chore(release): prepare for 2.30.0

ci: use "trusted publishing" for NPM packages
See the documentation at <https://docs.npmjs.com/trusted-publishers>. I have removed the token that was used since <https://github.com/chatmail/core/pull/5575>, created two new GitHub deployment environments and configured trusted publishing for two packages (see the environment URLs) on https://www.npmjs.com/
2026-04-02 05:22:14 +03:00 · 2025-12-04 17:01:28 +00:00 · 2025-12-04 15:40:28 +00:00 · 2025-12-04 15:37:33 +00:00 · 2025-12-04 14:40:36 +00:00 · 2025-12-04 14:40:36 +00:00
202 changed files with 13048 additions and 7559 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,17 +20,18 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.90.0
+  RUST_VERSION: 1.91.0

  # Minimum Supported Rust Version
-  MSRV: 1.85.0
+  MSRV: 1.88.0

 jobs:
  lint_rust:
    name: Lint Rust
    runs-on: ubuntu-latest
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -52,8 +53,9 @@ jobs:
  cargo_deny:
    name: cargo deny
    runs-on: ubuntu-latest
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -66,8 +68,9 @@ jobs:
  provider_database:
    name: Check provider database
    runs-on: ubuntu-latest
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -79,10 +82,11 @@ jobs:
  docs:
    name: Rust doc comments
    runs-on: ubuntu-latest
+    timeout-minutes: 60
    env:
      RUSTDOCFLAGS: -Dwarnings
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -107,6 +111,7 @@ jobs:
          - os: ubuntu-latest
            rust: minimum
    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
    steps:
      - run:
          echo "RUSTUP_TOOLCHAIN=$MSRV" >> $GITHUB_ENV
@@ -117,7 +122,7 @@ jobs:
        shell: bash
        if: matrix.rust == 'latest'

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -155,8 +160,9 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -168,7 +174,7 @@ jobs:
        run: cargo build -p deltachat_ffi

      - name: Upload C library
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug/libdeltachat.a
@@ -180,8 +186,9 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -193,7 +200,7 @@ jobs:
        run: cargo build -p deltachat-rpc-server

      - name: Upload deltachat-rpc-server
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: ${{ matrix.os == 'windows-latest' && 'target/debug/deltachat-rpc-server.exe' || 'target/debug/deltachat-rpc-server' }}
@@ -202,8 +209,9 @@ jobs:
  python_lint:
    name: Python lint
    runs-on: ubuntu-latest
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -219,6 +227,38 @@ jobs:
        working-directory: deltachat-rpc-client
        run: tox -e lint

+  # mypy does not work with PyPy since mypy 1.19
+  # as it introduced native `librt` dependency
+  # that uses CPython internals.
+  # We only run mypy with CPython because of this.
+  cffi_python_mypy:
+    name: CFFI Python mypy
+    needs: ["c_library", "python_lint"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+
+      - name: Download libdeltachat.a
+        uses: actions/download-artifact@v6
+        with:
+          name: ubuntu-latest-libdeltachat.a
+          path: target/debug
+
+      - name: Install tox
+        run: pip install tox
+
+      - name: Run mypy
+        env:
+          DCC_RS_TARGET: debug
+          DCC_RS_DEV: ${{ github.workspace }}
+        working-directory: python
+        run: tox -e mypy
+
+
  cffi_python_tests:
    name: CFFI Python tests
    needs: ["c_library", "python_lint"]
@@ -238,21 +278,22 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.8
+          # Minimum Supported Python Version = 3.10
          # This is the minimum version for which manylinux Python wheels are
          # built. Test it with minimum supported Rust version.
          - os: ubuntu-latest
-            python: 3.8
+            python: "3.10"

    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false

      - name: Download libdeltachat.a
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug
@@ -271,7 +312,7 @@ jobs:
          DCC_RS_TARGET: debug
          DCC_RS_DEV: ${{ github.workspace }}
        working-directory: python
-        run: tox -e mypy,doc,py
+        run: tox -e doc,py

  rpc_python_tests:
    name: JSON-RPC Python tests
@@ -293,13 +334,14 @@ jobs:
          - os: macos-latest
            python: pypy3.10

-          # Minimum Supported Python Version = 3.8
+          # Minimum Supported Python Version = 3.10
          - os: ubuntu-latest
-            python: 3.8
+            python: "3.10"

    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -313,7 +355,7 @@ jobs:
        run: pip install tox

      - name: Download deltachat-rpc-server
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: target/debug
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -30,22 +30,46 @@ jobs:
        arch: [aarch64, armv7l, armv6l, i686, x86_64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux

      - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-linux
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

+  build_linux_wheel:
+    name: Linux wheel
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [aarch64, armv7l, armv6l, i686, x86_64]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+
+      - name: Build deltachat-rpc-server wheels
+        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
+
+      - name: Upload wheel
+        uses: actions/upload-artifact@v5
+        with:
+          name: deltachat-rpc-server-${{ matrix.arch }}-linux-wheel
+          path: result/*.whl
+          if-no-files-found: error
+
  build_windows:
    name: Windows
    strategy:
@@ -54,22 +78,46 @@ jobs:
        arch: [win32, win64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}

      - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}
          path: result/bin/deltachat-rpc-server.exe
          if-no-files-found: error

+  build_windows_wheel:
+    name: Windows wheel
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [win32, win64]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+
+      - name: Build deltachat-rpc-server wheels
+        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-wheel
+
+      - name: Upload wheel
+        uses: actions/upload-artifact@v5
+        with:
+          name: deltachat-rpc-server-${{ matrix.arch }}-wheel
+          path: result/*.whl
+          if-no-files-found: error
+
  build_macos:
    name: macOS
    strategy:
@@ -79,7 +127,7 @@ jobs:

    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -91,7 +139,7 @@ jobs:
        run: cargo build --release --package deltachat-rpc-server --target ${{ matrix.arch }}-apple-darwin --features vendored

      - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-macos
          path: target/${{ matrix.arch }}-apple-darwin/release/deltachat-rpc-server
@@ -105,25 +153,49 @@ jobs:
        arch: [arm64-v8a, armeabi-v7a]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31

      - name: Build deltachat-rpc-server binaries
        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android

      - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-${{ matrix.arch }}-android
          path: result/bin/deltachat-rpc-server
          if-no-files-found: error

+  build_android_wheel:
+    name: Android wheel
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [arm64-v8a, armeabi-v7a]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          show-progress: false
+          persist-credentials: false
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
+
+      - name: Build deltachat-rpc-server wheels
+        run: nix build .#deltachat-rpc-server-${{ matrix.arch }}-android-wheel
+
+      - name: Upload wheel
+        uses: actions/upload-artifact@v5
+        with:
+          name: deltachat-rpc-server-${{ matrix.arch }}-android-wheel
+          path: result/*.whl
+          if-no-files-found: error
+
  publish:
    name: Build wheels and upload binaries to the release
-    needs: ["build_linux", "build_windows", "build_macos"]
+    needs: ["build_linux", "build_linux_wheel", "build_windows", "build_windows_wheel", "build_macos", "build_android", "build_android_wheel"]
    environment:
      name: pypi
      url: https://pypi.org/p/deltachat-rpc-server
@@ -132,78 +204,132 @@ jobs:
      contents: write
    runs-on: "ubuntu-latest"
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

+      - name: Download Linux aarch64 wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-aarch64-linux-wheel
+          path: deltachat-rpc-server-aarch64-linux-wheel.d
+
      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

+      - name: Download Linux armv7l wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-armv7l-linux-wheel
+          path: deltachat-rpc-server-armv7l-linux-wheel.d
+
      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

+      - name: Download Linux armv6l wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-armv6l-linux-wheel
+          path: deltachat-rpc-server-armv6l-linux-wheel.d
+
      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

+      - name: Download Linux i686 wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-i686-linux-wheel
+          path: deltachat-rpc-server-i686-linux-wheel.d
+
      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

+      - name: Download Linux x86_64 wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-x86_64-linux-wheel
+          path: deltachat-rpc-server-x86_64-linux-wheel.d
+
      - name: Download Win32 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

+      - name: Download Win32 wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-win32-wheel
+          path: deltachat-rpc-server-win32-wheel.d
+
      - name: Download Win64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

+      - name: Download Win64 wheel
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-win64-wheel
+          path: deltachat-rpc-server-win64-wheel.d
+
      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

+      - name: Download Android wheel for arm64-v8a
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-arm64-v8a-android-wheel
+          path: deltachat-rpc-server-arm64-v8a-android-wheel.d
+
      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d

+      - name: Download Android wheel for armeabi-v7a
+        uses: actions/download-artifact@v6
+        with:
+          name: deltachat-rpc-server-armeabi-v7a-android-wheel
+          path: deltachat-rpc-server-armeabi-v7a-android-wheel.d
+
      - name: Create bin/ directory
        run: |
          mkdir -p bin
@@ -222,38 +348,21 @@ jobs:
      - name: List binaries
        run: ls -l bin/

-      # Python 3.11 is needed for tomllib used in scripts/wheel-rpc-server.py
-      - name: Install python 3.12
-        uses: actions/setup-python@v6
-        with:
-          python-version: 3.12
-
      - name: Install wheel
        run: pip install wheel

-      - name: Build deltachat-rpc-server Python wheels and source package
+      - name: Build deltachat-rpc-server Python wheels
        run: |
          mkdir -p dist
-          nix build .#deltachat-rpc-server-x86_64-linux-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-armv7l-linux-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-armv6l-linux-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-aarch64-linux-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-i686-linux-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-win64-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-win32-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-arm64-v8a-android-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-armeabi-v7a-android-wheel
-          cp result/*.whl dist/
-          nix build .#deltachat-rpc-server-source
-          cp result/*.tar.gz dist/
+          mv deltachat-rpc-server-aarch64-linux-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-armv7l-linux-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-armv6l-linux-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-i686-linux-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-x86_64-linux-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-win64-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-win32-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-arm64-v8a-android-wheel.d/*.whl dist/
+          mv deltachat-rpc-server-armeabi-v7a-android-wheel.d/*.whl dist/
          python3 scripts/wheel-rpc-server.py x86_64-darwin bin/deltachat-rpc-server-x86_64-macos
          python3 scripts/wheel-rpc-server.py aarch64-darwin bin/deltachat-rpc-server-aarch64-macos
          mv *.whl dist/
@@ -271,7 +380,7 @@ jobs:
            --repo ${{ github.repository }} \
            bin/* dist/*

-      - name: Publish deltachat-rpc-client to PyPI
+      - name: Publish deltachat-rpc-server to PyPI
        if: github.event_name == 'release'
        uses: pypa/gh-action-pypi-publish@release/v1

@@ -279,13 +388,16 @@ jobs:
    name: Build & Publish npm prebuilds and deltachat-rpc-server
    needs: ["build_linux", "build_windows", "build_macos"]
    runs-on: "ubuntu-latest"
+    environment:
+      name: npm-stdio-rpc-server
+      url: https://www.npmjs.com/package/@deltachat/stdio-rpc-server
    permissions:
      id-token: write

      # Needed to publish the binaries to the release.
      contents: write
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -294,67 +406,67 @@ jobs:
          python-version: "3.11"

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

      - name: Download Win32 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

      - name: Download Win64 binary
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d
@@ -384,7 +496,7 @@ jobs:
          ls -lah

      - name: Upload to artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: deltachat-rpc-server-npm-package
          path: deltachat-rpc-server/npm-package/*.tgz
@@ -401,7 +513,7 @@ jobs:
            deltachat-rpc-server/npm-package/*.tgz

      # Configure Node.js for publishing.
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
        with:
          node-version: 20
          registry-url: "https://registry.npmjs.org"
@@ -412,5 +524,3 @@ jobs:
        run: |
          ls -lah platform_package
          for platform in *.tgz; do npm publish --provenance "$platform" --access public; done
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/jsonrpc-client-npm-package.yml
+++ b/.github/workflows/jsonrpc-client-npm-package.yml
@@ -10,16 +10,19 @@ jobs:
  pack-module:
    name: "Publish @deltachat/jsonrpc-client"
    runs-on: ubuntu-latest
+    environment:
+      name: npm-jsonrpc-client
+      url: https://www.npmjs.com/package/@deltachat/jsonrpc-client
    permissions:
      id-token: write
      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false

-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
        with:
          node-version: 20
          registry-url: "https://registry.npmjs.org"
@@ -37,5 +40,3 @@ jobs:
      - name: Publish
        working-directory: deltachat-jsonrpc/typescript
        run: npm publish --provenance deltachat-jsonrpc-client-* --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -16,12 +16,12 @@ jobs:
  build_and_test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
      - name: Use Node.js 18.x
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
        with:
          node-version: 18.x
      - name: Add Rust cache
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -21,11 +21,11 @@ jobs:
    name: check flake formatting
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - run: nix fmt flake.nix -- --check

  build:
@@ -80,11 +80,11 @@ jobs:
          #- deltachat-rpc-server-x86_64-android
          #- deltachat-rpc-server-x86-android
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - run: nix build .#${{ matrix.installable }}

  build-macos:
@@ -95,14 +95,15 @@ jobs:
      matrix:
        installable:
          - deltachat-rpc-server
+          - deltachat-rpc-server-x86_64-darwin

-          # Fails to bulid
+          # Fails to build
+          # because of <https://github.com/NixOS/nixpkgs/issues/413910>.
          # - deltachat-rpc-server-aarch64-darwin
-          # - deltachat-rpc-server-x86_64-darwin
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - run: nix build .#${{ matrix.installable }}
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -23,7 +23,7 @@ jobs:
        working-directory: deltachat-rpc-client
        run: python3 -m build
      - name: Store the distribution packages
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: python-package-distributions
          path: deltachat-rpc-client/dist/
@@ -42,7 +42,7 @@ jobs:

    steps:
      - name: Download all the dists
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: python-package-distributions
          path: dist/
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -14,15 +14,15 @@ jobs:
    name: Build REPL example
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - name: Build
        run: nix build .#deltachat-repl-win64
      - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: repl.exe
          path: "result/bin/deltachat-repl.exe"
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
@@ -31,12 +31,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - name: Build Python documentation
        run: nix build .#python-docs
      - name: Upload to py.delta.chat
@@ -50,12 +50,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
-      - uses: cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31
+      - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31
      - name: Build C documentation
        run: nix build .#docs
      - name: Upload to c.delta.chat
@@ -72,13 +72,13 @@ jobs:
        working-directory: ./deltachat-jsonrpc/typescript

