_config(Config::ConfiguredInboxFolder)
-                    .await?
-                    .context("INBOX is not configured")?;
-
                self.run_command_and_check_ok(&format_setmetadata(
-                    &folder,
+                    "INBOX",
                    &encrypted_device_token,
                ))
                .await
@@ -1696,117 +1678,6 @@ impl Session {
        }
        Ok(())
    }
-
-    /// Attempts to configure mvbox.
-    ///
-    /// Tries to find any folder examining `folders` in the order they go.
-    /// This method does not use LIST command to ensure that
-    /// configuration works even if mailbox lookup is forbidden via Access Control List (see
-    /// <https://datatracker.ietf.org/doc/html/rfc4314>).
-    ///
-    /// Returns first found folder name.
-    async fn configure_mvbox<'a>(
-        &mut self,
-        context: &Context,
-        folders: &[&'a str],
-    ) -> Result<Option<&'a str>> {
-        // Close currently selected folder if needed.
-        // We are going to select folders using low-level EXAMINE operations below.
-        self.maybe_close_folder(context).await?;
-
-        for folder in folders {
-            info!(context, "Looking for MVBOX-folder \"{}\"...", &folder);
-            let res = self.examine(&folder).await;
-            if res.is_ok() {
-                info!(
-                    context,
-                    "MVBOX-folder {:?} successfully selected, using it.", &folder
-                );
-                self.close().await?;
-                // Before moving emails to the mvbox we need to remember its UIDVALIDITY, otherwise
-                // emails moved before that wouldn't be fetched but considered "old" instead.
-                let folder_exists = self.select_with_uidvalidity(context, folder).await?;
-                ensure!(folder_exists, "No MVBOX folder {:?}??", &folder);
-                return Ok(Some(folder));
-            }
-        }
-
-        Ok(None)
-    }
-}
-
-impl Imap {
-    pub(crate) async fn configure_folders(
-        &mut self,
-        context: &Context,
-        session: &mut Session,
-    ) -> Result<()> {
-        let mut folders = session
-            .list(Some(""), Some("*"))
-            .await
-            .context("list_folders failed")?;
-        let mut delimiter = ".".to_string();
-        let mut delimiter_is_default = true;
-        let mut folder_configs = BTreeMap::new();
-
-        while let Some(folder) = folders.try_next().await? {
-            info!(context, "Scanning folder: {:?}", folder);
-
-            // Update the delimiter iff there is a different one, but only once.
-            if let Some(d) = folder.delimiter()
-                && delimiter_is_default
-                && !d.is_empty()
-                && delimiter != d
-            {
-                delimiter = d.to_string();
-                delimiter_is_default = false;
-            }
-
-            let folder_meaning = get_folder_meaning_by_attrs(folder.attributes());
-            let folder_name_meaning = get_folder_meaning_by_name(folder.name());
-            if let Some(config) = folder_meaning.to_config() {
-                // Always takes precedence
-                folder_configs.insert(config, folder.name().to_string());
-            } else if let Some(config) = folder_name_meaning.to_config() {
-                // only set if none has been already set
-                folder_configs
-                    .entry(config)
-                    .or_insert_with(|| folder.name().to_string());
-            }
-        }
-        drop(folders);
-
-        info!(context, "Using \"{}\" as folder-delimiter.", delimiter);
-
-        let fallback_folder = format!("INBOX{delimiter}DeltaChat");
-        let mvbox_folder = session
-            .configure_mvbox(context, &["DeltaChat", &fallback_folder])
-            .await
-            .context("failed to configure mvbox")?;
-
-        context
-            .set_config_internal(Config::ConfiguredInboxFolder, Some("INBOX"))
-            .await?;
-        if let Some(mvbox_folder) = mvbox_folder {
-            info!(context, "Setting MVBOX FOLDER TO {}", &mvbox_folder);
-            context
-                .set_config_internal(Config::ConfiguredMvboxFolder, Some(mvbox_folder))
-                .await?;
-        }
-        for (config, name) in folder_configs {
-            context.set_config_internal(config, Some(&name)).await?;
-        }
-        context
-            .sql
-            .set_raw_config_int(
-                constants::DC_FOLDERS_CONFIGURED_KEY,
-                constants::DC_FOLDERS_CONFIGURED_VERSION,
-            )
-            .await?;
-
-        info!(context, "FINISHED configuring IMAP-folders.");
-        Ok(())
-    }
 }

 impl Session {
@@ -1940,15 +1811,7 @@ async fn spam_target_folder_cfg(
        return Ok(None);
    }

-    if needs_move_to_mvbox(context, headers).await?
-        // If OnlyFetchMvbox is set, we don't want to move the message to
-        // the inbox where we wouldn't fetch it again:
-        || context.get_config_bool(Config::OnlyFetchMvbox).await?
-    {
-        Ok(Some(Config::ConfiguredMvboxFolder))
-    } else {
-        Ok(Some(Config::ConfiguredInboxFolder))
-    }
+    Ok(Some(Config::ConfiguredInboxFolder))
 }

 /// Returns `ConfiguredInboxFolder` or `ConfiguredMvboxFolder` if
@@ -1959,16 +1822,12 @@ pub async fn target_folder_cfg(
    folder_meaning: FolderMeaning,
    headers: &[mailparse::MailHeader<'_>],
 ) -> Result<Option<Config>> {
-    if context.is_mvbox(folder).await? {
+    if folder == "DeltaChat" {
        return Ok(None);
    }

    if folder_meaning == FolderMeaning::Spam {
        spam_target_folder_cfg(context, headers).await
-    } else if folder_meaning == FolderMeaning::Inbox
-        && needs_move_to_mvbox(context, headers).await?
-    {
-        Ok(Some(Config::ConfiguredMvboxFolder))
    } else {
        Ok(None)
    }
@@ -1989,27 +1848,6 @@ pub async fn target_folder(
    }
 }

-async fn needs_move_to_mvbox(
-    context: &Context,
-    headers: &[mailparse::MailHeader<'_>],
-) -> Result<bool> {
-    let has_chat_version = headers.get_header_value(HeaderDef::ChatVersion).is_some();
-    if !context.get_config_bool(Config::MvboxMove).await? {
-        return Ok(false);
-    }
-
-    if has_chat_version {
-        Ok(true)
-    } else if let Some(parent) = get_prefetch_parent_message(context, headers).await? {
-        match parent.is_dc_message {
-            MessengerMessage::No => Ok(false),
-            MessengerMessage::Yes | MessengerMessage::Reply => Ok(true),
-        }
-    } else {
-        Ok(false)
-    }
-}
-
 /// Try to get the folder meaning by the name of the folder only used if the server does not support XLIST.
 // TODO: lots languages missing - maybe there is a list somewhere on other MUAs?
 // however, if we fail to find out the sent-folder,
@@ -2163,7 +2001,7 @@ pub(crate) async fn prefetch_should_download(
        return Ok(false);
    }

-    let should_download = (!blocked_contact) || maybe_ndn;
+    let should_download = !blocked_contact || maybe_ndn;
    Ok(should_download)
 }

@@ -2340,21 +2178,6 @@ async fn get_modseq(context: &Context, transport_id: u32, folder: &str) -> Resul
        .unwrap_or(0))
 }

-/// Whether to ignore fetching messages from a folder.
-///
-/// This caters for the [`Config::OnlyFetchMvbox`] setting which means mails from folders
-/// not explicitly watched should not be fetched.
-async fn should_ignore_folder(
-    context: &Context,
-    folder: &str,
-    folder_meaning: FolderMeaning,
-) -> Result<bool> {
-    if !context.get_config_bool(Config::OnlyFetchMvbox).await? {
-        return Ok(false);
-    }
-    Ok(!(context.is_mvbox(folder).await? || folder_meaning == FolderMeaning::Spam))
-}
-
 /// Builds a list of sequence/uid sets. The returned sets have each no more than around 1000
 /// characters because according to <https://tools.ietf.org/html/rfc2683#section-3.2.1.5>
 /// command lines should not be much more than 1000 chars (servers should allow at least 8000 chars)
@@ -2414,23 +2237,5 @@ impl std::fmt::Display for UidRange {
    }
 }

-pub(crate) async fn get_watched_folder_configs(context: &Context) -> Result<Vec<Config>> {
-    let mut res = vec![Config::ConfiguredInboxFolder];
-    if context.should_watch_mvbox().await? {
-        res.push(Config::ConfiguredMvboxFolder);
-    }
-    Ok(res)
-}
-
-pub(crate) async fn get_watched_folders(context: &Context) -> Result<Vec<String>> {
-    let mut res = Vec::new();
-    for folder_config in get_watched_folder_configs(context).await? {
-        if let Some(folder) = context.get_config(folder_config).await? {
-            res.push(folder);
-        }
-    }
-    Ok(res)
-}
-
 #[cfg(test)]
 mod imap_tests;
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -220,6 +220,8 @@ impl Client {
            alpn(addr.port()),
            logging_stream,
            &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
        )
        .await?;
        let buffered_stream = BufWriter::new(tls_stream);
@@ -282,6 +284,8 @@ impl Client {
            "",
            tcp_stream,
            &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
        )
        .await
        .context("STARTTLS upgrade failed")?;
@@ -310,6 +314,8 @@ impl Client {
            alpn(port),
            proxy_stream,
            &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
        )
        .await?;
        let buffered_stream = BufWriter::new(tls_stream);
@@ -373,6 +379,8 @@ impl Client {
            "",
            proxy_stream,
            &context.tls_session_store,
+            &context.spki_hash_store,
+            &context.sql,
        )
        .await
        .context("STARTTLS upgrade failed")?;
--- a/src/imap/idle.rs
+++ b/src/imap/idle.rs
@@ -120,11 +120,7 @@ impl Session {

 impl Imap {
    /// Idle using polling.
-    pub(crate) async fn fake_idle(
-        &mut self,
-        context: &Context,
-        watch_folder: String,
-    ) -> Result<()> {
+    pub(crate) async fn fake_idle(&mut self, context: &Context, watch_folder: &str) -> Result<()> {
        let fake_idle_start_time = tools::Time::now();

        info!(context, "IMAP-fake-IDLEing folder={:?}", watch_folder);
--- a/src/imap/imap_tests.rs
+++ b/src/imap/imap_tests.rs
@@ -100,23 +100,16 @@ fn test_build_sequence_sets() {

 async fn check_target_folder_combination(
    folder: &str,
-    mvbox_move: bool,
    chat_msg: bool,
    expected_destination: &str,
    accepted_chat: bool,
    outgoing: bool,
 ) -> Result<()> {
    println!(
-        "Testing: For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}"
+        "Testing: For folder {folder}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}"
    );

    let t = TestContext::new_alice().await;
-    t.ctx
-        .set_config(Config::ConfiguredMvboxFolder, Some("DeltaChat"))
-        .await?;
-    t.ctx
-        .set_config(Config::MvboxMove, Some(if mvbox_move { "1" } else { "0" }))
-        .await?;

    if accepted_chat {
        let contact_id = Contact::create(&t.ctx, "", "bob@example.net").await?;
@@ -161,64 +154,42 @@ async fn check_target_folder_combination(
    assert_eq!(
        expected,
        actual.as_deref(),
-        "For folder {folder}, mvbox_move {mvbox_move}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}: expected {expected:?}, got {actual:?}"
+        "For folder {folder}, chat_msg {chat_msg}, accepted {accepted_chat}, outgoing {outgoing}: expected {expected:?}, got {actual:?}"
    );
    Ok(())
 }

 // chat_msg means that the message was sent by Delta Chat
-// The tuples are (folder, mvbox_move, chat_msg, expected_destination)
-const COMBINATIONS_ACCEPTED_CHAT: &[(&str, bool, bool, &str)] = &[
-    ("INBOX", false, false, "INBOX"),
-    ("INBOX", false, true, "INBOX"),
-    ("INBOX", true, false, "INBOX"),
-    ("INBOX", true, true, "DeltaChat"),
-    ("Spam", false, false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
-    ("Spam", false, true, "INBOX"),
-    ("Spam", true, false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
-    ("Spam", true, true, "DeltaChat"),
+// The tuples are (folder, chat_msg, expected_destination)
+const COMBINATIONS_ACCEPTED_CHAT: &[(&str, bool, &str)] = &[
+    ("INBOX", false, "INBOX"),
+    ("INBOX", true, "INBOX"),
+    ("Spam", false, "INBOX"), // Move classical emails in accepted chats from Spam to Inbox, not 100% sure on this, we could also just never move non-chat-msgs
+    ("Spam", true, "INBOX"),
 ];

 // These are the same as above, but non-chat messages in Spam stay in Spam
-const COMBINATIONS_REQUEST: &[(&str, bool, bool, &str)] = &[
-    ("INBOX", false, false, "INBOX"),
-    ("INBOX", false, true, "INBOX"),
-    ("INBOX", true, false, "INBOX"),
-    ("INBOX", true, true, "DeltaChat"),
-    ("Spam", false, false, "Spam"),
-    ("Spam", false, true, "INBOX"),
-    ("Spam", true, false, "Spam"),
-    ("Spam", true, true, "DeltaChat"),
+const COMBINATIONS_REQUEST: &[(&str, bool, &str)] = &[
+    ("INBOX", false, "INBOX"),
+    ("INBOX", true, "INBOX"),
+    ("Spam", false, "Spam"),
+    ("Spam", true, "INBOX"),
 ];

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_incoming_accepted() -> Result<()> {
-    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
-        check_target_folder_combination(
-            folder,
-            *mvbox_move,
-            *chat_msg,
-            expected_destination,
-            true,
-            false,
-        )
-        .await?;
+    for (folder, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(folder, *chat_msg, expected_destination, true, false)
+            .await?;
    }
    Ok(())
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_incoming_request() -> Result<()> {
-    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_REQUEST {
-        check_target_folder_combination(
-            folder,
-            *mvbox_move,
-            *chat_msg,
-            expected_destination,
-            false,
-            false,
-        )
-        .await?;
+    for (folder, chat_msg, expected_destination) in COMBINATIONS_REQUEST {
+        check_target_folder_combination(folder, *chat_msg, expected_destination, false, false)
+            .await?;
    }
    Ok(())
 }
@@ -226,16 +197,9 @@ async fn test_target_folder_incoming_request() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_target_folder_outgoing() -> Result<()> {
    // Test outgoing emails
-    for (folder, mvbox_move, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
-        check_target_folder_combination(
-            folder,
-            *mvbox_move,
-            *chat_msg,
-            expected_destination,
-            true,
-            true,
-        )
-        .await?;
+    for (folder, chat_msg, expected_destination) in COMBINATIONS_ACCEPTED_CHAT {
+        check_target_folder_combination(folder, *chat_msg, expected_destination, true, true)
+            .await?;
    }
    Ok(())
 }
--- a/src/imap/session.rs
+++ b/src/imap/session.rs
@@ -16,7 +16,7 @@ use crate::net::session::SessionStream;
 /// - Autocrypt-Setup-Message to check if a message is an autocrypt setup message,
 ///   not necessarily sent by Delta Chat.
 /// - Chat-Is-Post-Message to skip it in background fetch or when it is > `DownloadLimit`.
-const PREFETCH_FLAGS: &str = "(UID INTERNALDATE RFC822.SIZE BODY.PEEK[HEADER.FIELDS (\
+const PREFETCH_FLAGS: &str = "(UID RFC822.SIZE BODY.PEEK[HEADER.FIELDS (\
                              MESSAGE-ID \
                              DATE \
                              X-MICROSOFT-ORIGINAL-MESSAGE-ID \
@@ -124,7 +124,7 @@ impl Session {
    }

    /// Prefetch `n_uids` messages starting from `uid_next`. Returns a list of fetch results in the
-    /// order of ascending delivery time to the server (INTERNALDATE).
+    /// order of ascending UIDs.
    #[expect(clippy::arithmetic_side_effects)]
    pub(crate) async fn prefetch(
        &mut self,
@@ -142,10 +142,10 @@ impl Session {
        let mut msgs = BTreeMap::new();
        while let Some(msg) = list.try_next().await? {
            if let Some(msg_uid) = msg.uid {
-                msgs.insert((msg.internal_date(), msg_uid), msg);
+                msgs.insert(msg_uid, msg);
            }
        }

-        Ok(msgs.into_iter().map(|((_, uid), msg)| (uid, msg)).collect())
+        Ok(Vec::from_iter(msgs))
    }
 }
--- a/src/imex.rs
+++ b/src/imex.rs
@@ -1137,4 +1137,16 @@ mod tests {

        Ok(())
    }
+
+    /// Tests importing a backup from Delta Chat 1.30.3 for Android (core v1.86.0).
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_import_ancient_backup() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let context = &tcm.unconfigured().await;
+
+        let backup_path = Path::new("test-data/core-1.86.0-backup.tar");
+        imex(context, ImexMode::ImportBackup, backup_path, None).await?;
+
+        Ok(())
+    }
 }
--- a/src/key.rs
+++ b/src/key.rs
@@ -1,7 +1,7 @@
 //! Cryptographic key module.

 use std::collections::BTreeMap;
-use std::fmt;
+use std::fmt::{self, Write as _};
 use std::io::Cursor;

 use anyhow::{Context as _, Result, bail, ensure};
@@ -583,6 +583,21 @@ impl Fingerprint {
    pub fn hex(&self) -> String {
        hex::encode_upper(&self.0)
    }
+
+    /// Make a human-readable fingerprint.
+    pub fn human_readable(&self) -> String {
+        let mut f = String::new();
+        // Split key into chunks of 4 with space and newline at 20 chars
+        for (i, c) in self.hex().chars().enumerate() {
+            if i > 0 && i % 20 == 0 {
+                writeln!(&mut f).ok();
+            } else if i > 0 && i % 4 == 0 {
+                write!(&mut f, " ").ok();
+            }
+            write!(&mut f, "{c}").ok();
+        }
+        f
+    }
 }

 impl From<pgp::types::Fingerprint> for Fingerprint {
@@ -599,22 +614,6 @@ impl fmt::Debug for Fingerprint {
    }
 }

-/// Make a human-readable fingerprint.
-impl fmt::Display for Fingerprint {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        // Split key into chunks of 4 with space and newline at 20 chars
-        for (i, c) in self.hex().chars().enumerate() {
-            if i > 0 && i % 20 == 0 {
-                writeln!(f)?;
-            } else if i > 0 && i % 4 == 0 {
-                write!(f, " ")?;
-            }
-            write!(f, "{c}")?;
-        }
-        Ok(())
-    }
-}
-
 /// Parse a human-readable or otherwise formatted fingerprint.
 impl std::str::FromStr for Fingerprint {
    type Err = anyhow::Error;
@@ -890,7 +889,7 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
            1, 2, 4, 8, 16, 32, 64, 128, 255, 1, 2, 4, 8, 16, 32, 64, 128, 255, 19, 20,
        ]);
        assert_eq!(
-            fp.to_string(),
+            fp.human_readable(),
            "0102 0408 1020 4080 FF01\n0204 0810 2040 80FF 1314"
        );
    }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -17,6 +17,7 @@
    clippy::cloned_instead_of_copied,
    clippy::manual_is_variant_and
 )]
+#![cfg_attr(not(test), warn(clippy::large_futures))]
 #![cfg_attr(not(test), warn(clippy::arithmetic_side_effects))]
 #![cfg_attr(not(test), forbid(clippy::indexing_slicing))]
 #![cfg_attr(not(test), forbid(clippy::string_slice))]
@@ -100,7 +101,6 @@ mod update_helper;
 pub mod webxdc;
 #[macro_use]
 mod dehtml;
-mod authres;
 pub mod color;
 pub mod html;
 pub mod net;
--- a/src/location.rs
+++ b/src/location.rs
@@ -264,15 +264,11 @@ impl Kml {