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
      - name: Use Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
        with:
          node-version: '18'
      - name: npm install
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -14,12 +14,12 @@ jobs:
      security-events: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244

      - name: Run zizmor
        run: uvx zizmor --format sarif . > results.sarif
--- a/.gitignore
+++ b/.gitignore
@@ -36,6 +36,7 @@ deltachat-ffi/xml
 coverage/
 .DS_Store
 .vscode
+.zed
 python/accounts.txt
 python/all-testaccounts.txt
 tmp/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,378 @@
 # Changelog

+## [2.30.0] - 2025-12-04
+
+### Features / Changes
+
+- Disable SNI for STARTTLS ([#7499](https://github.com/chatmail/core/pull/7499)).
+- Introduce cross-core testing along with improvements to test frameworking.
+- Synchronize transports via sync messages.
+
+### Fixes
+
+- Fix shutdown shortly after call.
+
+### API-Changes
+
+- Add `TransportsModified` event (for tests).
+
+### CI
+
+- Use "trusted publishing" for NPM packages.
+
+### Miscellaneous Tasks
+
+- deps: Bump actions/checkout from 5 to 6.
+- cargo: Bump syn from 2.0.110 to 2.0.111.
+- deps: Bump astral-sh/setup-uv from 7.1.3 to 7.1.4.
+- cargo: Bump sdp from 0.8.0 to 0.10.0.
+- Remove two outdated todo comments ([#7550](https://github.com/chatmail/core/pull/7550)).
+
+## [2.29.0] - 2025-12-01
+
+### API-Changes
+
+- deltachat-rpc-client: Add Message.exists().
+
+### Features / Changes
+
+- [**breaking**] Increase backup version from 3 to 4.
+- Hide `To` header in encrypted messages.
+- `deltachat_rpc_client.Rpc` accepts `rpc_server_path` for using a particular deltachat-rpc-server ([#7493](https://github.com/chatmail/core/pull/7493)).
+- Don't send `Chat-Group-Avatar` header in unencrypted groups.
+- Don't update `self-{avatar,status}` from received messages ([#7002](https://github.com/chatmail/core/pull/7002)).
+
+### Fixes
+
+- `CREATE INDEX imap_only_rfc724_mid ON imap(rfc724_mid)` ([#7490](https://github.com/chatmail/core/pull/7490)).
+- Use the same webxdc ratelimit for all email servers.
+- Handle the case when account does not exist in `get_existing_msg_ids()`.
+- Don't send self-avatar in unencrypted messages ([#7136](https://github.com/chatmail/core/pull/7136)).
+- Do not configure folders during transport configuration.
+- Upload sync messages only with the primary transport.
+- Do not use deprecated ConfiguredProvider in get_configured_provider.
+
+### Build system
+
+- Make scripts for remote testing usable.
+- Increase minimum supported Python version to 3.10.
+- Use SPDX license expression in Python package metadata.
+
+### CI
+
+- Set timeout-minutes for all jobs in ci.yaml workflow.
+- Do not install Python manually to bulid RPC server wheels.
+- Do not build fake RPC server source packages.
+- Build Python wheels in separate jobs.
+
+### Refactor
+
+- [**breaking**] Remove some unneeded stock strings ([#7496](https://github.com/chatmail/core/pull/7496)).
+- Strike events in rpc-client request handling, get result from queue.
+- Use ConfiguredProvider config directly when loading legacy settings.
+- Remove update_icons and disable_server_delete migrations.
+- Use `SYMMETRIC_KEY_ALGORITHM` constant in `symm_encrypt_message()`.
+- Make signing key non-optional for `pk_encrypt`.
+
+### Tests
+
+- `test_remove_member_bcc`: Test unencrypted group as it was initially.
+
+### Miscellaneous Tasks
+
+- deps: Bump cachix/install-nix-action from 31.8.1 to 31.8.4.
+- cargo: Bump hyper from 1.7.0 to 1.8.1.
+- cargo: Bump human-panic from 2.0.3 to 2.0.4.
+- cargo: Bump hyper-util from 0.1.17 to 0.1.18.
+- cargo: Bump rusqlite from 0.36.0 to 0.37.0.
+- cargo: Bump tokio-util from 0.7.16 to 0.7.17.
+- cargo: Bump toml from 0.9.7 to 0.9.8.
+- cargo: Bump proptest from 1.8.0 to 1.9.0.
+- cargo: Bump parking_lot from 0.12.4 to 0.12.5.
+- cargo: Bump syn from 2.0.106 to 2.0.110.
+- cargo: Bump quick-xml from 0.38.3 to 0.38.4.
+- cargo: Bump rustls-pki-types from 1.12.0 to 1.13.0.
+- cargo: Bump nu-ansi-term from 0.50.1 to 0.50.3.
+- cargo: Bump sanitize-filename from 0.5.0 to 0.6.0.
+- cargo: Bump quote from 1.0.41 to 1.0.42.
+- cargo: Bump libc from 0.2.176 to 0.2.177.
+- cargo: Bump bytes from 1.10.1 to 1.11.0.
+- cargo: Bump image from 0.25.8 to 0.25.9.
+- cargo: Bump rand from 0.9.0 to 0.9.2 ([#7501](https://github.com/chatmail/core/pull/7501)).
+- cargo: Bump tokio from 1.45.1 to 1.48.0.
+
+## [2.28.0] - 2025-11-23
+
+### API-Changes
+
+- New API `get_existing_msg_ids()` to check if the messages with given IDs exist.
+- Add API to get storage usage information. (JSON-RPC method: `get_storage_usage_report_string`) ([#7486](https://github.com/chatmail/core/pull/7486)).
+
+### Features / Changes
+
+- Experimentaly allow adding second transport.
+  There is no synchronization yet, so UIs should not allow the user to change the address manually and only expose the ability to add transports if `bcc_self` is disabled.
+- Default `bcc_self` to 0 for all new accounts.
+- Rephrase "Establishing end-to-end encryption" -> "Establishing connection".
+- Stock string for joining a channel ([#7480](https://github.com/chatmail/core/pull/7480)).
+
+### Fixes
+
+- Limit the range of `Date` to up to 6 days in the past.
+- `ContactId::set_name_ex()`: Emit ContactsChanged when transaction is completed.
+- Set SQLite busy timeout to 1 minute on iOS.
+- Sort system messages to the bottom of the chat.
+- Assign outgoing self-sent unencrypted messages to ad-hoc groups with only SELF ([#7409](https://github.com/chatmail/core/pull/7409)).
+- Add missing stock strings.
+- Look up or create ad-hoc group if there are duplicate addresses in "To".
+
+### Documentation
+
+- Add missing RFC 9788, link 'Header Protection for Cryptographically Protected Email' as other RFC.
+- Remove unsupported RFC 3503 (`$MDNSent` flag) from the list of standards.
+- Mark database encryption support as deprecated ([#7403](https://github.com/chatmail/core/pull/7403)).
+
+### Build system
+
+- Increase Minimum Supported Rust Version to 1.88.0.
+- Update rPGP from 0.17.0 to 0.18.0.
+- nix: Update `fenix` and use it for all Rust builds.
+
+### CI
+
+- Do not use --encoding option for rst-lint.
+
+### Refactor
+
+- Use `HashMap::extract_if()` stabilized in Rust 1.88.0.
+- Remove some easy to remove unwrap() calls.
+
+### Tests
+
+- Contact shalln't be verified by another having unknown verifier.
+
+## [2.27.0] - 2025-11-16
+
+### API-Changes
+
+- Add APIs to stop background fetch.
+- [**breaking**]: rename JSON-RPC method accounts_background_fetch() into background_fetch()
+- rpc-client: Add APIs for background fetch.
+- rpc-client: Add Account.wait_for_msg().
+- Deprecate deletion timer string for '1 Minute'.
+
+### Features / Changes
+
+- Implement RFC 9788 (Header Protection for Cryptographically Protected Email) ([#7130](https://github.com/chatmail/core/pull/7130)).
+- Tweak initial info-message for unencrypted chats ([#7427](https://github.com/chatmail/core/pull/7427)).
+- Add Contact::get_or_gen_color. Use it in CFFI and JSON-RPC to avoid gray self-color ([#7374](https://github.com/chatmail/core/pull/7374)).
+- [**breaking**] Withdraw broadcast invites. Add Qr::WithdrawJoinBroadcast and Qr::ReviveJoinBroadcast QR code types. ([#7439](https://github.com/chatmail/core/pull/7439)).
+
+### Fixes
+
+- Set `get_max_smtp_rcpt_to` for chatmail to the actual limit of 1000 instead of unlimited. ([#7432](https://github.com/chatmail/core/pull/7432)).
+- Always set bcc_self on backup import/export.
+- Escape connectivity HTML.
+- Send webm as file, it is not supported by all UI.
+
+### Build system
+
+- nix: Exclude CONTRIBUTING.md from the source files.
+
+### Refactor
+
+- Use wait_for_incoming_msg() in more tests.
+
+### Tests
+
+- Fix flaky test_send_receive_locations.
+- Port folder-related CFFI tests to JSON-RPC.
+- HP-Outer headers are added to messages with standard Header Protection ([#7130](https://github.com/chatmail/core/pull/7130)).
+- rpc-client: Test_qr_securejoin_broadcast: Wait for incoming message before getting chatlist ([#7442](https://github.com/chatmail/core/pull/7442)).
+- Add pytest fixture for account manager.
+- Test background_fetch() and stop_background_fetch().
+
+## [2.26.0] - 2025-11-11
+
+### API-Changes
+
+- [**breaking**] JSON-RPC: `chat_type` now contains a variant of a string enum/union. Affected places: `FullChat.chat_type`, `BasicChat.chat_type`, `ChatListItemFetchResult::ChatListItem.chat_type`, `Event:: SecurejoinInviterProgress.chat_type` and `MessageSearchResult.chat_type` ([#7285](https://github.com/chatmail/core/pull/7285))
+
+### Features / Changes
+
+- Error toast for "Not creating securejoin QR for old broadcast".
+
+### Fixes
+
+- `is_encrypted()` should be true for Saved Messages chat so messages there are editable.
+- Do not return an error from `receive_imf` if we fail to add a member because we are not in chat.
+- Do not add QR inviter to groups immediately.
+- Do not ignore I/O errors in `BlobObject::store_from_base64`.
+
+### Miscellaneous Tasks
+
+- Rustfmt.
+
+### Refactor
+
+- imap: Move resync request from Context to Imap.
+- Replace imap:: calls in migration 73 with SQL queries.
+- Remove unused imports.
+
+### Documentation
+
+- Readme: update language binding section to avoid usage of cffi in new projects ([#7380](https://github.com/chatmail/core/pull/7380)).
+- Fix Context::set_stock_translation reference.
+
+### Tests
+
+- Test editing saved messages.
+- Remove ThreadPoolExecutor from test_wait_next_messages.
+- Move test_two_group_securejoins from receive_imf to securejoin module.
+- At the end of securejoin Bob has two members in a group chat.
+- Bob has 0 members in the chat until securejoin finishes.
+- Do not add QR inviter to groups right after scanning the code.
+
+## [2.25.0] - 2025-11-05
+
+### Features / Changes
+
+- Put self-name into group invite codes ([#7398](https://github.com/chatmail/core/pull/7398)).
+- Slightly nicer and shorter QR and invite codes ([#7390](https://github.com/chatmail/core/pull/7390))
+
+### Fixes
+
+- Add device message instead of partial message when receive_imf fails. This fixes a rare bug where the IMAP loop got stuck.
+- Add info message if user tries to create a QR code for deprecated channel ([#7399](https://github.com/chatmail/core/pull/7399)).
+
+### Miscellaneous Tasks
+
+- deps: Bump actions/upload-artifact from 4 to 5.
+- deps: Bump actions/download-artifact from 5 to 6.
+- deps: Bump astral-sh/setup-uv from 7.1.0 to 7.1.2.
+
+### Refactor
+
+- sql: Do not expose rusqlite Error type in query_map methods.
+
+## [2.24.0] - 2025-11-03
+
+***Note that in v2.24.0, the IMAP loop can get stuck in rare circumstances;
+use v2.23.0 or v2.25.0 instead.***
+
+### Documentation
+
+- Comment why spaced en dash is used to separate message Subject from text.
+
+### Features / Changes
+
+- [**breaking**] QR codes and symmetric encryption for broadcast channels ([#7268](https://github.com/chatmail/core/pull/7268)).
+  - A new QR type AskJoinBroadcast; cloning a broadcast
+    channel is no longer possible; manually adding a member to a broadcast
+    channel is no longer possible (the only way to join a channel is scanning a QR code or clicking a link)
+
+### Refactor
+
+- Split "transport" module out of "login_param".
+
+## [2.23.0] - 2025-11-01
+
+### API-Changes
+
+- Make `dc_chat_is_protected` always return 0.
+- [**breaking**] Remove public APIs to check if the chat is protected.
+- [**breaking**] Remove APIs to create protected chats.
+- [**breaking**] Remove Chat.is_protected().
+- deltachat-rpc-client: Add Account.add_transport_from_qr() API.
+- JSON-RPC: add `get_push_state` to check push notification state ([#7356](https://github.com/chatmail/core/pull/7356)).
+- JSON-RPC: remove unused TypeScript constants ([#7355](https://github.com/chatmail/core/pull/7355)).
+- Remove `Config::SentboxWatch` ([#7178](https://github.com/chatmail/core/pull/7178)).
+- Remove `Config::ConfiguredSentboxFolder` and everything related.
+
+### Build system
+
+- Ignore configuration for the zed editor ([#7322](https://github.com/chatmail/core/pull/7322)).
+- nix: Fix build of deltachat-rpc-server-x86_64-darwin.
+- Update rand to 0.9.
+- Do not install `pdbpp` in the test environment for CFFI Python bindings.
+- Migrate from tokio-tar to astral-tokio-tar.
+- deps: Bump actions/setup-node from 5 to 6.
+- deps: Bump cachix/install-nix-action from 31.8.0 to 31.8.1.
+- Fix Rust 1.91.0 lint for derivable Default.
+
+### CI
+
+- Pin GitHub action `astral-sh/setup-uv`.
+- Set 7 days cooldown on Dependabot updates.
+- Update Rust to 1.91.0.
+
+### Documentation
+
+- Document Autocrypt-Gossip `_verified` attribute.
+
+### Features/Changes
+
+Metadata reduction:
+- Protect Autocrypt header.
+- Anonymize OpenPGP recipients (temorarily disabled due to interoperability problems, see <https://github.com/chatmail/core/issues/7384>).
+- Protect the `Date` header.
+
+Onboarding improvements:
+- Allow plain domain in `dcaccount:` scheme.
+- Do not resolve MX records during configuration.
+
+Preparation for multi-transport:
+- Move the messages only from INBOX and Spam folders.
+- deltachat-rpc-client: Support multiple transports in resetup_account().
+
+Various other changes:
+- Opt-in weekly sending of statistics ([#6851](https://github.com/chatmail/core/pull/6851))
+- Synchronize encrypted groups creation across devices ([#7001](https://github.com/chatmail/core/pull/7001)).
+- Do not send Autocrypt in MDNs.
+- Do not run SecureJoin if we are already in the group.
+- Show if proxy is enabled in connectivity view ([#7359](https://github.com/chatmail/core/pull/7359)).
+
+### Fixes
+
+- Don't ignore QR token timestamp from sync messages.
+- Do not allow sync item timestamps to be in the future.
+- jsonrpc: Fix `ChatListItem::is_self_in_group`.
+- Delete obsolete "configured*" keys from `config` table ([#7171](https://github.com/chatmail/core/pull/7171)).
+- Fix flaky tests::verified_chats::test_verified_chat_editor_reordering and receive_imf::receive_imf_tests::test_two_group_securejoins.
+- Stop using `leftgrps` table.
+- Stop notifying about messages in contact request chats.
+
+### Refactor
+
+- Remove invalid Gmail OAuth2 tokens.
+- Remove ProtectionStatus.
+- Rename chat::create_group_chat() to create_group().
+- Remove error stock strings that are rarely used these days ([#7327](https://github.com/chatmail/core/pull/7327)).
+- Jsonrpc rename change casing in names of jsonrpc structs/enums to comply with rust naming conventions. ([#7324](https://github.com/chatmail/core/pull/7324)).
+- Stop using deprecated Account.configure().
+- add_transport_from_qr: Do not set deprecated config values.
+- sql: Change second query_map function from FnMut to FnOnce.
+- sql: Add query_map_vec().
+- sql: Add query_map_collect().
+- Use rand::fill() instead of rand::rng().fill().
+- Use SampleString.
+- Remove unused call to get_credentials().
+
+### Tests
+
+- rpc-client: VCard color is the same as the contact color ([#7294](https://github.com/chatmail/core/pull/7294)).
+- Add unique offsets to ids generated by `TestContext` to increase test correctness ([#7297](https://github.com/chatmail/core/pull/7297)).
+
+## [2.22.0] - 2025-10-17
+
+### Fixes
+
+- Do not notify about incoming calls for contact requests and blocked contacts.
+
+### Tests
+
+- Accept the chat with the caller before accepting calls.
+
 ## [2.21.0] - 2025-10-16