 /// Enables location streaming in chat identified by `chat_id` for `seconds` seconds.
 #[expect(clippy::arithmetic_side_effects)]
-pub async fn send_locations_to_chat(
-    context: &Context,
-    chat_id: ChatId,
-    seconds: i64,
-) -> Result<()> {
+pub async fn send_to_chat(context: &Context, chat_id: ChatId, seconds: i64) -> Result<()> {
    ensure!(seconds >= 0);
    ensure!(!chat_id.is_special());
    let now = time();
-    let is_sending_locations_before = is_sending_locations_to_chat(context, Some(chat_id)).await?;
+    let is_sending_locations_before = is_sending_to_chat(context, chat_id).await?;
    context
        .sql
        .execute(
@@ -305,35 +301,49 @@ pub async fn send_locations_to_chat(
    Ok(())
 }

-/// Returns whether `chat_id` or any chat is sending locations.
-///
-/// If `chat_id` is `Some` only that chat is checked, otherwise returns `true` if any chat
-/// is sending locations.
-pub async fn is_sending_locations_to_chat(
-    context: &Context,
-    chat_id: Option<ChatId>,
-) -> Result<bool> {
-    let exists = match chat_id {
-        Some(chat_id) => {
-            context
-                .sql
-                .exists(
-                    "SELECT COUNT(id) FROM chats  WHERE id=?  AND locations_send_until>?;",
-                    (chat_id, time()),
-                )
-                .await?
-        }
-        None => {
-            context
-                .sql
-                .exists(
-                    "SELECT COUNT(id) FROM chats  WHERE locations_send_until>?;",
-                    (time(),),
-                )
-                .await?
-        }
-    };
-    Ok(exists)
+/// Returns whether any chat is sending locations.
+pub async fn is_sending(context: &Context) -> Result<bool> {
+    context
+        .sql
+        .exists(
+            "SELECT COUNT(id) FROM chats WHERE locations_send_until>?",
+            (time(),),
+        )
+        .await
+}
+
+/// Returns whether `chat_id` is sending locations.
+pub async fn is_sending_to_chat(context: &Context, chat_id: ChatId) -> Result<bool> {
+    context
+        .sql
+        .exists(
+            "SELECT COUNT(id) FROM chats WHERE id=? AND locations_send_until>?",
+            (chat_id, time()),
+        )
+        .await
+}
+
+/// Returns a list of chats in which location streaming is enabled.
+async fn get_chats_with_location_streaming(context: &Context) -> Result<Vec<ChatId>> {
+    context
+        .sql
+        .query_map_vec(
+            "SELECT id FROM chats WHERE locations_send_until>?",
+            (time(),),
+            |row| {
+                let chat_id: ChatId = row.get(0)?;
+                Ok(chat_id)
+            },
+        )
+        .await
+}
+
+/// Stop sending locations in all chats.
+pub async fn stop_sending(context: &Context) -> Result<()> {
+    for chat_id in get_chats_with_location_streaming(context).await? {
+        send_to_chat(context, chat_id, 0).await?;
+    }
+    Ok(())
 }

 /// Sets current location of the user device.
@@ -459,13 +469,6 @@ fn is_marker(txt: &str) -> bool {
    }
 }

-/// Deletes all locations from the database.
-pub async fn delete_all(context: &Context) -> Result<()> {
-    context.sql.execute("DELETE FROM locations;", ()).await?;
-    context.emit_location_changed(None).await?;
-    Ok(())
-}
-
 /// Deletes expired locations.
 ///
 /// Only path locations are deleted.
@@ -495,7 +498,7 @@ pub(crate) async fn delete_expired(context: &Context, now: i64) -> Result<()> {
 ///
 /// This function is used when a message is deleted
 /// that has a corresponding `location_id`.
-pub(crate) async fn delete_poi_location(context: &Context, location_id: u32) -> Result<()> {
+pub(crate) async fn delete_poi(context: &Context, location_id: u32) -> Result<()> {
    context
        .sql
        .execute(
@@ -507,7 +510,7 @@ pub(crate) async fn delete_poi_location(context: &Context, location_id: u32) ->
 }

 /// Deletes POI locations that don't have corresponding message anymore.
-pub(crate) async fn delete_orphaned_poi_locations(context: &Context) -> Result<()> {
+pub(crate) async fn delete_orphaned_poi(context: &Context) -> Result<()> {
    context.sql.execute("
    DELETE FROM locations
    WHERE independent=1 AND id NOT IN
@@ -716,9 +719,9 @@ pub(crate) async fn save(

 pub(crate) async fn location_loop(context: &Context, interrupt_receiver: Receiver<()>) {
    loop {
-        let next_event = match maybe_send_locations(context).await {
+        let next_event = match maybe_send(context).await {
            Err(err) => {
-                warn!(context, "maybe_send_locations failed: {:#}", err);
+                warn!(context, "location::maybe_send failed: {:#}", err);
                Some(60) // Retry one minute later.
            }
            Ok(next_event) => next_event,
@@ -756,7 +759,7 @@ pub(crate) async fn location_loop(context: &Context, interrupt_receiver: Receive
 /// Returns number of seconds until the next time location streaming for some chat ends
 /// automatically.
 #[expect(clippy::arithmetic_side_effects)]
-async fn maybe_send_locations(context: &Context) -> Result<Option<u64>> {
+async fn maybe_send(context: &Context) -> Result<Option<u64>> {
    let mut next_event: Option<u64> = None;

    let now = time();
@@ -868,7 +871,7 @@ mod tests {
    use crate::config::Config;
    use crate::message::MessageState;
    use crate::receive_imf::receive_imf;
-    use crate::test_utils::{TestContext, TestContextManager};
+    use crate::test_utils::{ExpectedEvents, TestContext, TestContextManager};
    use crate::tools::SystemTime;

    #[test]
@@ -1051,7 +1054,7 @@ Content-Disposition: attachment; filename="location.kml"
        let bob = TestContext::new_bob().await;

        let alice_chat = alice.create_chat(&bob).await;
-        send_locations_to_chat(&alice, alice_chat.id, 1000).await?;
+        send_to_chat(&alice, alice_chat.id, 1000).await?;
        let sent = alice.pop_sent_msg().await;
        let msg = bob.recv_msg(&sent).await;
        assert_eq!(msg.text, "Location streaming enabled by alice@example.org.");
@@ -1100,10 +1103,13 @@ Content-Disposition: attachment; filename="location.kml"
            .await?;

        let alice_chat = alice.create_chat(bob).await;
+        // Bob needs the chat accepted so that "normal" messages from Alice trigger `IncomingMsg`.
+        // Location-only messages still must trigger `MsgsChanged`.
+        bob.create_chat(alice).await;

        // Alice enables location streaming.
        // Bob receives a message saying that Alice enabled location streaming.
-        send_locations_to_chat(alice, alice_chat.id, 60).await?;
+        send_to_chat(alice, alice_chat.id, 60).await?;
        bob.recv_msg(&alice.pop_sent_msg().await).await;

        // Alice gets new location from GPS.
@@ -1113,8 +1119,19 @@ Content-Disposition: attachment; filename="location.kml"
        // 10 seconds later location sending stream manages to send location.
        SystemTime::shift(Duration::from_secs(10));
        delete_expired(alice, time()).await?;
-        maybe_send_locations(alice).await?;
+        maybe_send(alice).await?;
+        bob.evtracker.clear_events();
        bob.recv_msg_opt(&alice.pop_sent_msg().await).await;
+        bob.evtracker
+            .get_matching_ex(
+                bob,
+                ExpectedEvents {
+                    expected: |e| matches!(e, EventType::MsgsChanged { .. }),
+                    unexpected: |e| matches!(e, EventType::IncomingMsg { .. }),
+                },
+            )
+            .await
+            .unwrap();
        assert_eq!(get_range(alice, None, None, 0, 0).await?.len(), 1);
        assert_eq!(get_range(bob, None, None, 0, 0).await?.len(), 1);

--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -56,9 +56,38 @@ pub enum EnteredCertificateChecks {
    AcceptInvalidCertificates2 = 3,
 }

-/// Login parameters for a single server, either IMAP or SMTP
+/// Login parameters for a single IMAP server.
 #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)]
-pub struct EnteredServerLoginParam {
+pub struct EnteredImapLoginParam {
+    /// Server hostname or IP address.
+    pub server: String,
+
+    /// Server port.
+    ///
+    /// 0 if not specified.
+    pub port: u16,
+
+    /// Folder to watch.
+    ///
+    /// If empty, user has not entered anything and it shuold expand to "INBOX" later.
+    #[serde(default)]
+    pub folder: String,
+
+    /// Socket security.
+    pub security: Socket,
+
+    /// Username.
+    ///
+    /// Empty string if not specified.
+    pub user: String,
+
+    /// Password.
+    pub password: String,
+}
+
+/// Login parameters for a single SMTP server.
+#[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub struct EnteredSmtpLoginParam {
    /// Server hostname or IP address.
    pub server: String,

@@ -96,10 +125,10 @@ pub struct EnteredLoginParam {
    pub addr: String,

    /// IMAP settings.
-    pub imap: EnteredServerLoginParam,
+    pub imap: EnteredImapLoginParam,

    /// SMTP settings.
-    pub smtp: EnteredServerLoginParam,
+    pub smtp: EnteredSmtpLoginParam,