 ### Build system
@@ -6957,3 +7330,12 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.19.0]: https://github.com/chatmail/core/compare/v2.18.0..v2.19.0
 [2.20.0]: https://github.com/chatmail/core/compare/v2.19.0..v2.20.0
 [2.21.0]: https://github.com/chatmail/core/compare/v2.20.0..v2.21.0
+[2.22.0]: https://github.com/chatmail/core/compare/v2.21.0..v2.22.0
+[2.23.0]: https://github.com/chatmail/core/compare/v2.22.0..v2.23.0
+[2.24.0]: https://github.com/chatmail/core/compare/v2.23.0..v2.24.0
+[2.25.0]: https://github.com/chatmail/core/compare/v2.24.0..v2.25.0
+[2.26.0]: https://github.com/chatmail/core/compare/v2.25.0..v2.26.0
+[2.27.0]: https://github.com/chatmail/core/compare/v2.26.0..v2.27.0
+[2.28.0]: https://github.com/chatmail/core/compare/v2.27.0..v2.28.0
+[2.29.0]: https://github.com/chatmail/core/compare/v2.28.0..v2.29.0
+[2.30.0]: https://github.com/chatmail/core/compare/v2.29.0..v2.30.0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
-# Contributing to Delta Chat
+# Contributing to chatmail core

 ## Bug reports

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "deltachat"
-version = "2.21.0"
+version = "2.30.0"
 edition = "2024"
 license = "MPL-2.0"
-rust-version = "1.85"
+rust-version = "1.88"
 repository = "https://github.com/chatmail/core"

 [profile.dev]
@@ -61,7 +61,6 @@ fd-lock = "4"
 futures-lite = { workspace = true }
 futures = { workspace = true }
 hex = "0.4.0"
-hickory-resolver = "0.25.2"
 http-body-util = "0.1.3"
 humansize = "2"
 hyper = "1"
@@ -79,16 +78,17 @@ num-derive = "0.4"
 num-traits = { workspace = true }
 parking_lot = "0.12.4"
 percent-encoding = "2.3"
-pgp = { version = "0.17.0", default-features = false }
+pgp = { version = "0.18.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
 quick-xml = { version = "0.38", features = ["escape-html"] }
+rand-old = { package = "rand", version = "0.8" }
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
 rustls-pki-types = "1.12.0"
 sanitize-filename = { workspace = true }
-sdp = "0.8.0"
+sdp = "0.10.0"
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
 serde = { workspace = true, features = ["derive"] }
@@ -104,7 +104,7 @@ thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
-tokio-tar = { version = "0.3" } # TODO: integrate tokio into async-tar
+astral-tokio-tar = { version = "0.5.6", default-features = false }
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.9"
@@ -156,6 +156,11 @@ name = "receive_emails"
 required-features = ["internals"]
 harness = false

+[[bench]]
+name = "decrypting"
+required-features = ["internals"]
+harness = false
+
 [[bench]]
 name = "get_chat_msgs"
 harness = false
@@ -187,16 +192,16 @@ log = "0.4"
 mailparse = "0.16.1"
 nu-ansi-term = "0.50"
 num-traits = "0.2"
-rand = "0.8"
+rand = "0.9"
 regex = "1.10"
-rusqlite = "0.36"
-sanitize-filename = "0.5"
+rusqlite = "0.37"
+sanitize-filename = "0.6"
 serde = "1.0"
 serde_json = "1"
 tempfile = "3.23.0"
 thiserror = "2"
 tokio = "1"
-tokio-util = "0.7.16"
+tokio-util = "0.7.17"
 tracing-subscriber = "0.3"
 yerpc = "0.6.4"

--- a/README.md
+++ b/README.md
@@ -197,12 +197,10 @@ and then run the script.
 Language bindings are available for:

 - **C** \[[📂 source](./deltachat-ffi) | [📚 docs](https://c.delta.chat)\]
+   - -> libdeltachat is going to be deprecated and only exists because Android, iOS and Ubuntu Touch are still using it. If you build a new project, then please use the jsonrpc api instead.
 - **JS**: \[[📂 source](./deltachat-rpc-client) | [📦 npm](https://www.npmjs.com/package/@deltachat/jsonrpc-client) | [📚 docs](https://js.jsonrpc.delta.chat/)\]
 - **Python** \[[📂 source](./python) | [📦 pypi](https://pypi.org/project/deltachat) | [📚 docs](https://py.delta.chat)\]
- **Go**
-  - over jsonrpc: \[[📂 source](https://github.com/deltachat/deltachat-rpc-client-go/)\]
-  - over cffi[^1]: \[[📂 source](https://github.com/deltachat/go-deltachat/)\]
- **Free Pascal**[^1] \[[📂 source](https://github.com/deltachat/deltachat-fp/)\]
+- **Go** \[[📂 source](https://github.com/deltachat/deltachat-rpc-client-go/)\]
 - **Java** and **Swift** (contained in the Android/iOS repos)

 The following "frontend" projects make use of the Rust-library
@@ -215,5 +213,3 @@ or its language bindings:
 - [Telepathy](https://code.ur.gs/lupine/telepathy-padfoot/)
 - [Ubuntu Touch](https://codeberg.org/lk108/deltatouch)
 - several **Bots**
-
-[^1]: Out of date / unmaintained, if you like those languages feel free to start maintaining them. If you have questions we'll help you, please ask in the issues.
--- a/assets/self-reporting-bot.vcf
+++ b/assets/self-reporting-bot.vcf
--- a/benches/decrypting.rs
+++ b/benches/decrypting.rs
@@ -0,0 +1,200 @@
+//! Benchmarks for message decryption,
+//! comparing decryption of symmetrically-encrypted messages
+//! to decryption of asymmetrically-encrypted messages.
+//!
+//! Call with
+//!
+//! ```text
+//! cargo bench --bench decrypting --features="internals"
+//! ```
+//!
+//! or, if you want to only run e.g. the 'Decrypt a symmetrically encrypted message' benchmark:
+//!
+//! ```text
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt a symmetrically encrypted message'
+//! ```
+//!
+//! You can also pass a substring.
+//! So, you can run all 'Decrypt and parse' benchmarks with:
+//!
+//! ```text
+//! cargo bench --bench decrypting --features="internals" -- 'Decrypt and parse'
+//! ```
+//!
+//! Symmetric decryption has to try out all known secrets,
+//! You can benchmark this by adapting the `NUM_SECRETS` variable.
+
+use std::hint::black_box;
+
+use criterion::{Criterion, criterion_group, criterion_main};
+use deltachat::internals_for_benches::create_broadcast_secret;
+use deltachat::internals_for_benches::create_dummy_keypair;
+use deltachat::internals_for_benches::save_broadcast_secret;
+use deltachat::{
+    Events,
+    chat::ChatId,
+    config::Config,
+    context::Context,
+    internals_for_benches::key_from_asc,
+    internals_for_benches::parse_and_get_text,
+    internals_for_benches::store_self_keypair,
+    pgp::{KeyPair, decrypt, pk_encrypt, symm_encrypt_message},
+    stock_str::StockStrings,
+};
+use rand::{Rng, rng};
+use tempfile::tempdir;
+
+const NUM_SECRETS: usize = 500;
+
+async fn create_context() -> Context {
+    let dir = tempdir().unwrap();
+    let dbfile = dir.path().join("db.sqlite");
+    let context = Context::new(dbfile.as_path(), 100, Events::new(), StockStrings::new())
+        .await
+        .unwrap();
+
+    context
+        .set_config(Config::ConfiguredAddr, Some("bob@example.net"))
+        .await
+        .unwrap();
+    let secret = key_from_asc(include_str!("../test-data/key/bob-secret.asc")).unwrap();
+    let public = secret.signed_public_key();
+    let key_pair = KeyPair { public, secret };
+    store_self_keypair(&context, &key_pair)
+        .await
+        .expect("Failed to save key");
+
+    context
+}
+
+fn criterion_benchmark(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Decrypt");
+
+    // ===========================================================================================
+    // Benchmarks for decryption only, without any other parsing
+    // ===========================================================================================
+
+    group.sample_size(10);
+
+    group.bench_function("Decrypt a symmetrically encrypted message", |b| {
+        let plain = generate_plaintext();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            let secret = secrets[NUM_SECRETS / 2].clone();
+            symm_encrypt_message(
+                plain.clone(),
+                create_dummy_keypair("alice@example.org").unwrap().secret,
+                black_box(&secret),
+                true,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg =
+                decrypt(encrypted.clone().into_bytes(), &[], black_box(&secrets)).unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
+    group.bench_function("Decrypt a public-key encrypted message", |b| {
+        let plain = generate_plaintext();
+        let key_pair = create_dummy_keypair("alice@example.org").unwrap();
+        let secrets = generate_secrets();
+        let encrypted = tokio::runtime::Runtime::new().unwrap().block_on(async {
+            pk_encrypt(
+                plain.clone(),
+                vec![black_box(key_pair.public.clone())],
+                key_pair.secret.clone(),
+                true,
+                true,
+            )
+            .await
+            .unwrap()
+        });
+
+        b.iter(|| {
+            let mut msg = decrypt(
+                encrypted.clone().into_bytes(),
+                std::slice::from_ref(&key_pair.secret),
+                black_box(&secrets),
+            )
+            .unwrap();
+            let decrypted = msg.as_data_vec().unwrap();
+
+            assert_eq!(black_box(decrypted), plain);
+        });
+    });
+
+    // ===========================================================================================
+    // Benchmarks for the whole parsing pipeline, incl. decryption (but excl. receive_imf())
+    // ===========================================================================================
+
+    let rt = tokio::runtime::Runtime::new().unwrap();
+    let mut secrets = generate_secrets();
+
+    // "secret" is the shared secret that was used to encrypt text_symmetrically_encrypted.eml.
+    // Put it into the middle of our secrets:
+    secrets[NUM_SECRETS / 2] = "secret".to_string();
+
+    let context = rt.block_on(async {
+        let context = create_context().await;
+        for (i, secret) in secrets.iter().enumerate() {
+            save_broadcast_secret(&context, ChatId::new(10 + i as u32), secret)
+                .await
+                .unwrap();
+        }
+        context
+    });
+
+    group.bench_function("Decrypt and parse a symmetrically encrypted message", |b| {
+        b.to_async(&rt).iter(|| {
+            let ctx = context.clone();
+            async move {
+                let text = parse_and_get_text(
+                    &ctx,
+                    include_bytes!("../test-data/message/text_symmetrically_encrypted.eml"),
+                )
+                .await
+                .unwrap();
+                assert_eq!(text, "Symmetrically encrypted message");
+            }
+        });
+    });
+
+    group.bench_function("Decrypt and parse a public-key encrypted message", |b| {
+        b.to_async(&rt).iter(|| {
+            let ctx = context.clone();
+            async move {
+                let text = parse_and_get_text(
+                    &ctx,
+                    include_bytes!("../test-data/message/text_from_alice_encrypted.eml"),
+                )
+                .await
+                .unwrap();
+                assert_eq!(text, "hi");
+            }
+        });
+    });
+
+    group.finish();
+}
+
+fn generate_secrets() -> Vec<String> {
+    let secrets: Vec<String> = (0..NUM_SECRETS)
+        .map(|_| create_broadcast_secret())
+        .collect();
+    secrets
+}
+
+fn generate_plaintext() -> Vec<u8> {
+    let mut plain: Vec<u8> = vec![0; 500];
+    rng().fill(&mut plain[..]);
+    plain
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.21.0"
+version = "2.30.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -247,7 +247,7 @@ typedef struct _dc_event_emitter dc_accounts_event_emitter_t;
 // create/open/config/information

 /**
- * Create a new context object and try to open it without passphrase. If
+ * Create a new context object and try to open it. If
 * database is encrypted, the result is the same as using
 * dc_context_new_closed() and the database should be opened with
 * dc_context_open() before using.
@@ -283,8 +283,13 @@ dc_context_t*   dc_context_new_closed        (const char* dbfile);


 /**
- * Opens the database with the given passphrase. This can only be used on
- * closed context, such as created by dc_context_new_closed(). If the database
+ * Opens the database with the given passphrase.
+ * NB: Nonempty passphrase (db encryption) is deprecated 2025-11:
+ * - Db encryption does nothing with blobs, so fs/disk encryption is recommended.
+ * - Isolation from other apps is needed anyway.
+ *
+ * This can only be used on closed context, such as
+ * created by dc_context_new_closed(). If the database
 * is new, this operation sets the database passphrase. For existing databases
 * the passphrase should be the one used to encrypt the database the first
 * time.
@@ -301,6 +306,8 @@ int             dc_context_open              (dc_context_t *context, const char*

 /**
 * Changes the passphrase on the open database.
+ * Deprecated 2025-11, see `dc_context_open()` for reasoning.
+ *
 * Existing database must already be encrypted and the passphrase cannot be NULL or empty.
 * It is impossible to encrypt unencrypted database with this method and vice versa.
 *
@@ -1763,9 +1770,7 @@ dc_chat_t*      dc_get_chat                  (dc_context_t* context, uint32_t ch
 *
 * @memberof dc_context_t
 * @param context The context object.
- * @param protect If set to 1 the function creates group with protection initially enabled.
- *     Only verified members are allowed in these groups
- *     and end-to-end-encryption is always enabled.
+ * @param protect Deprecated 2025-08-31, ignored.
 * @param name The name of the group chat to create.
 *     The name may be changed later using dc_set_chat_name().
 *     To find out the name of a group later, see dc_chat_get_name()
@@ -2565,6 +2570,7 @@ void            dc_stop_ongoing_process      (dc_context_t* context);

 #define         DC_QR_ASK_VERIFYCONTACT      200 // id=contact
 #define         DC_QR_ASK_VERIFYGROUP        202 // text1=groupname
+#define         DC_QR_ASK_VERIFYBROADCAST    204 // text1=broadcast name
 #define         DC_QR_FPR_OK                 210 // id=contact
 #define         DC_QR_FPR_MISMATCH           220 // id=contact
 #define         DC_QR_FPR_WITHOUT_ADDR       230 // test1=formatted fingerprint
@@ -2579,8 +2585,10 @@ void            dc_stop_ongoing_process      (dc_context_t* context);
 #define         DC_QR_ERROR                  400 // text1=error string
 #define         DC_QR_WITHDRAW_VERIFYCONTACT 500
 #define         DC_QR_WITHDRAW_VERIFYGROUP   502 // text1=groupname
+#define         DC_QR_WITHDRAW_JOINBROADCAST 504 // text1=broadcast name
 #define         DC_QR_REVIVE_VERIFYCONTACT   510
 #define         DC_QR_REVIVE_VERIFYGROUP     512 // text1=groupname
+#define         DC_QR_REVIVE_JOINBROADCAST   514 // text1=broadcast name
 #define         DC_QR_LOGIN                  520 // text1=email_address

 /**
@@ -2597,8 +2605,9 @@ void            dc_stop_ongoing_process      (dc_context_t* context);
 *   ask whether to verify the contact;
 *   if so, start the protocol with dc_join_securejoin().
 *
- * - DC_QR_ASK_VERIFYGROUP with dc_lot_t::text1=Group name:
- *   ask whether to join the group;
+ * - DC_QR_ASK_VERIFYGROUP or DC_QR_ASK_VERIFYBROADCAST
+ *   with dc_lot_t::text1=Group name:
+ *   ask whether to join the chat;
 *   if so, start the protocol with dc_join_securejoin().
 *
 * - DC_QR_FPR_OK with dc_lot_t::id=Contact ID:
@@ -2681,7 +2690,8 @@ dc_lot_t*       dc_check_qr                  (dc_context_t* context, const char*
 * Get QR code text that will offer an Setup-Contact or Verified-Group invitation.
 *
 * The scanning device will pass the scanned content to dc_check_qr() then;
- * if dc_check_qr() returns DC_QR_ASK_VERIFYCONTACT or DC_QR_ASK_VERIFYGROUP
+ * if dc_check_qr() returns
+ * DC_QR_ASK_VERIFYCONTACT, DC_QR_ASK_VERIFYGROUP or DC_QR_ASK_VERIFYBROADCAST
 * an out-of-band-verification can be joined using dc_join_securejoin()
 *
 * The returned text will also work as a normal https:-link,
@@ -2722,7 +2732,7 @@ char*           dc_get_securejoin_qr_svg         (dc_context_t* context, uint32_
 * Continue a Setup-Contact or Verified-Group-Invite protocol
 * started on another device with dc_get_securejoin_qr().
 * This function is typically called when dc_check_qr() returns
- * lot.state=DC_QR_ASK_VERIFYCONTACT or lot.state=DC_QR_ASK_VERIFYGROUP.
+ * lot.state=DC_QR_ASK_VERIFYCONTACT, lot.state=DC_QR_ASK_VERIFYGROUP or lot.state=DC_QR_ASK_VERIFYBROADCAST
 *
 * The function returns immediately and the handshake runs in background,
 * sending and receiving several messages.
@@ -3295,12 +3305,30 @@ void           dc_accounts_maybe_network_lost    (dc_accounts_t* accounts);
 * without forgetting to create notifications caused by timing race conditions.
 *
 * @memberof dc_accounts_t
+ * @param accounts The account manager as created by dc_accounts_new().
 * @param timeout The timeout in seconds
 * @return Return 1 if DC_EVENT_ACCOUNTS_BACKGROUND_FETCH_DONE was emitted and 0 otherwise.
 */
 int            dc_accounts_background_fetch    (dc_accounts_t* accounts, uint64_t timeout);


+/**
+ * Stop ongoing background fetch.
+ *
+ * Calling this function allows to stop dc_accounts_background_fetch() early.
+ * dc_accounts_background_fetch() will then return immediately
+ * and emit DC_EVENT_ACCOUNTS_BACKGROUND_FETCH_DONE unless
+ * if it has failed and returned 0.
+ *
+ * If there is no ongoing dc_accounts_background_fetch() call,
+ * calling this function does nothing.
+ *
+ * @memberof dc_accounts_t
+ * @param accounts The account manager as created by dc_accounts_new().
+ */
+void           dc_accounts_stop_background_fetch (dc_accounts_t *accounts);
+
+
 /**
 * Sets device token for Apple Push Notification service.
 * Returns immediately.
@@ -3890,18 +3918,12 @@ int             dc_chat_can_send              (const dc_chat_t* chat);


 /**
- * Check if a chat is protected.
- *
- * Only verified contacts
- * as determined by dc_contact_is_verified()
- * can be added to protected chats.
- *
- * Protected chats are created using dc_create_group_chat()
- * by setting the 'protect' parameter to 1.
+ * Deprecated, always returns 0.
 *
 * @memberof dc_chat_t
 * @param chat The chat object.
- * @return 1=chat protected, 0=chat is not protected.
+ * @return Always 0.
+ * @deprecated 2025-09-09
 */
 int             dc_chat_is_protected         (const dc_chat_t* chat);

@@ -5350,11 +5372,9 @@ dc_provider_t*  dc_provider_new_from_email            (const dc_context_t* conte


 /**
- * Create a provider struct for the given e-mail address by local and DNS lookup.
+ * Create a provider struct for the given e-mail address by local lookup.
 *
- * First lookup is done from the local database as of dc_provider_new_from_email().
- * If the first lookup fails, an additional DNS lookup is done,
- * trying to figure out the provider belonging to custom domains.
+ * DNS lookup is not used anymore and this function is deprecated.
 *
 * @memberof dc_provider_t
 * @param context The context object.
@@ -5362,6 +5382,7 @@ dc_provider_t*  dc_provider_new_from_email            (const dc_context_t* conte
 * @return A dc_provider_t struct which can be used with the dc_provider_get_*
 *     accessor functions. If no provider info is found, NULL will be
 *     returned.
+ * @deprecated 2025-10-17 use dc_provider_new_from_email() instead.
 */
 dc_provider_t*  dc_provider_new_from_email_with_dns    (const dc_context_t* context, const char* email);

@@ -6965,11 +6986,6 @@ void dc_event_unref(dc_event_t* event);
 /// Used to build the string returned by dc_get_contact_encrinfo().
 #define DC_STR_ENCR_NONE                  28

-/// "This message was encrypted for another setup."
-///
-/// Used as message text if decryption fails.
-#define DC_STR_CANTDECRYPT_MSG_BODY       29
-
 /// "Fingerprints"
 ///
 /// Used to build the string returned by dc_get_contact_encrinfo().
@@ -7199,11 +7215,6 @@ void dc_event_unref(dc_event_t* event);
 /// Used as device message text.
 #define DC_STR_SELF_DELETED_MSG_BODY      91

-/// "'Delete messages from server' turned off as now all folders are affected."
-///
-/// Used as device message text.
-#define DC_STR_SERVER_TURNED_OFF          92
-
 /// "Message deletion timer is set to %1$s minutes."
 ///
 /// Used in status messages.
@@ -7400,19 +7411,6 @@ void dc_event_unref(dc_event_t* event);
 /// @deprecated 2025-06-05
 #define DC_STR_AEAP_ADDR_CHANGED          122

-/// "You changed your email address from %1$s to %2$s.
-/// If you now send a message to a group, contacts there will automatically
-/// replace the old with your new address.\n\n It's highly advised to set up 
-/// your old email provider to forward all emails to your new email address. 
-/// Otherwise you might miss messages of contacts who did not get your new 
-/// address yet." + the link to the AEAP blog post
-/// 
-/// As soon as there is a post about AEAP, the UIs should add it:
-/// set_stock_translation(123, getString(aeap_explanation) + "\n\n" + AEAP_BLOG_LINK)
-///
-/// Used in a device message that explains AEAP.
-#define DC_STR_AEAP_EXPLANATION_AND_LINK  123
-
 /// "You changed group name from \"%1$s\" to \"%2$s\"."
 ///
 /// `%1$s` will be replaced by the old group name.
@@ -7529,14 +7527,13 @@ void dc_event_unref(dc_event_t* event);

 /// "You set message deletion timer to 1 minute."
 ///
-/// Used in status messages.
+/// @deprecated 2025-11-14, this string is no longer needed
 #define DC_STR_EPHEMERAL_TIMER_1_MINUTE_BY_YOU 142

 /// "Message deletion timer is set to 1 minute by %1$s."
 ///
 /// `%1$s` will be replaced by name and address of the contact.
-///
-/// Used in status messages.
+/// @deprecated 2025-11-14, this string is no longer needed
 #define DC_STR_EPHEMERAL_TIMER_1_MINUTE_BY_OTHER 143

 /// "You set message deletion timer to 1 hour."
@@ -7662,12 +7659,6 @@ void dc_event_unref(dc_event_t* event);
 /// Used in info messages.
 #define DC_STR_CHAT_PROTECTION_ENABLED 170

-/// "%1$s sent a message from another device."
-///
-/// Used in info messages.
-/// @deprecated 2025-07
-#define DC_STR_CHAT_PROTECTION_DISABLED 171
-
 /// "Others will only see this group after you sent a first message."
 ///
 /// Used as the first info messages in newly created groups.
@@ -7687,12 +7678,6 @@ void dc_event_unref(dc_event_t* event);
 /// `%1$s` will be replaced by the provider's domain.
 #define DC_STR_INVALID_UNENCRYPTED_MAIL 174

-/// "⚠️ It seems you are using Delta Chat on multiple devices that cannot decrypt each other's outgoing messages. To fix this, on the older device use \"Settings / Add Second Device\" and follow the instructions."
-///
-/// Added to the device chat if could not decrypt a new outgoing message (i.e. not when fetching
-/// existing messages). But no more than once a day.
-#define DC_STR_CANT_DECRYPT_OUTGOING_MSGS 175
-
 /// "You reacted %1$s to '%2$s'"
 ///
 /// `%1$s` will be replaced by the reaction, usually an emoji
@@ -7710,7 +7695,12 @@ void dc_event_unref(dc_event_t* event);
 /// Used in summaries.
 #define DC_STR_REACTED_BY 177