    /// TLS options: whether to allow invalid certificates and/or
    /// invalid hostnames
@@ -110,8 +139,11 @@ pub struct EnteredLoginParam {
 }

 impl EnteredLoginParam {
-    /// Loads entered account settings.
-    pub(crate) async fn load(context: &Context) -> Result<Self> {
+    /// Loads entered account settings
+    /// that were set by the deprecated `configured_*` configs.
+    ///
+    /// This is only needed by tests and clients using the old CFFI API.
+    pub(crate) async fn load_legacy(context: &Context) -> Result<Self> {
        let addr = context
            .get_config(Config::Addr)
            .await?
@@ -127,6 +159,10 @@ impl EnteredLoginParam {
            .get_config_parsed::<u16>(Config::MailPort)
            .await?
            .unwrap_or_default();
+
+        // There is no way to set custom folder with this legacy API.
+        let mail_folder = String::new();
+
        let mail_security = context
            .get_config_parsed::<i32>(Config::MailSecurity)
            .await?
@@ -144,7 +180,7 @@ impl EnteredLoginParam {
        // The setting is named `imap_certificate_checks`
        // for backwards compatibility,
        // but now it is a global setting applied to all protocols,
-        // while `smtp_certificate_checks` is ignored.
+        // while `smtp_certificate_checks` has been removed.
        let certificate_checks = if let Some(certificate_checks) = context
            .get_config_parsed::<i32>(Config::ImapCertificateChecks)
            .await?
@@ -185,14 +221,15 @@ impl EnteredLoginParam {

        Ok(EnteredLoginParam {
            addr,
-            imap: EnteredServerLoginParam {
+            imap: EnteredImapLoginParam {
                server: mail_server,
                port: mail_port,
+                folder: mail_folder,
                security: mail_security,
                user: mail_user,
                password: mail_pw,
            },
-            smtp: EnteredServerLoginParam {
+            smtp: EnteredSmtpLoginParam {
                server: send_server,
                port: send_port,
                security: send_security,
@@ -206,7 +243,10 @@ impl EnteredLoginParam {

    /// Saves entered account settings,
    /// so that they can be prefilled if the user wants to configure the server again.
-    pub(crate) async fn save(&self, context: &Context) -> Result<()> {
+    ///
+    /// This is needed in case a UI is not yet updated, and still uses `get_config("mail_pw")` etc.
+    /// in order to prefill the entered account settings.
+    pub(crate) async fn save_legacy(&self, context: &Context) -> Result<()> {
        context.set_config(Config::Addr, Some(&self.addr)).await?;

        context
@@ -329,7 +369,7 @@ mod tests {
            .await?;
        t.set_config(Config::MailPw, Some("foobarbaz")).await?;

-        let param = EnteredLoginParam::load(t).await?;
+        let param = EnteredLoginParam::load_legacy(t).await?;
        assert_eq!(param.addr, "alice@example.org");
        assert_eq!(
            param.certificate_checks,
@@ -338,13 +378,13 @@ mod tests {

        t.set_config(Config::ImapCertificateChecks, Some("1"))
            .await?;
-        let param = EnteredLoginParam::load(t).await?;
+        let param = EnteredLoginParam::load_legacy(t).await?;
        assert_eq!(param.certificate_checks, EnteredCertificateChecks::Strict);

        // Fail to load invalid settings, but do not panic.
        t.set_config(Config::ImapCertificateChecks, Some("999"))
            .await?;
-        assert!(EnteredLoginParam::load(t).await.is_err());
+        assert!(EnteredLoginParam::load_legacy(t).await.is_err());

        Ok(())
    }
@@ -354,14 +394,15 @@ mod tests {
        let t = TestContext::new().await;
        let param = EnteredLoginParam {
            addr: "alice@example.org".to_string(),
-            imap: EnteredServerLoginParam {
+            imap: EnteredImapLoginParam {
                server: "".to_string(),
                port: 0,
+                folder: "".to_string(),
                security: Socket::Starttls,
                user: "".to_string(),
                password: "foobar".to_string(),
            },
-            smtp: EnteredServerLoginParam {
+            smtp: EnteredSmtpLoginParam {
                server: "".to_string(),
                port: 2947,
                security: Socket::default(),
@@ -371,7 +412,7 @@ mod tests {
            certificate_checks: Default::default(),
            oauth2: false,
        };
-        param.save(&t).await?;
+        param.save_legacy(&t).await?;
        assert_eq!(
            t.get_config(Config::Addr).await?.unwrap(),
            "alice@example.org"
@@ -380,7 +421,7 @@ mod tests {
        assert_eq!(t.get_config(Config::SendPw).await?, None);
        assert_eq!(t.get_config_int(Config::SendPort).await?, 2947);

-        assert_eq!(EnteredLoginParam::load(&t).await?, param);
+        assert_eq!(EnteredLoginParam::load_legacy(&t).await?, param);

        Ok(())
    }
--- a/src/message.rs
+++ b/src/message.rs
@@ -1,7 +1,6 @@
 //! # Messages and their identifiers.

 use std::collections::BTreeSet;
-use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 use std::str;

@@ -26,7 +25,7 @@ use crate::download::DownloadState;
 use crate::ephemeral::{Timer as EphemeralTimer, start_ephemeral_timers_msgids};
 use crate::events::EventType;
 use crate::imap::markseen_on_imap_table;
-use crate::location::delete_poi_location;
+use crate::location;
 use crate::log::warn;
 use crate::mimeparser::{SystemMessage, parse_message_id};
 use crate::param::{Param, Params};
@@ -200,7 +199,6 @@ SELECT ?1, rfc724_mid, pre_rfc724_mid, timestamp, ?, ? FROM msgs WHERE id=?1
    }

    /// Returns detailed message information in a multi-line text form.
-    #[expect(clippy::arithmetic_side_effects)]
    pub async fn get_info(self, context: &Context) -> Result<String> {
        let msg = Message::load_from_db(context, self).await?;

@@ -531,7 +529,7 @@ impl Message {
                 FROM msgs m
                 LEFT JOIN chats c ON c.id=m.chat_id
                 LEFT JOIN msgs_mdns mdns ON mdns.msg_id=m.id
-                 WHERE m.id=? AND chat_id!=3
+                 WHERE m.id=? AND chat_id!=3 -- DC_CHAT_ID_TRASH
                 LIMIT 1",
                (id,),
                |row| {
@@ -741,7 +739,7 @@ impl Message {
    /// at a position different from the self-location.
    /// You should not call this function
    /// if you want to bind the current self-location to a message;
-    /// this is done by [`location::set()`] and [`send_locations_to_chat()`].
+    /// this is done by [`location::set()`] and [`location::send_to_chat()`].
    ///
    /// Typically results in the event [`LocationChanged`] with
    /// `contact_id` set to [`ContactId::SELF`].
@@ -750,7 +748,7 @@ impl Message {
    /// `longitude` is the East-west position of the location.
    ///
    /// [`location::set()`]: crate::location::set
-    /// [`send_locations_to_chat()`]: crate::location::send_locations_to_chat
+    /// [`location::send_to_chat()`]: crate::location::send_to_chat
    /// [`LocationChanged`]: crate::events::EventType::LocationChanged
    pub fn set_location(&mut self, latitude: f64, longitude: f64) {
        if latitude == 0.0 && longitude == 0.0 {
@@ -797,12 +795,6 @@ impl Message {
        self.viewtype
    }

-    /// Forces the message to **keep** [Viewtype::Sticker]
-    /// e.g the message will not be converted to a [Viewtype::Image].
-    pub fn force_sticker(&mut self) {
-        self.param.set_int(Param::ForceSticker, 1);
-    }
-
    /// Returns the state of the message.
    pub fn get_state(&self) -> MessageState {
        self.state
@@ -815,14 +807,17 @@ impl Message {

    /// Returns the timestamp of the message for sorting.
    pub fn get_sort_timestamp(&self) -> i64 {
-        self.timestamp_sort
+        if self.timestamp_sort != 0 {
+            self.timestamp_sort
+        } else {
+            self.timestamp_sent
+        }
    }

    /// Returns the text of the message.
    ///
    /// Currently this includes `additional_text`, but this may change in future, when the UIs show
    /// the necessary info themselves.
-    #[expect(clippy::arithmetic_side_effects)]
    pub fn get_text(&self) -> String {
        self.text.clone() + &self.additional_text
    }
@@ -1315,7 +1310,7 @@ impl Message {
    }

    /// Force the message to be sent in plain text.
-    pub fn force_plaintext(&mut self) {
+    pub(crate) fn force_plaintext(&mut self) {
        self.param.set_int(Param::ForcePlaintext, 1);
    }

@@ -1389,6 +1384,8 @@ pub enum MessageState {
    /// For files which need time to be prepared before they can be
    /// sent, the message enters this state before
    /// OutPending.
+    ///
+    /// Deprecated 2024-12-07.
    OutPreparing = 18,

    /// Message saved as draft.
@@ -1652,7 +1649,7 @@ pub(crate) async fn get_mime_headers(context: &Context, msg_id: MsgId) -> Result
 /// This may be called in batches; the final events are emitted in delete_msgs_locally_done() then.
 pub(crate) async fn delete_msg_locally(context: &Context, msg: &Message) -> Result<()> {
    if msg.location_id > 0 {
-        delete_poi_location(context, msg.location_id).await?;
+        location::delete_poi(context, msg.location_id).await?;
    }
    let on_server = true;
    msg.id
@@ -1689,7 +1686,7 @@ pub(crate) async fn delete_msg_locally(context: &Context, msg: &Message) -> Resu
 pub(crate) async fn delete_msgs_locally_done(
    context: &Context,
    msg_ids: &[MsgId],
-    modified_chat_ids: HashSet<ChatId>,
+    modified_chat_ids: BTreeSet<ChatId>,
 ) -> Result<()> {
    for modified_chat_id in modified_chat_ids {
        context.emit_msgs_changed_without_msg_id(modified_chat_id);
@@ -1719,7 +1716,7 @@ pub async fn delete_msgs_ex(
    msg_ids: &[MsgId],
    delete_for_all: bool,
 ) -> Result<()> {
-    let mut modified_chat_ids = HashSet::new();
+    let mut modified_chat_ids = BTreeSet::new();
    let mut deleted_rfc724_mid = Vec::new();
    let mut res = Ok(());