-/// "Establishing guaranteed end-to-end encryption, please wait…"
+/// "Member %1$s removed."
+///
+/// `%1$s` will be replaced by name of the removed contact.
+#define DC_STR_REMOVE_MEMBER 178
+
+/// "Establishing connection, please wait…"
 ///
 /// Used as info message.
 #define DC_STR_SECUREJOIN_WAIT 190
@@ -7754,7 +7744,37 @@ void dc_event_unref(dc_event_t* event);
 /// Subtitle for channel join qrcode svg image generated by the core.
 ///
 /// `%1$s` will be replaced with the channel name.
-#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC  201
+#define DC_STR_SECURE_JOIN_CHANNEL_QR_DESC 201
+
+/// "You joined the channel."
+#define DC_STR_MSG_YOU_JOINED_CHANNEL 202
+
+/// "%1$s invited you to join this channel. Waiting for the device of %2$s to reply…"
+///
+/// Added as an info-message directly after scanning a QR code for joining a broadcast channel.
+///
+/// `%1$s` and `%2$s` will both be replaced by the name of the inviter.
+#define DC_STR_SECURE_JOIN_CHANNEL_STARTED 203
+
+/// "The attachment contains anonymous usage statistics, which help us improve Delta Chat. Thank you!"
+///
+/// Used as the message body for statistics sent out.
+#define DC_STR_STATS_MSG_BODY 210
+
+/// "Proxy Enabled"
+///
+/// Title for proxy section in connectivity view.
+#define DC_STR_PROXY_ENABLED  220
+
+/// "You are using a proxy. If you're having trouble connecting, try a different proxy."
+///
+/// Description in connectivity view when proxy is enabled.
+#define DC_STR_PROXY_ENABLED_DESCRIPTION  221
+
+/// "Messages in this chat use classic email and are not encrypted."
+///
+/// Used as the first info messages in newly created classic email threads.
+#define DC_STR_CHAT_UNENCRYPTED_EXPLANATON 230

 /**
 * @}
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -22,7 +22,7 @@ use std::sync::{Arc, LazyLock};
 use std::time::{Duration, SystemTime};

 use anyhow::Context as _;
-use deltachat::chat::{ChatId, ChatVisibility, MessageListOptions, MuteDuration, ProtectionStatus};
+use deltachat::chat::{ChatId, ChatVisibility, MessageListOptions, MuteDuration};
 use deltachat::constants::DC_MSG_ID_LAST_SPECIAL;
 use deltachat::contact::{Contact, ContactId, Origin};
 use deltachat::context::{Context, ContextBuilder};
@@ -39,7 +39,6 @@ use deltachat_jsonrpc::api::CommandApi;
 use deltachat_jsonrpc::yerpc::{OutReceiver, RpcClient, RpcSession};
 use message::Viewtype;
 use num_traits::{FromPrimitive, ToPrimitive};
-use rand::Rng;
 use tokio::runtime::Runtime;
 use tokio::sync::RwLock;
 use tokio::task::JoinHandle;
@@ -101,7 +100,7 @@ pub unsafe extern "C" fn dc_context_new(

    let ctx = if blobdir.is_null() || *blobdir == 0 {
        // generate random ID as this functionality is not yet available on the C-api.
-        let id = rand::thread_rng().gen();
+        let id = rand::random();
        block_on(
            ContextBuilder::new(as_path(dbfile).to_path_buf())
                .with_id(id)
@@ -129,7 +128,7 @@ pub unsafe extern "C" fn dc_context_new_closed(dbfile: *const libc::c_char) -> *
        return ptr::null_mut();
    }

-    let id = rand::thread_rng().gen();
+    let id = rand::random();
    match block_on(
        ContextBuilder::new(as_path(dbfile).to_path_buf())
            .with_id(id)
@@ -560,6 +559,7 @@ pub unsafe extern "C" fn dc_event_get_id(event: *mut dc_event_t) -> libc::c_int
        EventType::IncomingCallAccepted { .. } => 2560,
        EventType::OutgoingCallAccepted { .. } => 2570,
        EventType::CallEnded { .. } => 2580,
+        EventType::TransportsModified => 2600,
        #[allow(unreachable_patterns)]
        #[cfg(test)]
        _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
@@ -594,7 +594,8 @@ pub unsafe extern "C" fn dc_event_get_data1_int(event: *mut dc_event_t) -> libc:
        | EventType::AccountsBackgroundFetchDone
        | EventType::ChatlistChanged
        | EventType::AccountsChanged
-        | EventType::AccountsItemChanged => 0,
+        | EventType::AccountsItemChanged
+        | EventType::TransportsModified => 0,
        EventType::IncomingReaction { contact_id, .. }
        | EventType::IncomingWebxdcNotify { contact_id, .. } => contact_id.to_u32() as libc::c_int,
        EventType::MsgsChanged { chat_id, .. }
@@ -682,7 +683,8 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::IncomingCallAccepted { .. }
        | EventType::OutgoingCallAccepted { .. }
        | EventType::CallEnded { .. }
-        | EventType::EventChannelOverflow { .. } => 0,
+        | EventType::EventChannelOverflow { .. }
+        | EventType::TransportsModified => 0,
        EventType::MsgsChanged { msg_id, .. }
        | EventType::ReactionsChanged { msg_id, .. }
        | EventType::IncomingReaction { msg_id, .. }
@@ -781,7 +783,8 @@ pub unsafe extern "C" fn dc_event_get_data2_str(event: *mut dc_event_t) -> *mut
        | EventType::AccountsChanged
        | EventType::AccountsItemChanged
        | EventType::IncomingCallAccepted { .. }
-        | EventType::WebxdcRealtimeAdvertisementReceived { .. } => ptr::null_mut(),
+        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
+        | EventType::TransportsModified => ptr::null_mut(),
        EventType::IncomingCall {
            place_call_info, ..
        } => {
@@ -1721,7 +1724,7 @@ pub unsafe extern "C" fn dc_get_chat(context: *mut dc_context_t, chat_id: u32) -
 #[no_mangle]
 pub unsafe extern "C" fn dc_create_group_chat(
    context: *mut dc_context_t,
-    protect: libc::c_int,
+    _protect: libc::c_int,
    name: *const libc::c_char,
 ) -> u32 {
    if context.is_null() || name.is_null() {
@@ -1729,22 +1732,12 @@ pub unsafe extern "C" fn dc_create_group_chat(
        return 0;
    }
    let ctx = &*context;
-    let Some(protect) = ProtectionStatus::from_i32(protect)
-        .context("Bad protect-value for dc_create_group_chat()")
-        .log_err(ctx)
-        .ok()
-    else {
-        return 0;
-    };

-    block_on(async move {
-        chat::create_group_chat(ctx, protect, &to_string_lossy(name))
-            .await
-            .context("Failed to create group chat")
-            .log_err(ctx)
-            .map(|id| id.to_u32())
-            .unwrap_or(0)
-    })
+    block_on(chat::create_group(ctx, &to_string_lossy(name)))
+        .context("Failed to create group chat")
+        .log_err(ctx)
+        .map(|id| id.to_u32())
+        .unwrap_or(0)
 }

 #[no_mangle]
@@ -3206,13 +3199,8 @@ pub unsafe extern "C" fn dc_chat_can_send(chat: *mut dc_chat_t) -> libc::c_int {
 }

 #[no_mangle]
-pub unsafe extern "C" fn dc_chat_is_protected(chat: *mut dc_chat_t) -> libc::c_int {
-    if chat.is_null() {
-        eprintln!("ignoring careless call to dc_chat_is_protected()");
-        return 0;
-    }
-    let ffi_chat = &*chat;
-    ffi_chat.chat.is_protected() as libc::c_int
+pub extern "C" fn dc_chat_is_protected(_chat: *mut dc_chat_t) -> libc::c_int {
+    0
 }

 #[no_mangle]
@@ -4256,7 +4244,17 @@ pub unsafe extern "C" fn dc_contact_get_color(contact: *mut dc_contact_t) -> u32
        return 0;
    }
    let ffi_contact = &*contact;
-    ffi_contact.contact.get_color()
+    let ctx = &*ffi_contact.context;
+    block_on(async move {
+        ffi_contact
+            .contact
+            // We don't want any UIs displaying gray self-color.
+            .get_or_gen_color(ctx)
+            .await
+            .context("Contact::get_color()")
+            .log_err(ctx)
+            .unwrap_or(0)
+    })
 }

 #[no_mangle]
@@ -4661,13 +4659,9 @@ pub unsafe extern "C" fn dc_provider_new_from_email(

    let ctx = &*context;

-    match block_on(provider::get_provider_info_by_addr(
-        ctx,
-        addr.as_str(),
-        true,
-    ))
-    .log_err(ctx)
-    .unwrap_or_default()
+    match provider::get_provider_info_by_addr(addr.as_str())
+        .log_err(ctx)
+        .unwrap_or_default()
    {
        Some(provider) => provider,
        None => ptr::null_mut(),
@@ -4686,25 +4680,13 @@ pub unsafe extern "C" fn dc_provider_new_from_email_with_dns(
    let addr = to_string_lossy(addr);

    let ctx = &*context;
-    let proxy_enabled = block_on(ctx.get_config_bool(config::Config::ProxyEnabled))
-        .context("Can't get config")
-        .log_err(ctx);

-    match proxy_enabled {
-        Ok(proxy_enabled) => {
-            match block_on(provider::get_provider_info_by_addr(
-                ctx,
-                addr.as_str(),
-                proxy_enabled,
-            ))
-            .log_err(ctx)
-            .unwrap_or_default()
-            {
-                Some(provider) => provider,
-                None => ptr::null_mut(),
-            }
-        }
-        Err(_) => ptr::null_mut(),
+    match provider::get_provider_info_by_addr(addr.as_str())
+        .log_err(ctx)
+        .unwrap_or_default()
+    {
+        Some(provider) => provider,
+        None => ptr::null_mut(),
    }
 }

@@ -5049,6 +5031,17 @@ pub unsafe extern "C" fn dc_accounts_background_fetch(
    1
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_accounts_stop_background_fetch(accounts: *mut dc_accounts_t) {
+    if accounts.is_null() {
+        eprintln!("ignoring careless call to dc_accounts_stop_background_fetch()");
+        return;
+    }
+
+    let accounts = &*accounts;
+    block_on(accounts.read()).stop_background_fetch();
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_accounts_set_push_device_token(
    accounts: *mut dc_accounts_t,
--- a/deltachat-ffi/src/lot.rs
+++ b/deltachat-ffi/src/lot.rs
@@ -45,6 +45,7 @@ impl Lot {
            Self::Qr(qr) => match qr {
                Qr::AskVerifyContact { .. } => None,
                Qr::AskVerifyGroup { grpname, .. } => Some(Cow::Borrowed(grpname)),
+                Qr::AskJoinBroadcast { name, .. } => Some(Cow::Borrowed(name)),
                Qr::FprOk { .. } => None,
                Qr::FprMismatch { .. } => None,
                Qr::FprWithoutAddr { fingerprint, .. } => Some(Cow::Borrowed(fingerprint)),
@@ -57,8 +58,10 @@ impl Lot {
                Qr::Text { text } => Some(Cow::Borrowed(text)),
                Qr::WithdrawVerifyContact { .. } => None,
                Qr::WithdrawVerifyGroup { grpname, .. } => Some(Cow::Borrowed(grpname)),
+                Qr::WithdrawJoinBroadcast { name, .. } => Some(Cow::Borrowed(name)),
                Qr::ReviveVerifyContact { .. } => None,
                Qr::ReviveVerifyGroup { grpname, .. } => Some(Cow::Borrowed(grpname)),
+                Qr::ReviveJoinBroadcast { name, .. } => Some(Cow::Borrowed(name)),
                Qr::Login { address, .. } => Some(Cow::Borrowed(address)),
            },
            Self::Error(err) => Some(Cow::Borrowed(err)),
@@ -98,6 +101,7 @@ impl Lot {
            Self::Qr(qr) => match qr {
                Qr::AskVerifyContact { .. } => LotState::QrAskVerifyContact,
                Qr::AskVerifyGroup { .. } => LotState::QrAskVerifyGroup,
+                Qr::AskJoinBroadcast { .. } => LotState::QrAskJoinBroadcast,
                Qr::FprOk { .. } => LotState::QrFprOk,
                Qr::FprMismatch { .. } => LotState::QrFprMismatch,
                Qr::FprWithoutAddr { .. } => LotState::QrFprWithoutAddr,
@@ -110,8 +114,10 @@ impl Lot {
                Qr::Text { .. } => LotState::QrText,
                Qr::WithdrawVerifyContact { .. } => LotState::QrWithdrawVerifyContact,
                Qr::WithdrawVerifyGroup { .. } => LotState::QrWithdrawVerifyGroup,
+                Qr::WithdrawJoinBroadcast { .. } => LotState::QrWithdrawJoinBroadcast,
                Qr::ReviveVerifyContact { .. } => LotState::QrReviveVerifyContact,
                Qr::ReviveVerifyGroup { .. } => LotState::QrReviveVerifyGroup,
+                Qr::ReviveJoinBroadcast { .. } => LotState::QrReviveJoinBroadcast,
                Qr::Login { .. } => LotState::QrLogin,
            },
            Self::Error(_err) => LotState::QrError,
@@ -124,6 +130,7 @@ impl Lot {
            Self::Qr(qr) => match qr {
                Qr::AskVerifyContact { contact_id, .. } => contact_id.to_u32(),
                Qr::AskVerifyGroup { .. } => Default::default(),
+                Qr::AskJoinBroadcast { .. } => Default::default(),
                Qr::FprOk { contact_id } => contact_id.to_u32(),
                Qr::FprMismatch { contact_id } => contact_id.unwrap_or_default().to_u32(),
                Qr::FprWithoutAddr { .. } => Default::default(),
@@ -135,9 +142,11 @@ impl Lot {
                Qr::Url { .. } => Default::default(),
                Qr::Text { .. } => Default::default(),
                Qr::WithdrawVerifyContact { contact_id, .. } => contact_id.to_u32(),
-                Qr::WithdrawVerifyGroup { .. } => Default::default(),
+                Qr::WithdrawVerifyGroup { .. } | Qr::WithdrawJoinBroadcast { .. } => {
+                    Default::default()
+                }
                Qr::ReviveVerifyContact { contact_id, .. } => contact_id.to_u32(),
-                Qr::ReviveVerifyGroup { .. } => Default::default(),
+                Qr::ReviveVerifyGroup { .. } | Qr::ReviveJoinBroadcast { .. } => Default::default(),
                Qr::Login { .. } => Default::default(),
            },
            Self::Error(_) => Default::default(),
@@ -166,6 +175,9 @@ pub enum LotState {
    /// text1=groupname
    QrAskVerifyGroup = 202,

+    /// text1=broadcast_name
+    QrAskJoinBroadcast = 204,
+
    /// id=contact
    QrFprOk = 210,

@@ -201,11 +213,15 @@ pub enum LotState {

    /// text1=groupname
    QrWithdrawVerifyGroup = 502,
+    /// text1=broadcast channel name
+    QrWithdrawJoinBroadcast = 504,

    QrReviveVerifyContact = 510,

    /// text1=groupname
    QrReviveVerifyGroup = 512,
+    /// text1=groupname
+    QrReviveJoinBroadcast = 514,

    /// text1=email_address
    QrLogin = 520,
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.21.0"
+version = "2.30.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -12,7 +12,6 @@ use deltachat::calls::ice_servers;
 use deltachat::chat::{
    self, add_contact_to_chat, forward_msgs, get_chat_media, get_chat_msgs, get_chat_msgs_ex,
    marknoticed_chat, remove_contact_from_chat, Chat, ChatId, ChatItem, MessageListOptions,
-    ProtectionStatus,
 };
 use deltachat::chatlist::Chatlist;
 use deltachat::config::Config;
@@ -22,9 +21,9 @@ use deltachat::context::get_info;
 use deltachat::ephemeral::Timer;
 use deltachat::imex;
 use deltachat::location;
-use deltachat::message::get_msg_read_receipts;
 use deltachat::message::{
-    self, delete_msgs_ex, markseen_msgs, Message, MessageState, MsgId, Viewtype,
+    self, delete_msgs_ex, get_existing_msg_ids, get_msg_read_receipts, markseen_msgs, Message,
+    MessageState, MsgId, Viewtype,
 };
 use deltachat::peer_channels::{
    leave_webxdc_realtime, send_webxdc_realtime_advertisement, send_webxdc_realtime_data,
@@ -35,6 +34,7 @@ use deltachat::qr_code_generator::{generate_backup_qr, get_securejoin_qr_svg};
 use deltachat::reaction::{get_msg_reactions, send_reaction};
 use deltachat::securejoin;
 use deltachat::stock_str::StockMessage;
+use deltachat::storage_usage::get_storage_usage;
 use deltachat::webxdc::StatusUpdateSerial;
 use deltachat::EventEmitter;
 use sanitize_filename::is_sanitized;
@@ -54,20 +54,21 @@ use types::contact::{ContactObject, VcardContact};
 use types::events::Event;
 use types::http::HttpResponse;
 use types::message::{MessageData, MessageObject, MessageReadReceipt};
+use types::notify_state::JsonrpcNotifyState;
 use types::provider_info::ProviderInfo;
-use types::reactions::JSONRPCReactions;
+use types::reactions::JsonrpcReactions;
 use types::webxdc::WebxdcMessageInfo;

 use self::types::message::{MessageInfo, MessageLoadResult};
 use self::types::{
-    chat::{BasicChat, JSONRPCChatVisibility, MuteDuration},
+    chat::{BasicChat, JsonrpcChatVisibility, MuteDuration},
    location::JsonrpcLocation,
    message::{
-        JSONRPCMessageListItem, MessageNotificationInfo, MessageSearchResult, MessageViewtype,
+        JsonrpcMessageListItem, MessageNotificationInfo, MessageSearchResult, MessageViewtype,
    },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
-use crate::api::types::qr::QrObject;
+use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};

 #[derive(Debug)]
 struct AccountState {
@@ -120,14 +121,14 @@ impl CommandApi {
        }
    }

+    async fn get_context_opt(&self, id: u32) -> Option<deltachat::context::Context> {
+        self.accounts.read().await.get_account(id)
+    }
+
    async fn get_context(&self, id: u32) -> Result<deltachat::context::Context> {
-        let sc = self
-            .accounts
-            .read()
+        self.get_context_opt(id)
            .await
-            .get_account(id)
-            .ok_or_else(|| anyhow!("account with id {id} not found"))?;
-        Ok(sc)
+            .ok_or_else(|| anyhow!("account with id {id} not found"))
    }

    async fn with_state<F, T>(&self, id: u32, with_state: F) -> T
@@ -273,7 +274,7 @@ impl CommandApi {
    /// The `AccountsBackgroundFetchDone` event is emitted at the end even in case of timeout.
    /// Process all events until you get this one and you can safely return to the background
    /// without forgetting to create notifications caused by timing race conditions.
-    async fn accounts_background_fetch(&self, timeout_in_seconds: f64) -> Result<()> {
+    async fn background_fetch(&self, timeout_in_seconds: f64) -> Result<()> {
        let future = {
            let lock = self.accounts.read().await;
            lock.background_fetch(std::time::Duration::from_secs_f64(timeout_in_seconds))
@@ -283,6 +284,11 @@ impl CommandApi {
        Ok(())
    }

+    async fn stop_background_fetch(&self) -> Result<()> {
+        self.accounts.read().await.stop_background_fetch();
+        Ok(())
+    }
+
    // ---------------------------------------------
    // Methods that work on individual accounts
    // ---------------------------------------------
@@ -313,6 +319,12 @@ impl CommandApi {
        }
    }

+    /// Get the current push notification state.
+    async fn get_push_state(&self, account_id: u32) -> Result<JsonrpcNotifyState> {
+        let ctx = self.get_context(account_id).await?;
+        Ok(ctx.push_state().await.into())
+    }
+
    /// Get the combined filesize of an account in bytes
    async fn get_account_file_size(&self, account_id: u32) -> Result<u64> {
        let ctx = self.get_context(account_id).await?;
@@ -336,21 +348,10 @@ impl CommandApi {
    /// instead of the domain.
    async fn get_provider_info(
        &self,
-        account_id: u32,
+        _account_id: u32,
        email: String,
    ) -> Result<Option<ProviderInfo>> {
-        let ctx = self.get_context(account_id).await?;
-
-        let proxy_enabled = ctx
-            .get_config_bool(deltachat::config::Config::ProxyEnabled)
-            .await?;
-
-        let provider_info = get_provider_info(
-            &ctx,
-            email.split('@').next_back().unwrap_or(""),
-            proxy_enabled,
-        )
-        .await;
+        let provider_info = get_provider_info(email.split('@').next_back().unwrap_or(""));
        Ok(ProviderInfo::from_dc_type(provider_info))
    }

@@ -366,6 +367,13 @@ impl CommandApi {
        ctx.get_info().await
    }

+    /// Get storage usage report as formatted string
+    async fn get_storage_usage_report_string(&self, account_id: u32) -> Result<String> {
+        let ctx = self.get_context(account_id).await?;
+        let storage_usage = get_storage_usage(&ctx).await?;
+        Ok(storage_usage.to_string())
+    }
+
    /// Get the blob dir.
    async fn get_blob_dir(&self, account_id: u32) -> Result<Option<String>> {
        let ctx = self.get_context(account_id).await?;
@@ -393,11 +401,6 @@ impl CommandApi {
        Ok(BlobObject::create_and_deduplicate(&ctx, file, file)?.to_abs_path())
    }

-    async fn draft_self_report(&self, account_id: u32) -> Result<u32> {
-        let ctx = self.get_context(account_id).await?;
-        Ok(ctx.draft_self_report().await?.to_u32())
-    }
-
    /// Sets the given configuration key.
    async fn set_config(&self, account_id: u32, key: String, value: Option<String>) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
@@ -896,6 +899,38 @@ impl CommandApi {
        Ok(chat_id.to_u32())
    }

+    /// Like `secure_join()`, but allows to pass a source and a UI-path.
+    /// You only need this if your UI has an option to send statistics
+    /// to Delta Chat's developers.
+    ///
+    /// **source**: The source where the QR code came from.
+    /// E.g. a link that was clicked inside or outside Delta Chat,
+    /// the "Paste from Clipboard" action,
+    /// the "Load QR code as image" action,
+    /// or a QR code scan.
+    ///
+    /// **uipath**: Which UI path did the user use to arrive at the QR code screen.
+    /// If the SecurejoinSource was ExternalLink or InternalLink,
+    /// pass `None` here, because the QR code screen wasn't even opened.
+    /// ```
+    async fn secure_join_with_ux_info(
+        &self,
+        account_id: u32,
+        qr: String,
+        source: Option<SecurejoinSource>,
+        uipath: Option<SecurejoinUiPath>,
+    ) -> Result<u32> {
+        let ctx = self.get_context(account_id).await?;
+        let chat_id = securejoin::join_securejoin_with_ux_info(
+            &ctx,
+            &qr,
+            source.map(Into::into),
+            uipath.map(Into::into),
+        )
+        .await?;
+        Ok(chat_id.to_u32())
+    }
+
    async fn leave_group(&self, account_id: u32, chat_id: u32) -> Result<()> {
        let ctx = self.get_context(account_id).await?;
        remove_contact_from_chat(&ctx, ChatId::new(chat_id), ContactId::SELF).await
@@ -979,17 +1014,16 @@ impl CommandApi {
    /// To check, if a chat is still unpromoted, you can look at the `is_unpromoted` property of `BasicChat` or `FullChat`.
    /// This may be useful if you want to show some help for just created groups.
    ///
-    /// @param protect If set to 1 the function creates group with protection initially enabled.
-    ///     Only verified members are allowed in these groups
-    async fn create_group_chat(&self, account_id: u32, name: String, protect: bool) -> Result<u32> {
+    /// `protect` argument is deprecated as of 2025-10-22 and is left for compatibility.
+    /// Pass `false` here.
+    async fn create_group_chat(
+        &self,
+        account_id: u32,
+        name: String,
+        _protect: bool,
+    ) -> Result<u32> {
        let ctx = self.get_context(account_id).await?;
-        let protect = match protect {
-            true => ProtectionStatus::Protected,
-            false => ProtectionStatus::Unprotected,
-        };
-        chat::create_group_ex(&ctx, Some(protect), &name)
-            .await
-            .map(|id| id.to_u32())
+        chat::create_group(&ctx, &name).await.map(|id| id.to_u32())
    }

    /// Create a new unencrypted group chat.
@@ -998,7 +1032,7 @@ impl CommandApi {
    /// address-contacts.
    async fn create_group_chat_unencrypted(&self, account_id: u32, name: String) -> Result<u32> {
        let ctx = self.get_context(account_id).await?;
-        chat::create_group_ex(&ctx, None, &name)
+        chat::create_group_unencrypted(&ctx, &name)
            .await
            .map(|id| id.to_u32())
    }
@@ -1009,7 +1043,7 @@ impl CommandApi {
            .await
    }

-    /// Create a new **broadcast channel**
+    /// Create a new, outgoing **broadcast channel**
    /// (called "Channel" in the UI).
    ///
    /// Broadcast channels are similar to groups on the sending device,
@@ -1070,7 +1104,7 @@ impl CommandApi {
        &self,
        account_id: u32,
        chat_id: u32,
-        visibility: JSONRPCChatVisibility,
+        visibility: JsonrpcChatVisibility,
    ) -> Result<()> {
        let ctx = self.get_context(account_id).await?;

@@ -1269,13 +1303,31 @@ impl CommandApi {
            .collect())
    }

+    /// Checks if the messages with given IDs exist.
+    ///
+    /// Returns IDs of existing messages.
+    async fn get_existing_msg_ids(&self, account_id: u32, msg_ids: Vec<u32>) -> Result<Vec<u32>> {
+        if let Some(context) = self.get_context_opt(account_id).await {
+            let msg_ids: Vec<MsgId> = msg_ids.into_iter().map(MsgId::new).collect();
+            let existing_msg_ids = get_existing_msg_ids(&context, &msg_ids).await?;
+            Ok(existing_msg_ids
+                .into_iter()
+                .map(|msg_id| msg_id.to_u32())
+                .collect())
+        } else {
+            // Account does not exist, so messages do not exist either,
+            // but this is not an error.
+            Ok(Vec::new())
+        }
+    }
+
    async fn get_message_list_items(
        &self,
        account_id: u32,
        chat_id: u32,
        info_only: bool,
        add_daymarker: bool,
-    ) -> Result<Vec<JSONRPCMessageListItem>> {
+    ) -> Result<Vec<JsonrpcMessageListItem>> {
        let ctx = self.get_context(account_id).await?;
        let msg = get_chat_msgs_ex(
            &ctx,
@@ -1289,7 +1341,7 @@ impl CommandApi {
        Ok(msg
            .iter()
            .map(|chat_item| (*chat_item).into())
-            .collect::<Vec<JSONRPCMessageListItem>>())
+            .collect::<Vec<JsonrpcMessageListItem>>())
    }

    async fn get_message(&self, account_id: u32, msg_id: u32) -> Result<MessageObject> {
@@ -2210,7 +2262,7 @@ impl CommandApi {
        &self,
        account_id: u32,
        message_id: u32,
-    ) -> Result<Option<JSONRPCReactions>> {
+    ) -> Result<Option<JsonrpcReactions>> {
        let ctx = self.get_context(account_id).await?;
        let reactions = get_msg_reactions(&ctx, MsgId::new(message_id)).await?;
        if reactions.is_empty() {
--- a/deltachat-jsonrpc/src/api/types/account.rs
+++ b/deltachat-jsonrpc/src/api/types/account.rs
@@ -15,7 +15,7 @@ pub enum Account {
        display_name: Option<String>,
        addr: Option<String>,
        // size: u32,
-        profile_image: Option<String>, // TODO: This needs to be converted to work with blob http server.
+        profile_image: Option<String>,
        color: String,
        /// Optional tag as "Work", "Family".
        /// Meant to help profile owner to differ between profiles with similar names.
@@ -32,7 +32,10 @@ impl Account {
            let addr = ctx.get_config(Config::Addr).await?;
            let profile_image = ctx.get_config(Config::Selfavatar).await?;
            let color = color_int_to_hex_string(
-                Contact::get_by_id(ctx, ContactId::SELF).await?.get_color(),
+                Contact::get_by_id(ctx, ContactId::SELF)
+                    .await?
+                    .get_or_gen_color(ctx)
+                    .await?,
            );
            let private_tag = ctx.get_config(Config::PrivateTag).await?;
            Ok(Account::Configured {
--- a/deltachat-jsonrpc/src/api/types/chat.rs
+++ b/deltachat-jsonrpc/src/api/types/chat.rs
@@ -6,7 +6,6 @@ use deltachat::chat::{Chat, ChatId};
 use deltachat::constants::Chattype;
 use deltachat::contact::{Contact, ContactId};
 use deltachat::context::Context;
-use num_traits::cast::ToPrimitive;
 use serde::{Deserialize, Serialize};
 use typescript_type_def::TypeDef;