@@ -1800,9 +1797,7 @@ pub async fn delete_msgs_ex(
    Ok(())
 }

-/// Marks requested messages and reactions to them as seen.
-/// This should be called when a message comes into view or when a reaction for a message being in
-/// view arrives.
+/// Marks requested messages as seen.
 pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()> {
    if msg_ids.is_empty() {
        return Ok(());
@@ -1816,18 +1811,10 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>

    let mut msgs = Vec::with_capacity(msg_ids.len());
    for &id in &msg_ids {
-        let Some(rfc724_mid): Option<String> = context
+        if let Some(msg) = context
            .sql
-            .query_get_value("SELECT rfc724_mid FROM msgs WHERE id=?", (id,))
-            .await?
-        else {
-            continue;
-        };
-        context
-            .sql
-            .query_map(
+            .query_row_optional(
                "SELECT
-                    m.id AS id,
                    m.chat_id AS chat_id,
                    m.state AS state,
                    m.ephemeral_timer AS ephemeral_timer,
@@ -1838,11 +1825,9 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
                    c.archived AS archived,
                    c.blocked AS blocked
                 FROM msgs m LEFT JOIN chats c ON c.id=m.chat_id
-                WHERE (m.id=? OR m.mime_in_reply_to=? AND m.hidden=1)
-                    AND m.chat_id>9 AND ?<=m.state AND m.state<?",
-                (id, rfc724_mid, MessageState::InFresh, MessageState::InSeen),
+                 WHERE m.id=? AND m.chat_id>9",
+                (id,),
                |row| {
-                    let id: MsgId = row.get("id")?;
                    let chat_id: ChatId = row.get("chat_id")?;
                    let state: MessageState = row.get("state")?;
                    let param: Params = row.get::<_, String>("param")?.parse().unwrap_or_default();
@@ -1867,14 +1852,11 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
                        ephemeral_timer,
                    ))
                },
-                |rows| {
-                    for row in rows {
-                        msgs.push(row?);
-                    }
-                    Ok(())
-                },
            )
-            .await?;
+            .await?
+        {
+            msgs.push(msg);
+        }
    }

    if msgs
@@ -1903,57 +1885,60 @@ pub async fn markseen_msgs(context: &Context, msg_ids: Vec<MsgId>) -> Result<()>
        _curr_ephemeral_timer,
    ) in msgs
    {
-        update_msg_state(context, id, MessageState::InSeen).await?;
-        info!(context, "Seen message {}.", id);
+        if curr_state == MessageState::InFresh || curr_state == MessageState::InNoticed {
+            update_msg_state(context, id, MessageState::InSeen).await?;
+            info!(context, "Seen message {}.", id);

-        markseen_on_imap_table(context, &curr_rfc724_mid).await?;
+            markseen_on_imap_table(context, &curr_rfc724_mid).await?;

-        // Read receipts for system messages are never sent to contacts. These messages have no
-        // place to display received read receipt anyway. And since their text is locally generated,
-        // quoting them is dangerous as it may contain contact names. E.g., for original message
-        // "Group left by me", a read receipt will quote "Group left by <name>", and the name can be
-        // a display name stored in address book rather than the name sent in the From field by the
-        // user.
-        //
-        // We also don't send read receipts for contact requests. Read receipts will not be sent
-        // even after accepting the chat.
-        let to_id = if curr_blocked == Blocked::Not
-            && !curr_hidden
-            && curr_param.get_bool(Param::WantsMdn).unwrap_or_default()
-            && curr_param.get_cmd() == SystemMessage::Unknown
-            && context.should_send_mdns().await?
-        {
-            // Clear WantsMdn to not handle a MDN twice
-            // if the state later is InFresh again as markfresh_chat() was called.
-            // BccSelf MDN messages in the next branch may be sent twice for syncing.
-            context
-                .sql
-                .execute(
-                    "UPDATE msgs SET param=? WHERE id=?",
-                    (curr_param.clone().remove(Param::WantsMdn).to_string(), id),
-                )
-                .await
-                .context("failed to clear WantsMdn")?;
-            Some(curr_from_id)
-        } else if context.get_config_bool(Config::BccSelf).await? {
-            Some(ContactId::SELF)
-        } else {
-            None
-        };
-        if let Some(to_id) = to_id {
-            context
-                .sql
-                .execute(
-                    "INSERT INTO smtp_mdns (msg_id, from_id, rfc724_mid) VALUES(?, ?, ?)",
-                    (id, to_id, curr_rfc724_mid),
-                )
-                .await
-                .context("failed to insert into smtp_mdns")?;
-            context.scheduler.interrupt_smtp().await;
-        }
+            // Read receipts for system messages are never sent to contacts.
+            // These messages have no place to display received read receipt
+            // anyway. And since their text is locally generated,
+            // quoting them is dangerous as it may contain contact names. E.g., for original message
+            // "Group left by me", a read receipt will quote "Group left by <name>", and the name can
+            // be a display name stored in address book rather than the name sent in the From field by
+            // the user.
+            //
+            // We also don't send read receipts for contact requests.
+            // Read receipts will not be sent even after accepting the chat.
+            let to_id = if curr_blocked == Blocked::Not
+                && !curr_hidden
+                && curr_param.get_bool(Param::WantsMdn).unwrap_or_default()
+                && curr_param.get_cmd() == SystemMessage::Unknown
+                && context.should_send_mdns().await?
+            {
+                // Clear WantsMdn to not handle a MDN twice
+                // if the state later is InFresh again as markfresh_chat() was called.
+                // BccSelf MDN messages in the next branch may be sent twice for syncing.
+                context
+                    .sql
+                    .execute(
+                        "UPDATE msgs SET param=? WHERE id=?",
+                        (curr_param.clone().remove(Param::WantsMdn).to_string(), id),
+                    )
+                    .await
+                    .context("failed to clear WantsMdn")?;
+                Some(curr_from_id)
+            } else if context.get_config_bool(Config::BccSelf).await? {
+                Some(ContactId::SELF)
+            } else {
+                None
+            };
+            if let Some(to_id) = to_id {
+                context
+                    .sql
+                    .execute(
+                        "INSERT INTO smtp_mdns (msg_id, from_id, rfc724_mid) VALUES(?, ?, ?)",
+                        (id, to_id, curr_rfc724_mid),
+                    )
+                    .await
+                    .context("failed to insert into smtp_mdns")?;
+                context.scheduler.interrupt_smtp().await;
+            }

-        if !curr_hidden {
-            updated_chat_ids.insert(curr_chat_id);
+            if !curr_hidden {
+                updated_chat_ids.insert(curr_chat_id);
+            }
        }
        archived_chats_maybe_noticed |= curr_state == MessageState::InFresh
            && !curr_hidden
@@ -2132,7 +2117,6 @@ pub async fn get_request_msg_cnt(context: &Context) -> usize {
 /// Count messages older than the given number of `seconds`.
 ///
 /// Returns the number of messages that are older than the given number of seconds.
-/// This includes e-mails downloaded due to the `show_emails` option.
 /// Messages in the "saved messages" folder are not counted as they will not be deleted automatically.
 #[expect(clippy::arithmetic_side_effects)]
 pub async fn estimate_deletion_cnt(
@@ -2331,8 +2315,6 @@ pub enum Viewtype {
    Gif = 21,

    /// Message containing a sticker, similar to image.
-    /// NB: When sending, the message viewtype may be changed to `Image` by some heuristics like
-    /// checking for transparent pixels. Use `Message::force_sticker()` to disable them.
    ///
    /// If possible, the ui should display the image without borders in a transparent way.
    /// A click on a sticker will offer to install the sticker set in some future.
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -194,6 +194,7 @@ fn new_address_with_name(name: &str, address: String) -> Address<'static> {
 }

 impl MimeFactory {
+    /// Returns `MimeFactory` for rendering `msg`.
    #[expect(clippy::arithmetic_side_effects)]
    pub async fn from_msg(context: &Context, msg: Message) -> Result<MimeFactory> {
        let now = time();
@@ -232,11 +233,7 @@ impl MimeFactory {
        if chat.is_self_talk() {
            to.push((from_displayname.to_string(), from_addr.to_string()));

-            encryption_pubkeys = if msg.param.get_bool(Param::ForcePlaintext).unwrap_or(false) {
-                None
-            } else {
-                Some(Vec::new())
-            };
+            encryption_pubkeys = Some(Vec::new());
        } else if chat.is_mailing_list() {
            let list_post = chat
                .param
@@ -467,18 +464,21 @@ impl MimeFactory {
                .into_iter()
                .filter(|id| *id != ContactId::SELF)
                .collect();
-            if recipient_ids.len() == 1
-                && !matches!(
-                    msg.param.get_cmd(),
-                    SystemMessage::MemberRemovedFromGroup | SystemMessage::SecurejoinMessage
-                )
-                && !matches!(chat.typ, Chattype::OutBroadcast | Chattype::InBroadcast)
+            if !matches!(
+                msg.param.get_cmd(),
+                SystemMessage::MemberRemovedFromGroup | SystemMessage::SecurejoinMessage
+            ) && !matches!(chat.typ, Chattype::OutBroadcast | Chattype::InBroadcast)
            {
+                let origin = match recipient_ids.len() {
+                    1 => Origin::OutgoingTo,
+                    // Use the same origin as ChatId::accept_ex() does for groups.
+                    _ => Origin::IncomingTo,
+                };
                info!(
                    context,
-                    "Scale up origin of {} recipients to OutgoingTo.", chat.id
+                    "Scale up origin of {} recipients to {origin:?}.", chat.id
                );
-                ContactId::scaleup_origin(context, &recipient_ids, Origin::OutgoingTo).await?;
+                ContactId::scaleup_origin(context, &recipient_ids, origin).await?;
            }

            if !msg.is_system_message()
@@ -1227,53 +1227,18 @@ impl MimeFactory {
                    message.header(header, value)
                });
            let message = MimePart::new("multipart/mixed", vec![message]);
-            let mut message = protected_headers
+            let message = protected_headers
                .iter()
                .fold(message, |message, (header, value)| {
                    message.header(*header, value.clone())
                });

-            if skip_autocrypt || !context.get_config_bool(Config::SignUnencrypted).await? {
-                // Deduplicate unprotected headers that also are in the protected headers:
-                let protected: HashSet<&str> =
-                    HashSet::from_iter(protected_headers.iter().map(|(header, _value)| *header));
-                unprotected_headers.retain(|(header, _value)| !protected.contains(header));
+            // Deduplicate unprotected headers that also are in the protected headers:
+            let protected: HashSet<&str> =
+                HashSet::from_iter(protected_headers.iter().map(|(header, _value)| *header));
+            unprotected_headers.retain(|(header, _value)| !protected.contains(header));

-                message
-            } else {
-                for (h, v) in &mut message.headers {
-                    if h == "Content-Type"
-                        && let mail_builder::headers::HeaderType::ContentType(ct) = v
-                    {
-                        let mut ct_new = ct.clone();
-                        ct_new = ct_new.attribute("protected-headers", "v1");
-                        if use_std_header_protection {
-                            ct_new = ct_new.attribute("hp", "clear");
-                        }
-                        *ct = ct_new;
-                        break;
-                    }
-                }
-
-                let signature = encrypt_helper.sign(context, &message).await?;
-                MimePart::new(
-                    "multipart/signed; protocol=\"application/pgp-signature\"; protected",
-                    vec![
-                        message,
-                        MimePart::new(
-                            "application/pgp-signature; name=\"signature.asc\"",
-                            signature,
-                        )
-                        .header(
-                            "Content-Description",
-                            mail_builder::headers::raw::Raw::<'static>::new(
-                                "OpenPGP digital signature",
-                            ),
-                        )
-                        .attachment("signature"),
-                    ],
-                )
-            }
+            message
        };

        let MimeFactory {
@@ -1395,10 +1360,7 @@ impl MimeFactory {
            }
        }

-        if chat.typ == Chattype::Group
-            || chat.typ == Chattype::OutBroadcast
-            || chat.typ == Chattype::InBroadcast
-        {
+        if chat.typ == Chattype::Group || chat.typ == Chattype::OutBroadcast {
            headers.push((
                "Chat-Group-Name",
                mail_builder::headers::text::Text::new(chat.name.to_string()).into(),
@@ -1409,7 +1371,11 @@ impl MimeFactory {
                    mail_builder::headers::text::Text::new(ts.to_string()).into(),
                ));
            }
-
+        }
+        if chat.typ == Chattype::Group
+            || chat.typ == Chattype::OutBroadcast
+            || chat.typ == Chattype::InBroadcast
+        {
            match command {
                SystemMessage::MemberRemovedFromGroup => {
                    let email_to_remove = msg.param.get(Param::Arg).unwrap_or_default();
@@ -1828,7 +1794,7 @@ impl MimeFactory {
            parts.push(msg_kml_part);
        }

-        if location::is_sending_locations_to_chat(context, Some(msg.chat_id)).await?
+        if location::is_sending_to_chat(context, msg.chat_id).await?
            && let Some(part) = self.get_location_kml_part(context).await?
        {
            parts.push(part);
@@ -1888,7 +1854,6 @@ impl MimeFactory {
    }

    /// Render an MDN
-    #[expect(clippy::arithmetic_side_effects)]
    fn render_mdn(&mut self) -> Result<MimePart<'static>> {
        // RFC 6522, this also requires the `report-type` parameter which is equal
        // to the MIME subtype of the second body part of the multipart/report
@@ -2192,10 +2157,6 @@ fn group_headers_by_confidentiality(
                }
            }
        } else {
-            // Copy the header to the protected headers
-            // in case of signed-only message.
-            // If the message is not signed, this value will not be used.
-            protected_headers.push(header.clone());
            unprotected_headers.push(header.clone())
        }
    }
@@ -2227,18 +2188,18 @@ fn should_encrypt_symmetrically(msg: &Message, chat: &Chat) -> bool {
 /// rather than all recipients.
 /// This function returns the fingerprint of the recipient the message should be sent to.
 fn must_have_only_one_recipient<'a>(msg: &'a Message, chat: &Chat) -> Option<Result<&'a str>> {
-    if chat.typ == Chattype::OutBroadcast
-        && matches!(
-            msg.param.get_cmd(),
-            SystemMessage::MemberRemovedFromGroup | SystemMessage::MemberAddedToGroup
-        )
-    {
-        let Some(fp) = msg.param.get(Param::Arg4) else {
-            return Some(Err(format_err!("Missing removed/added member")));
-        };
-        return Some(Ok(fp));
+    if chat.typ != Chattype::OutBroadcast {
+        None
+    } else if let Some(fp) = msg.param.get(Param::Arg4) {
+        Some(Ok(fp))
+    } else if matches!(
+        msg.param.get_cmd(),
+        SystemMessage::MemberRemovedFromGroup | SystemMessage::MemberAddedToGroup
+    ) {
+        Some(Err(format_err!("Missing removed/added member")))
+    } else {
+        None
    }
-    None
 }

 async fn build_body_file(context: &Context, msg: &Message) -> Result<MimePart<'static>> {
--- a/src/mimefactory/mimefactory_tests.rs
+++ b/src/mimefactory/mimefactory_tests.rs
@@ -506,11 +506,6 @@ async fn msg_to_subject_str_inner(

 // Creates a `Message` that replies "Hi" to the incoming email in `imf_raw`.
 async fn incoming_msg_to_reply_msg(imf_raw: &[u8], context: &Context) -> Message {
-    context
-        .set_config(Config::ShowEmails, Some("2"))
-        .await
-        .unwrap();
-
    receive_imf(context, imf_raw, false).await.unwrap();

    let chats = Chatlist::try_load(context, 0, None, None).await.unwrap();
@@ -606,70 +601,6 @@ async fn test_selfavatar_unencrypted() -> anyhow::Result<()> {
    Ok(())
 }

-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_selfavatar_unencrypted_signed() {
-    // create chat with bob, set selfavatar
-    let t = TestContext::new_alice().await;
-    t.set_config(Config::SignUnencrypted, Some("1"))
-        .await
-        .unwrap();
-    let chat = t.create_chat_with_contact("bob", "bob@example.org").await;
-
-    let file = t.dir.path().join("avatar.png");
-    let bytes = include_bytes!("../../test-data/image/avatar64x64.png");
-    tokio::fs::write(&file, bytes).await.unwrap();
-    t.set_config(Config::Selfavatar, Some(file.to_str().unwrap()))
-        .await
-        .unwrap();
-
-    // send message to bob: that should get multipart/signed.
-    // `Subject:` is protected by copying it.
-    // make sure, `Subject:` stays in the outer header (imf header)
-    let mut msg = Message::new_text("this is the text!".to_string());
-
-    let sent_msg = t.send_msg(chat.id, &mut msg).await;
-    let mut payload = sent_msg.payload().splitn(4, "\r\n\r\n");
-
-    let part = payload.next().unwrap();
-    assert_eq!(part.match_indices("multipart/signed").count(), 1);
-    assert_eq!(part.match_indices("From:").count(), 1);
-    assert_eq!(part.match_indices("Message-ID:").count(), 1);
-    assert_eq!(part.match_indices("Subject:").count(), 1);
-    assert_eq!(part.match_indices("Autocrypt:").count(), 1);
-    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
-
-    let part = payload.next().unwrap();
-    assert_eq!(
-        part.match_indices("multipart/mixed; protected-headers=\"v1\"")
-            .count(),
-        1
-    );
-    assert_eq!(part.match_indices("From:").count(), 1);
-    assert_eq!(part.match_indices("Message-ID:").count(), 0);
-    assert_eq!(part.match_indices("Subject:").count(), 1);
-    assert_eq!(part.match_indices("Autocrypt:").count(), 1);
-    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
-
-    let part = payload.next().unwrap();
-    assert_eq!(part.match_indices("text/plain").count(), 1);
-    assert_eq!(part.match_indices("From:").count(), 0);
-    assert_eq!(part.match_indices("Message-ID:").count(), 1);
-    assert_eq!(part.match_indices("Chat-User-Avatar:").count(), 0);
-    assert_eq!(part.match_indices("Subject:").count(), 0);
-
-    let body = payload.next().unwrap();
-    assert_eq!(body.match_indices("this is the text!").count(), 1);
-
-    let bob = TestContext::new_bob().await;
-    bob.recv_msg(&sent_msg).await;
-    let alice_id = Contact::lookup_id_by_addr(&bob.ctx, "alice@example.org", Origin::Unknown)
-        .await
-        .unwrap()
-        .unwrap();
-    let alice_contact = Contact::get_by_id(&bob.ctx, alice_id).await.unwrap();
-    assert_eq!(alice_contact.is_key_contact(), false);
-}
-
 /// Test that removed member address does not go into the `To:` field.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_remove_member_bcc() -> Result<()> {
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -14,9 +14,8 @@ use mailparse::{DispositionType, MailHeader, MailHeaderMap, SingleInfo, addrpars
 use mime::Mime;

 use crate::aheader::Aheader;
-use crate::authres::handle_authres;
 use crate::blob::BlobObject;
-use crate::chat::ChatId;
+use crate::chat::{Chat, ChatId};
 use crate::config::Config;
 use crate::constants;
 use crate::contact::{ContactId, import_public_key};
@@ -86,7 +85,9 @@ pub(crate) struct MimeMessage {
    /// messages to this address to post them to the list.
    pub list_post: Option<String>,
    pub chat_disposition_notification_to: Option<SingleInfo>,
-    pub decrypting_failed: bool,
+
+    /// Decryption error if decryption of the message has failed.
+    pub decryption_error: Option<String>,