@@ -19,18 +18,6 @@ pub struct FullChat {
    id: u32,
    name: String,

-    /// True if the chat is protected.
-    ///
-    /// Only verified contacts
-    /// as determined by [`ContactObject::is_verified`] / `Contact.isVerified`
-    /// can be added to protected chats.
-    ///
-    /// Protected chats are created using [`create_group_chat`] / `createGroupChat()`
-    /// by setting the 'protect' parameter to true.
-    ///
-    /// [`create_group_chat`]: crate::api::CommandApi::create_group_chat
-    is_protected: bool,
-
    /// True if the chat is encrypted.
    /// This means that all messages in the chat are encrypted,
    /// and all contacts in the chat are "key-contacts",
@@ -58,7 +45,7 @@ pub struct FullChat {
    archived: bool,
    pinned: bool,
    // subtitle  - will be moved to frontend because it uses translation functions
-    chat_type: u32,
+    chat_type: JsonrpcChatType,
    is_unpromoted: bool,
    is_self_talk: bool,
    contacts: Vec<ContactObject>,
@@ -73,9 +60,16 @@ pub struct FullChat {
    is_contact_request: bool,

    is_device_chat: bool,
+    /// Note that this is different from
+    /// [`ChatListItem::is_self_in_group`](`crate::api::types::chat_list::ChatListItemFetchResult::ChatListItem::is_self_in_group`).
+    /// This property should only be accessed
+    /// when [`FullChat::chat_type`] is [`Chattype::Group`].
+    //
+    // We could utilize [`Chat::is_self_in_chat`],
+    // but that would be an extra DB query.
    self_in_group: bool,
    is_muted: bool,
-    ephemeral_timer: u32, //TODO look if there are more important properties in newer core versions
+    ephemeral_timer: u32,
    can_send: bool,
    was_seen_recently: bool,
    mailing_list_address: Option<String>,
@@ -131,12 +125,11 @@ impl FullChat {
        Ok(FullChat {
            id: chat_id,
            name: chat.name.clone(),
-            is_protected: chat.is_protected(),
            is_encrypted: chat.is_encrypted(context).await?,
            profile_image, //BLOBS ?
            archived: chat.get_visibility() == chat::ChatVisibility::Archived,
            pinned: chat.get_visibility() == chat::ChatVisibility::Pinned,
-            chat_type: chat.get_type().to_u32().context("unknown chat type id")?,
+            chat_type: chat.get_type().into(),
            is_unpromoted: chat.is_unpromoted(),
            is_self_talk: chat.is_self_talk(),
            contacts,
@@ -172,18 +165,6 @@ pub struct BasicChat {
    id: u32,
    name: String,

-    /// True if the chat is protected.
-    ///
-    /// UI should display a green checkmark
-    /// in the chat title,
-    /// in the chat profile title and
-    /// in the chatlist item
-    /// if chat protection is enabled.
-    /// UI should also display a green checkmark
-    /// in the contact profile
-    /// if 1:1 chat with this contact exists and is protected.
-    is_protected: bool,
-
    /// True if the chat is encrypted.
    /// This means that all messages in the chat are encrypted,
    /// and all contacts in the chat are "key-contacts",
@@ -210,7 +191,7 @@ pub struct BasicChat {
    profile_image: Option<String>, //BLOBS ?
    archived: bool,
    pinned: bool,
-    chat_type: u32,
+    chat_type: JsonrpcChatType,
    is_unpromoted: bool,
    is_self_talk: bool,
    color: String,
@@ -234,12 +215,11 @@ impl BasicChat {
        Ok(BasicChat {
            id: chat_id,
            name: chat.name.clone(),
-            is_protected: chat.is_protected(),
            is_encrypted: chat.is_encrypted(context).await?,
            profile_image, //BLOBS ?
            archived: chat.get_visibility() == chat::ChatVisibility::Archived,
            pinned: chat.get_visibility() == chat::ChatVisibility::Pinned,
-            chat_type: chat.get_type().to_u32().context("unknown chat type id")?,
+            chat_type: chat.get_type().into(),
            is_unpromoted: chat.is_unpromoted(),
            is_self_talk: chat.is_self_talk(),
            color,
@@ -278,18 +258,52 @@ impl MuteDuration {

 #[derive(Clone, Serialize, Deserialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename = "ChatVisibility")]
-pub enum JSONRPCChatVisibility {
+pub enum JsonrpcChatVisibility {
    Normal,
    Archived,
    Pinned,
 }

-impl JSONRPCChatVisibility {
+impl JsonrpcChatVisibility {
    pub fn into_core_type(self) -> ChatVisibility {
        match self {
-            JSONRPCChatVisibility::Normal => ChatVisibility::Normal,
-            JSONRPCChatVisibility::Archived => ChatVisibility::Archived,
-            JSONRPCChatVisibility::Pinned => ChatVisibility::Pinned,
+            JsonrpcChatVisibility::Normal => ChatVisibility::Normal,
+            JsonrpcChatVisibility::Archived => ChatVisibility::Archived,
+            JsonrpcChatVisibility::Pinned => ChatVisibility::Pinned,
+        }
+    }
+}
+
+#[derive(Clone, Serialize, Deserialize, PartialEq, TypeDef, schemars::JsonSchema)]
+#[serde(rename = "ChatType")]
+pub enum JsonrpcChatType {
+    Single,
+    Group,
+    Mailinglist,
+    OutBroadcast,
+    InBroadcast,
+}
+
+impl From<Chattype> for JsonrpcChatType {
+    fn from(chattype: Chattype) -> Self {
+        match chattype {
+            Chattype::Single => JsonrpcChatType::Single,
+            Chattype::Group => JsonrpcChatType::Group,
+            Chattype::Mailinglist => JsonrpcChatType::Mailinglist,
+            Chattype::OutBroadcast => JsonrpcChatType::OutBroadcast,
+            Chattype::InBroadcast => JsonrpcChatType::InBroadcast,
+        }
+    }
+}
+
+impl From<JsonrpcChatType> for Chattype {
+    fn from(chattype: JsonrpcChatType) -> Self {
+        match chattype {
+            JsonrpcChatType::Single => Chattype::Single,
+            JsonrpcChatType::Group => Chattype::Group,
+            JsonrpcChatType::Mailinglist => Chattype::Mailinglist,
+            JsonrpcChatType::OutBroadcast => Chattype::OutBroadcast,
+            JsonrpcChatType::InBroadcast => Chattype::InBroadcast,
        }
    }
 }
--- a/deltachat-jsonrpc/src/api/types/chat_list.rs
+++ b/deltachat-jsonrpc/src/api/types/chat_list.rs
@@ -2,7 +2,7 @@ use anyhow::{Context, Result};
 use deltachat::chat::{Chat, ChatId};
 use deltachat::chatlist::get_last_message_for_chat;
 use deltachat::constants::*;
-use deltachat::contact::{Contact, ContactId};
+use deltachat::contact::Contact;
 use deltachat::{
    chat::{get_chat_contacts, ChatVisibility},
    chatlist::Chatlist,
@@ -11,6 +11,7 @@ use num_traits::cast::ToPrimitive;
 use serde::Serialize;
 use typescript_type_def::TypeDef;

+use super::chat::JsonrpcChatType;
 use super::color_int_to_hex_string;
 use super::message::MessageViewtype;

@@ -23,14 +24,13 @@ pub enum ChatListItemFetchResult {
        name: String,
        avatar_path: Option<String>,
        color: String,
-        chat_type: u32,
+        chat_type: JsonrpcChatType,
        last_updated: Option<i64>,
        summary_text1: String,
        summary_text2: String,
        summary_status: u32,
        /// showing preview if last chat message is image
        summary_preview_image: Option<String>,
-        is_protected: bool,

        /// True if the chat is encrypted.
        /// This means that all messages in the chat are encrypted,
@@ -127,11 +127,8 @@ pub(crate) async fn get_chat_list_item_by_id(
        None => (None, None),
    };

-    let chat_contacts = get_chat_contacts(ctx, chat_id).await?;
-
-    let self_in_group = chat_contacts.contains(&ContactId::SELF);
-
    let (dm_chat_contact, was_seen_recently) = if chat.get_type() == Chattype::Single {
+        let chat_contacts = get_chat_contacts(ctx, chat_id).await?;
        let contact = chat_contacts.first();
        let was_seen_recently = match contact {
            Some(contact) => Contact::get_by_id(ctx, *contact)
@@ -155,19 +152,18 @@ pub(crate) async fn get_chat_list_item_by_id(
        name: chat.get_name().to_owned(),
        avatar_path,
        color,
-        chat_type: chat.get_type().to_u32().context("unknown chat type id")?,
+        chat_type: chat.get_type().into(),
        last_updated,
        summary_text1,
        summary_text2,
        summary_status: summary.state.to_u32().expect("impossible"), // idea and a function to transform the constant to strings? or return string enum
        summary_preview_image,
-        is_protected: chat.is_protected(),
        is_encrypted: chat.is_encrypted(ctx).await?,
        is_group: chat.get_type() == Chattype::Group,
        fresh_message_counter,
        is_self_talk: chat.is_self_talk(),
        is_device_talk: chat.is_device_talk(),
-        is_self_in_group: self_in_group,
+        is_self_in_group: chat.is_self_in_chat(ctx).await?,
        is_sending_location: chat.is_sending_locations(),
        is_archived: visibility == ChatVisibility::Archived,
        is_pinned: visibility == ChatVisibility::Pinned,
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -1,8 +1,9 @@
 use deltachat::{Event as CoreEvent, EventType as CoreEventType};
-use num_traits::ToPrimitive;
 use serde::Serialize;
 use typescript_type_def::TypeDef;

+use super::chat::JsonrpcChatType;
+
 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct Event {
@@ -307,7 +308,7 @@ pub enum EventType {
        /// The type of the joined chat.
        /// This can take the same values
        /// as `BasicChat.chatType` ([`crate::api::types::chat::BasicChat::chat_type`]).
-        chat_type: u32,
+        chat_type: JsonrpcChatType,
        /// ID of the chat in case of success.
        chat_id: u32,

@@ -459,6 +460,15 @@ pub enum EventType {
        /// ID of the chat which the message belongs to.
        chat_id: u32,
    },
+
+    /// One or more transports has changed.
+    ///
+    /// This event is used for tests to detect when transport
+    /// synchronization messages arrives.
+    /// UIs don't need to use it, it is unlikely
+    /// that user modifies transports on multiple
+    /// devices simultaneously.
+    TransportsModified,
 }

 impl From<CoreEventType> for EventType {
@@ -570,7 +580,7 @@ impl From<CoreEventType> for EventType {
                progress,
            } => SecurejoinInviterProgress {
                contact_id: contact_id.to_u32(),
-                chat_type: chat_type.to_u32().unwrap_or(0),
+                chat_type: chat_type.into(),
                chat_id: chat_id.to_u32(),
                progress,
            },
@@ -641,6 +651,8 @@ impl From<CoreEventType> for EventType {
                msg_id: msg_id.to_u32(),
                chat_id: chat_id.to_u32(),
            },
+            CoreEventType::TransportsModified => TransportsModified,
+
            #[allow(unreachable_patterns)]
            #[cfg(test)]
            _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -16,9 +16,10 @@ use num_traits::cast::ToPrimitive;
 use serde::{Deserialize, Serialize};
 use typescript_type_def::TypeDef;

+use super::chat::JsonrpcChatType;
 use super::color_int_to_hex_string;
 use super::contact::ContactObject;
-use super::reactions::JSONRPCReactions;
+use super::reactions::JsonrpcReactions;

 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename_all = "camelCase", tag = "kind")]
@@ -102,7 +103,7 @@ pub struct MessageObject {

    saved_message_id: Option<u32>,

-    reactions: Option<JSONRPCReactions>,
+    reactions: Option<JsonrpcReactions>,

    vcard_contact: Option<VcardContact>,
 }
@@ -531,8 +532,7 @@ pub struct MessageSearchResult {
    chat_profile_image: Option<String>,
    chat_color: String,
    chat_name: String,
-    chat_type: u32,
-    is_chat_protected: bool,
+    chat_type: JsonrpcChatType,
    is_chat_contact_request: bool,
    is_chat_archived: bool,
    message: String,
@@ -570,9 +570,8 @@ impl MessageSearchResult {
            chat_id: chat.id.to_u32(),
            chat_name: chat.get_name().to_owned(),
            chat_color,
-            chat_type: chat.get_type().to_u32().context("unknown chat type id")?,
+            chat_type: chat.get_type().into(),
            chat_profile_image,
-            is_chat_protected: chat.is_protected(),
            is_chat_contact_request: chat.is_contact_request(),
            is_chat_archived: chat.get_visibility() == ChatVisibility::Archived,
            message: message.get_text(),
@@ -583,7 +582,7 @@ impl MessageSearchResult {

 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename_all = "camelCase", rename = "MessageListItem", tag = "kind")]
-pub enum JSONRPCMessageListItem {
+pub enum JsonrpcMessageListItem {
    Message {
        msg_id: u32,
    },
@@ -596,13 +595,13 @@ pub enum JSONRPCMessageListItem {
    },
 }