    /// Valid signature fingerprint if a message is an
    /// Autocrypt encrypted and signed message and corresponding intended recipient fingerprints
@@ -267,14 +268,13 @@ impl MimeMessage {
    ///
    /// This method has some side-effects,
    /// such as saving blobs and saving found public keys to the database.
-    #[expect(clippy::arithmetic_side_effects)]
    pub(crate) async fn from_bytes(context: &Context, body: &[u8]) -> Result<Self> {
        let mail = mailparse::parse_mail(body)?;

        let timestamp_rcvd = smeared_time(context);
        let mut timestamp_sent =
            Self::get_timestamp_sent(&mail.headers, timestamp_rcvd, timestamp_rcvd);
-        let mut hop_info = parse_receive_headers(&mail.get_headers());
+        let hop_info = parse_receive_headers(&mail.get_headers());

        let mut headers = Default::default();
        let mut headers_removed = HashSet::<String>::new();
@@ -304,37 +304,9 @@ impl MimeMessage {

        // Parse hidden headers.
        let mimetype = mail.ctype.mimetype.parse::<Mime>()?;
-        let (part, mimetype) =
-            if mimetype.type_() == mime::MULTIPART && mimetype.subtype().as_str() == "signed" {
-                if let Some(part) = mail.subparts.first() {
-                    // We don't remove "subject" from `headers` because currently just signed
-                    // messages are shown as unencrypted anyway.
-
-                    timestamp_sent =
-                        Self::get_timestamp_sent(&part.headers, timestamp_sent, timestamp_rcvd);
-                    MimeMessage::merge_headers(
-                        context,
-                        &mut headers,
-                        &mut headers_removed,
-                        &mut recipients,
-                        &mut past_members,
-                        &mut from,
-                        &mut list_post,
-                        &mut chat_disposition_notification_to,
-                        part,
-                    );
-                    (part, part.ctype.mimetype.parse::<Mime>()?)
-                } else {
-                    // Not a valid signed message, handle it as plaintext.
-                    (&mail, mimetype)
-                }
-            } else {
-                // Currently we do not sign unencrypted messages by default.
-                (&mail, mimetype)
-            };
        if mimetype.type_() == mime::MULTIPART
            && mimetype.subtype().as_str() == "mixed"
-            && let Some(part) = part.subparts.first()
+            && let Some(part) = mail.subparts.first()
        {
            for field in &part.headers {
                let key = field.get_key().to_lowercase();
@@ -358,20 +330,15 @@ impl MimeMessage {
            );
        }

-        // Remove headers that are allowed _only_ in the encrypted+signed part. It's ok to leave
-        // them in signed-only emails, but has no value currently.
+        // Remove headers that are allowed _only_ in the encrypted+signed part
        let encrypted = false;
        Self::remove_secured_headers(&mut headers, &mut headers_removed, encrypted);

        let mut from = from.context("No from in message")?;

-        let dkim_results = handle_authres(context, &mail, &from.addr).await?;
-
        let mut gossiped_keys = Default::default();
-        hop_info += "\n\n";
-        hop_info += &dkim_results.to_string();

-        let incoming = !context.is_self_addr(&from.addr).await?;
+        let from_is_not_self_addr = !context.is_self_addr(&from.addr).await?;

        let mut aheader_values = mail.headers.get_all_values(HeaderDef::Autocrypt.into());

@@ -436,7 +403,7 @@ impl MimeMessage {
        };

        let mut autocrypt_header = None;
-        if incoming {
+        if from_is_not_self_addr {
            // See `get_all_addresses_from_header()` for why we take the last valid header.
            for val in aheader_values.iter().rev() {
                autocrypt_header = match Aheader::from_str(val) {
@@ -467,7 +434,7 @@ impl MimeMessage {
            None
        };

-        let mut public_keyring = if incoming {
+        let mut public_keyring = if from_is_not_self_addr {
            if let Some(autocrypt_header) = autocrypt_header {
                vec![autocrypt_header.public_key]
            } else {
@@ -652,6 +619,15 @@ impl MimeMessage {
            .into_iter()
            .last()
            .map(|(fp, recipient_fps)| (fp, recipient_fps.into_iter().collect::<HashSet<_>>()));
+
+        let incoming = if let Some((ref sig_fp, _)) = signature {
+            sig_fp.hex() != key::self_fingerprint(context).await?
+        } else {
+            // rare case of getting a cleartext message
+            // so we determine 'incoming' flag by From-address
+            from_is_not_self_addr
+        };
+
        let mut parser = MimeMessage {
            parts: Vec::new(),
            headers,
@@ -664,7 +640,7 @@ impl MimeMessage {
            from,
            incoming,
            chat_disposition_notification_to,
-            decrypting_failed: mail.is_err(),
+            decryption_error: mail.err().map(|err| format!("{err:#}")),

            // only non-empty if it was a valid autocrypt message
            signature,
@@ -905,7 +881,7 @@ impl MimeMessage {
            && let Some(ref subject) = self.get_subject()
        {
            let mut prepend_subject = true;
-            if !self.decrypting_failed {
+            if self.decryption_error.is_none() {
                let colon = subject.find(':');
                if colon == Some(2)
                    || colon == Some(3)
@@ -946,7 +922,7 @@ impl MimeMessage {
        self.parse_attachments();

        // See if an MDN is requested from the other side
-        if !self.decrypting_failed
+        if self.decryption_error.is_none()
            && !self.parts.is_empty()
            && let Some(ref dn_to) = self.chat_disposition_notification_to
        {
@@ -1078,7 +1054,7 @@ impl MimeMessage {
    #[cfg(test)]
    /// Returns whether the decrypted data contains the given `&str`.
    pub(crate) fn decoded_data_contains(&self, s: &str) -> bool {
-        assert!(!self.decrypting_failed);
+        assert!(self.decryption_error.is_none());
        let decoded_str = str::from_utf8(&self.decoded_data).unwrap();
        decoded_str.contains(s)
    }
@@ -2122,7 +2098,7 @@ async fn parse_gossip_headers(
    let mut gossiped_keys: BTreeMap<String, GossipedKey> = Default::default();

    for value in &gossip_headers {
-        let header = match value.parse::<Aheader>() {
+        let header = match Aheader::from_str(value) {
            Ok(header) => header,
            Err(err) => {
                warn!(context, "Failed parsing Autocrypt-Gossip header: {}", err);
@@ -2212,9 +2188,6 @@ pub(crate) fn parse_message_id(ids: &str) -> Result<String> {
 /// Returns whether the outer header value must be ignored if the message contains a signed (and
 /// optionally encrypted) part. This is independent from the modern Header Protection defined in
 /// <https://www.rfc-editor.org/rfc/rfc9788.html>.
-///
-/// NB: There are known cases when Subject and List-ID only appear in the outer headers of
-/// signed-only messages. Such messages are shown as unencrypted anyway.
 fn is_protected(key: &str) -> bool {
    key.starts_with("chat-")
        || matches!(
@@ -2572,6 +2545,10 @@ async fn handle_ndn(

    for msg_id in msg_ids {
        let mut message = Message::load_from_db(context, msg_id).await?;
+        let chat = Chat::load_from_db(context, message.chat_id).await?;
+        if chat.typ == constants::Chattype::OutBroadcast {
+            continue;
+        }
        let aggregated_error = message
            .error
            .as_ref()
--- a/src/mimeparser/mimeparser_tests.rs
+++ b/src/mimeparser/mimeparser_tests.rs
@@ -7,6 +7,7 @@ use crate::{
    chat,
    chatlist::Chatlist,
    constants::{self, Blocked, DC_DESIRED_TEXT_LEN, DC_ELLIPSIS},
+    contact::Contact,
    key,
    message::{MessageState, MessengerMessage},
    receive_imf::receive_imf,
@@ -2041,32 +2042,24 @@ async fn test_multiple_autocrypt_hdrs() -> Result<()> {
    Ok(())
 }

-/// Tests that timestamp of signed but not encrypted message is protected.
+/// Tests receiving a simple signed-unencrypted message
+/// that was generated by an old version of Core that supported sending such messages.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_protected_date() -> Result<()> {
+async fn test_receive_signed_only() -> Result<()> {
    let mut tcm = TestContextManager::new();
-    let alice = &tcm.alice().await;
    let bob = &tcm.bob().await;

-    alice.set_config(Config::SignUnencrypted, Some("1")).await?;
+    let imf_raw = include_bytes!("../../test-data/message/unencrypted_signed_simple.eml");
+    let msg = receive_imf(bob, imf_raw, false).await?.unwrap();
+    assert_eq!(msg.msg_ids.len(), 1);
+    let msg = Message::load_from_db(bob, msg.msg_ids[0]).await?;
+    assert_eq!(msg.get_text(), "Hello!");
+    assert_eq!(msg.viewtype, Viewtype::Text);
+    assert_eq!(msg.get_timestamp(), 1615987853);

-    let alice_chat = alice.create_email_chat(bob).await;
-    let alice_msg_id = chat::send_text_msg(alice, alice_chat.id, "Hello!".to_string()).await?;
-    let alice_msg = Message::load_from_db(alice, alice_msg_id).await?;
-    assert_eq!(alice_msg.get_showpadlock(), false);
+    let alice_contact = Contact::get_by_id(bob, msg.from_id).await.unwrap();
+    assert_eq!(alice_contact.is_key_contact(), false);

-    let mut sent_msg = alice.pop_sent_msg().await;
-    sent_msg.payload = sent_msg.payload.replacen(
-        "Date:",
-        "Date: Wed, 17 Mar 2021 14:30:53 +0100 (CET)\r\nX-Not-Date:",
-        1,
-    );
-    let bob_msg = bob.recv_msg(&sent_msg).await;
-    assert_eq!(alice_msg.get_text(), bob_msg.get_text());
-
-    // Timestamp that the sender has put into the message
-    // should always be displayed as is on the receiver.
-    assert_eq!(alice_msg.get_timestamp(), bob_msg.get_timestamp());
    Ok(())
 }

--- a/src/net.rs
+++ b/src/net.rs
@@ -12,7 +12,7 @@ use tokio_io_timeout::TimeoutStream;

 use crate::context::Context;
 use crate::net::session::SessionStream;
-use crate::net::tls::TlsSessionStore;
+use crate::net::tls::{SpkiHashStore, TlsSessionStore};
 use crate::sql::Sql;
 use crate::tools::time;

@@ -130,6 +130,8 @@ pub(crate) async fn connect_tls_inner(
    strict_tls: bool,
    alpn: &str,
    tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'static> {
    let use_sni = true;
    let tcp_stream = connect_tcp_inner(addr).await?;
@@ -141,6 +143,8 @@ pub(crate) async fn connect_tls_inner(
        alpn,
        tcp_stream,
        tls_session_store,
+        spki_hash_store,
+        sql,
    )
    .await?;
    Ok(tls_stream)
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -87,6 +87,8 @@ where
                    "",
                    proxy_stream,
                    &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                )
                .await?;
                Box::new(tls_stream)
@@ -99,6 +101,8 @@ where
                    "",
                    tcp_stream,
                    &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                )
                .await?;
                Box::new(tls_stream)
--- a/src/net/proxy.rs
+++ b/src/net/proxy.rs
@@ -19,7 +19,6 @@ use tokio_io_timeout::TimeoutStream;
 use url::Url;

 use crate::config::Config;
-use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::net::connect_tcp;
 use crate::net::session::SessionStream;
@@ -93,13 +92,12 @@ impl HttpConfig {
    }

    fn to_url(&self, scheme: &str) -> String {
-        let host = utf8_percent_encode(&self.host, NON_ALPHANUMERIC_WITHOUT_DOT);
        if let Some((user, password)) = &self.user_password {
            let user = utf8_percent_encode(user, NON_ALPHANUMERIC);
            let password = utf8_percent_encode(password, NON_ALPHANUMERIC);
-            format!("{scheme}://{user}:{password}@{host}:{}", self.port)
+            format!("{scheme}://{user}:{password}@{}:{}", self.host, self.port)
        } else {
-            format!("{scheme}://{host}:{}", self.port)
+            format!("{scheme}://{}:{}", self.host, self.port)
        }
    }
 }
@@ -143,13 +141,12 @@ impl Socks5Config {
    }

    fn to_url(&self) -> String {
-        let host = utf8_percent_encode(&self.host, NON_ALPHANUMERIC_WITHOUT_DOT);
        if let Some((user, password)) = &self.user_password {
            let user = utf8_percent_encode(user, NON_ALPHANUMERIC);
            let password = utf8_percent_encode(password, NON_ALPHANUMERIC);
-            format!("socks5://{user}:{password}@{host}:{}", self.port)
+            format!("socks5://{user}:{password}@{}:{}", self.host, self.port)
        } else {
-            format!("socks5://{host}:{}", self.port)
+            format!("socks5://{}:{}", self.host, self.port)
        }
    }
 }
@@ -174,7 +171,6 @@ pub enum ProxyConfig {
 }

 /// Constructs HTTP/1.1 `CONNECT` request for HTTP(S) proxy.
-#[expect(clippy::arithmetic_side_effects)]
 fn http_connect_request(host: &str, port: u16, auth: Option<(&str, &str)>) -> String {
    // According to <https://datatracker.ietf.org/doc/html/rfc7230#section-5.4>
    // clients MUST send `Host:` header in HTTP/1.1 requests,
@@ -323,7 +319,6 @@ impl ProxyConfig {
    /// config into `proxy_url` if `proxy_url` is unset or empty.
    ///
    /// Unsets `socks5_host`, `socks5_port`, `socks5_user` and `socks5_password` in any case.
-    #[expect(clippy::arithmetic_side_effects)]
    async fn migrate_socks_config(sql: &Sql) -> Result<()> {
        if sql.get_raw_config("proxy_url").await?.is_none() {
            // Load legacy SOCKS5 settings.
@@ -439,6 +434,8 @@ impl ProxyConfig {
                    "",
                    tcp_stream,
                    &context.tls_session_store,
+                    &context.spki_hash_store,
+                    &context.sql,
                )
                .await?;
                let auth = if let Some((username, password)) = &https_config.user_password {
@@ -565,6 +562,20 @@ mod tests {
                user_password: None
            })
        );
+
+        let proxy_config = ProxyConfig::from_url("socks5://my-proxy.example.org").unwrap();
+        assert_eq!(
+            proxy_config,
+            ProxyConfig::Socks5(Socks5Config {
+                host: "my-proxy.example.org".to_string(),
+                port: 1080,
+                user_password: None
+            })
+        );
+        assert_eq!(
+            proxy_config.to_url(),
+            "socks5://my-proxy.example.org:1080".to_string()
+        );
    }

    #[test]
@@ -598,6 +609,20 @@ mod tests {
                user_password: None
            })
        );
+
+        let proxy_config = ProxyConfig::from_url("http://my-proxy.example.org").unwrap();
+        assert_eq!(
+            proxy_config,
+            ProxyConfig::Http(HttpConfig {
+                host: "my-proxy.example.org".to_string(),
+                port: 80,
+                user_password: None
+            })
+        );
+        assert_eq!(
+            proxy_config.to_url(),
+            "http://my-proxy.example.org:80".to_string()
+        );
    }

    #[test]
@@ -631,6 +656,20 @@ mod tests {
                user_password: None
            })
        );
+
+        let proxy_config = ProxyConfig::from_url("https://my-proxy.example.org").unwrap();
+        assert_eq!(
+            proxy_config,
+            ProxyConfig::Https(HttpConfig {
+                host: "my-proxy.example.org".to_string(),
+                port: 443,
+                user_password: None
+            })
+        );
+        assert_eq!(
+            proxy_config.to_url(),
+            "https://my-proxy.example.org:443".to_string()
+        );
    }

    #[test]
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -6,13 +6,20 @@ use std::sync::Arc;
 use anyhow::Result;

 use crate::net::session::SessionStream;
+use crate::sql::Sql;
+use crate::tools::time;

 use tokio_rustls::rustls;
 use tokio_rustls::rustls::client::ClientSessionStore;
+use tokio_rustls::rustls::server::ParsedCertificate;

 mod danger;
-use danger::NoCertificateVerification;
+use danger::CustomCertificateVerifier;

+mod spki;
+pub use spki::SpkiHashStore;
+
+#[expect(clippy::too_many_arguments)]
 pub async fn wrap_tls<'a>(
    strict_tls: bool,
    hostname: &str,
@@ -21,10 +28,21 @@ pub async fn wrap_tls<'a>(
    alpn: &str,
    stream: impl SessionStream + 'static,
    tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'a> {
    if strict_tls {
-        let tls_stream =
-            wrap_rustls(hostname, port, use_sni, alpn, stream, tls_session_store).await?;
+        let tls_stream = wrap_rustls(
+            hostname,
+            port,
+            use_sni,
+            alpn,
+            stream,
+            tls_session_store,
+            spki_hash_store,
+            sql,
+        )
+        .await?;
        let boxed_stream: Box<dyn SessionStream> = Box::new(tls_stream);
        Ok(boxed_stream)
    } else {
@@ -94,6 +112,7 @@ impl TlsSessionStore {
    }
 }

+#[expect(clippy::too_many_arguments)]
 pub async fn wrap_rustls<'a>(
    hostname: &str,
    port: u16,
@@ -101,9 +120,11 @@ pub async fn wrap_rustls<'a>(
    alpn: &str,
    stream: impl SessionStream + 'a,
    tls_session_store: &TlsSessionStore,
+    spki_hash_store: &SpkiHashStore,
+    sql: &Sql,
 ) -> Result<impl SessionStream + 'a> {
-    let mut root_cert_store = rustls::RootCertStore::empty();
-    root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+    let root_cert_store =
+        rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());

    let mut config = rustls::ClientConfig::builder()
        .with_root_certificates(root_cert_store)
@@ -127,20 +148,28 @@ pub async fn wrap_rustls<'a>(
    config.resumption = resumption;
    config.enable_sni = use_sni;

-    // Do not verify certificates for hostnames starting with `_`.
-    // They are used for servers with self-signed certificates, e.g. for local testing.
-    // Hostnames starting with `_` can have only self-signed TLS certificates or wildcard certificates.
-    // It is not possible to get valid non-wildcard TLS certificates because CA/Browser Forum requirements
-    // explicitly state that domains should start with a letter, digit or hyphen:
-    // https://github.com/cabforum/servercert/blob/24f38fd4765e019db8bb1a8c56bf63c7115ce0b0/docs/BR.md
-    if hostname.starts_with("_") {
-        config
-            .dangerous()
-            .set_certificate_verifier(Arc::new(NoCertificateVerification::new()));
-    }
+    config
+        .dangerous()
+        .set_certificate_verifier(Arc::new(CustomCertificateVerifier::new(
+            spki_hash_store.get_spki_hash(hostname, sql).await?,
+        )));

    let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
    let name = tokio_rustls::rustls::pki_types::ServerName::try_from(hostname)?.to_owned();
    let tls_stream = tls.connect(name, stream).await?;
+
+    // Successfully connected.
+    // Remember SPKI hash to accept it later if certificate expires.
+    let (_io, client_connection) = tls_stream.get_ref();
+    if let Some(end_entity) = client_connection
+        .peer_certificates()
+        .and_then(|certs| certs.first())
+    {
+        let now = time();
+        let parsed_certificate = ParsedCertificate::try_from(end_entity)?;
+        let spki = parsed_certificate.subject_public_key_info();
+        spki_hash_store.save_spki(hostname, &spki, sql, now).await?;
+    }
+
    Ok(tls_stream)
 }
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 -03-24
 -04-13