-impl From<ChatItem> for JSONRPCMessageListItem {
+impl From<ChatItem> for JsonrpcMessageListItem {
    fn from(item: ChatItem) -> Self {
        match item {
-            ChatItem::Message { msg_id } => JSONRPCMessageListItem::Message {
+            ChatItem::Message { msg_id } => JsonrpcMessageListItem::Message {
                msg_id: msg_id.to_u32(),
            },
-            ChatItem::DayMarker { timestamp } => JSONRPCMessageListItem::DayMarker { timestamp },
+            ChatItem::DayMarker { timestamp } => JsonrpcMessageListItem::DayMarker { timestamp },
        }
    }
 }
--- a/deltachat-jsonrpc/src/api/types/mod.rs
+++ b/deltachat-jsonrpc/src/api/types/mod.rs
@@ -8,6 +8,7 @@ pub mod http;
 pub mod location;
 pub mod login_param;
 pub mod message;
+pub mod notify_state;
 pub mod provider_info;
 pub mod qr;
 pub mod reactions;
--- a/deltachat-jsonrpc/src/api/types/notify_state.rs
+++ b/deltachat-jsonrpc/src/api/types/notify_state.rs
@@ -0,0 +1,26 @@
+use deltachat::push::NotifyState;
+use serde::Serialize;
+use typescript_type_def::TypeDef;
+
+#[derive(Serialize, TypeDef, schemars::JsonSchema)]
+#[serde(rename = "NotifyState")]
+pub enum JsonrpcNotifyState {
+    /// Not subscribed to push notifications.
+    NotConnected,
+
+    /// Subscribed to heartbeat push notifications.
+    Heartbeat,
+
+    /// Subscribed to push notifications for new messages.
+    Connected,
+}
+
+impl From<NotifyState> for JsonrpcNotifyState {
+    fn from(state: NotifyState) -> Self {
+        match state {
+            NotifyState::NotConnected => Self::NotConnected,
+            NotifyState::Heartbeat => Self::Heartbeat,
+            NotifyState::Connected => Self::Connected,
+        }
+    }
+}
--- a/deltachat-jsonrpc/src/api/types/qr.rs
+++ b/deltachat-jsonrpc/src/api/types/qr.rs
@@ -1,4 +1,5 @@
 use deltachat::qr::Qr;
+use serde::Deserialize;
 use serde::Serialize;
 use typescript_type_def::TypeDef;

@@ -34,6 +35,26 @@ pub enum QrObject {
        /// Authentication code.
        authcode: String,
    },
+    /// Ask the user whether to join the broadcast channel.
+    AskJoinBroadcast {
+        /// The user-visible name of this broadcast channel
+        name: String,
+        /// A string of random characters,
+        /// uniquely identifying this broadcast channel across all databases/clients.
+        /// Called `grpid` for historic reasons:
+        /// The id of multi-user chats is always called `grpid` in the database
+        /// because groups were once the only multi-user chats.
+        grpid: String,
+        /// ID of the contact who owns the broadcast channel and created the QR code.
+        contact_id: u32,
+        /// Fingerprint of the broadcast channel owner's key as scanned from the QR code.
+        fingerprint: String,
+
+        /// Invite number.
+        invitenumber: String,
+        /// Authentication code.
+        authcode: String,
+    },
    /// Contact fingerprint is verified.
    ///
    /// Ask the user if they want to start chatting.
@@ -136,6 +157,21 @@ pub enum QrObject {
        /// Authentication code.
        authcode: String,
    },
+    /// Ask the user if they want to withdraw their own broadcast channel invite QR code.
+    WithdrawJoinBroadcast {
+        /// Broadcast name.
+        name: String,
+        /// ID, uniquely identifying this chat. Called grpid for historic reasons.
+        grpid: String,
+        /// Contact ID. Always `ContactId::SELF`.
+        contact_id: u32,
+        /// Fingerprint of the contact key as scanned from the QR code.
+        fingerprint: String,
+        /// Invite number.
+        invitenumber: String,
+        /// Authentication code.
+        authcode: String,
+    },
    /// Ask the user if they want to revive their own QR code.
    ReviveVerifyContact {
        /// Contact ID.
@@ -162,6 +198,21 @@ pub enum QrObject {
        /// Authentication code.
        authcode: String,
    },
+    /// Ask the user if they want to revive their own broadcast channel invite QR code.
+    ReviveJoinBroadcast {
+        /// Broadcast name.
+        name: String,
+        /// Globally unique chat ID. Called grpid for historic reasons.
+        grpid: String,
+        /// Contact ID. Always `ContactId::SELF`.
+        contact_id: u32,
+        /// Fingerprint of the contact key as scanned from the QR code.
+        fingerprint: String,
+        /// Invite number.
+        invitenumber: String,
+        /// Authentication code.
+        authcode: String,
+    },
    /// `dclogin:` scheme parameters.
    ///
    /// Ask the user if they want to login with the email address.
@@ -207,6 +258,25 @@ impl From<Qr> for QrObject {
                    authcode,
                }
            }
+            Qr::AskJoinBroadcast {
+                name,
+                grpid,
+                contact_id,
+                fingerprint,
+                authcode,
+                invitenumber,
+            } => {
+                let contact_id = contact_id.to_u32();
+                let fingerprint = fingerprint.to_string();
+                QrObject::AskJoinBroadcast {
+                    name,
+                    grpid,
+                    contact_id,
+                    fingerprint,
+                    authcode,
+                    invitenumber,
+                }
+            }
            Qr::FprOk { contact_id } => {
                let contact_id = contact_id.to_u32();
                QrObject::FprOk { contact_id }
@@ -266,6 +336,25 @@ impl From<Qr> for QrObject {
                    authcode,
                }
            }
+            Qr::WithdrawJoinBroadcast {
+                name,
+                grpid,
+                contact_id,
+                fingerprint,
+                invitenumber,
+                authcode,
+            } => {
+                let contact_id = contact_id.to_u32();
+                let fingerprint = fingerprint.to_string();
+                QrObject::WithdrawJoinBroadcast {
+                    name,
+                    grpid,
+                    contact_id,
+                    fingerprint,
+                    invitenumber,
+                    authcode,
+                }
+            }
            Qr::ReviveVerifyContact {
                contact_id,
                fingerprint,
@@ -300,7 +389,76 @@ impl From<Qr> for QrObject {
                    authcode,
                }
            }
+            Qr::ReviveJoinBroadcast {
+                name,
+                grpid,
+                contact_id,
+                fingerprint,
+                invitenumber,
+                authcode,
+            } => {
+                let contact_id = contact_id.to_u32();
+                let fingerprint = fingerprint.to_string();
+                QrObject::ReviveJoinBroadcast {
+                    name,
+                    grpid,
+                    contact_id,
+                    fingerprint,
+                    invitenumber,
+                    authcode,
+                }
+            }
            Qr::Login { address, .. } => QrObject::Login { address },
        }
    }
 }
+
+#[derive(Deserialize, TypeDef, schemars::JsonSchema)]
+pub enum SecurejoinSource {
+    /// Because of some problem, it is unknown where the QR code came from.
+    Unknown,
+    /// The user opened a link somewhere outside Delta Chat
+    ExternalLink,
+    /// The user clicked on a link in a message inside Delta Chat
+    InternalLink,
+    /// The user clicked "Paste from Clipboard" in the QR scan activity
+    Clipboard,
+    /// The user clicked "Load QR code as image" in the QR scan activity
+    ImageLoaded,
+    /// The user scanned a QR code
+    Scan,
+}
+
+#[derive(Deserialize, TypeDef, schemars::JsonSchema)]
+pub enum SecurejoinUiPath {
+    /// The UI path is unknown, or the user didn't open the QR code screen at all.
+    Unknown,
+    /// The user directly clicked on the QR icon in the main screen
+    QrIcon,
+    /// The user first clicked on the `+` button in the main screen,
+    /// and then on "New Contact"
+    NewContact,
+}
+
+impl From<SecurejoinSource> for deltachat::SecurejoinSource {
+    fn from(value: SecurejoinSource) -> Self {
+        match value {
+            SecurejoinSource::Unknown => deltachat::SecurejoinSource::Unknown,
+            SecurejoinSource::ExternalLink => deltachat::SecurejoinSource::ExternalLink,
+            SecurejoinSource::InternalLink => deltachat::SecurejoinSource::InternalLink,
+            SecurejoinSource::Clipboard => deltachat::SecurejoinSource::Clipboard,
+            SecurejoinSource::ImageLoaded => deltachat::SecurejoinSource::ImageLoaded,
+            SecurejoinSource::Scan => deltachat::SecurejoinSource::Scan,
+        }
+    }
+}
+
+impl From<SecurejoinUiPath> for deltachat::SecurejoinUiPath {
+    fn from(value: SecurejoinUiPath) -> Self {
+        match value {
+            SecurejoinUiPath::Unknown => deltachat::SecurejoinUiPath::Unknown,
+            SecurejoinUiPath::QrIcon => deltachat::SecurejoinUiPath::QrIcon,
+            SecurejoinUiPath::NewContact => deltachat::SecurejoinUiPath::NewContact,
+        }
+    }
+}
--- a/deltachat-jsonrpc/src/api/types/reactions.rs
+++ b/deltachat-jsonrpc/src/api/types/reactions.rs
@@ -8,7 +8,7 @@ use typescript_type_def::TypeDef;
 /// A single reaction emoji.
 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename = "Reaction", rename_all = "camelCase")]
-pub struct JSONRPCReaction {
+pub struct JsonrpcReaction {
    /// Emoji.
    emoji: String,

@@ -22,14 +22,14 @@ pub struct JSONRPCReaction {
 /// Structure representing all reactions to a particular message.
 #[derive(Serialize, TypeDef, schemars::JsonSchema)]
 #[serde(rename = "Reactions", rename_all = "camelCase")]
-pub struct JSONRPCReactions {
+pub struct JsonrpcReactions {
    /// Map from a contact to it's reaction to message.
    reactions_by_contact: BTreeMap<u32, Vec<String>>,
    /// Unique reactions and their count, sorted in descending order.
-    reactions: Vec<JSONRPCReaction>,
+    reactions: Vec<JsonrpcReaction>,
 }

-impl From<Reactions> for JSONRPCReactions {
+impl From<Reactions> for JsonrpcReactions {
    fn from(reactions: Reactions) -> Self {
        let mut reactions_by_contact: BTreeMap<u32, Vec<String>> = BTreeMap::new();

@@ -56,7 +56,7 @@ impl From<Reactions> for JSONRPCReactions {
                false
            };

-            let reaction = JSONRPCReaction {
+            let reaction = JsonrpcReaction {
                emoji,
                count,
                is_from_self,
@@ -64,7 +64,7 @@ impl From<Reactions> for JSONRPCReactions {
            reactions_v.push(reaction)
        }

-        JSONRPCReactions {
+        JsonrpcReactions {
            reactions_by_contact,
            reactions: reactions_v,
        }
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.21.0"
+  "version": "2.30.0"
 }
--- a/deltachat-jsonrpc/typescript/scripts/generate-constants.js
+++ b/deltachat-jsonrpc/typescript/scripts/generate-constants.js
@@ -40,15 +40,35 @@ const constants = data
      key.startsWith("DC_DOWNLOAD") ||
      key.startsWith("DC_INFO_") ||
      (key.startsWith("DC_MSG") && !key.startsWith("DC_MSG_ID")) ||
-      key.startsWith("DC_QR_")
+      key.startsWith("DC_QR_") ||
+      key.startsWith("DC_CERTCK_") ||
+      key.startsWith("DC_SOCKET_") ||
+      key.startsWith("DC_LP_AUTH_") ||
+      key.startsWith("DC_PUSH_") ||
+      key.startsWith("DC_TEXT1_") ||
+      key.startsWith("DC_CHAT_TYPE")
    );
  })
  .map((row) => {
-    return `  ${row.key}: ${row.value}`;
+    return `  export const ${row.key} = ${row.value};`;
  })
-  .join(",\n");
+  .join("\n");

 writeFileSync(
  resolve(__dirname, "../generated/constants.ts"),
-  `// Generated!\n\nexport enum C {\n${constants.replace(/:/g, " =")},\n}\n`,
+  `// Generated!
+
+export namespace C {
+${constants}
+  /** @deprecated 10-8-2025 compare string directly with \`== "Group"\` */
+  export const DC_CHAT_TYPE_GROUP = "Group";
+  /** @deprecated 10-8-2025 compare string directly with \`== "InBroadcast"\`*/
+  export const DC_CHAT_TYPE_IN_BROADCAST = "InBroadcast";
+  /** @deprecated 10-8-2025 compare string directly with \`== "Mailinglist"\` */
+  export const DC_CHAT_TYPE_MAILINGLIST = "Mailinglist";
+  /** @deprecated 10-8-2025 compare string directly with \`== "OutBroadcast"\` */
+  export const DC_CHAT_TYPE_OUT_BROADCAST = "OutBroadcast";
+  /** @deprecated 10-8-2025 compare string directly with \`== "Single"\` */
+  export const DC_CHAT_TYPE_SINGLE = "Single";
+}\n`,
 );
--- a/deltachat-jsonrpc/typescript/test/online.ts
+++ b/deltachat-jsonrpc/typescript/test/online.ts
@@ -64,6 +64,7 @@ describe("online tests", function () {
    await dc.rpc.setConfig(accountId1, "addr", account1.email);
    await dc.rpc.setConfig(accountId1, "mail_pw", account1.password);
    await dc.rpc.configure(accountId1);
+    await waitForEvent(dc, "ImapInboxIdle", accountId1);

    accountId2 = await dc.rpc.addAccount();
    await dc.rpc.batchSetConfig(accountId2, {
@@ -71,6 +72,7 @@ describe("online tests", function () {
      mail_pw: account2.password,
    });
    await dc.rpc.configure(accountId2);
+    await waitForEvent(dc, "ImapInboxIdle", accountId2);
    accountsConfigured = true;
  });

--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.21.0"
+version = "2.30.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -6,9 +6,7 @@ use std::str::FromStr;
 use std::time::Duration;

 use anyhow::{bail, ensure, Result};
-use deltachat::chat::{
-    self, Chat, ChatId, ChatItem, ChatVisibility, MuteDuration, ProtectionStatus,
-};
+use deltachat::chat::{self, Chat, ChatId, ChatItem, ChatVisibility, MuteDuration};
 use deltachat::chatlist::*;
 use deltachat::constants::*;
 use deltachat::contact::*;
@@ -72,11 +70,6 @@ async fn reset_tables(context: &Context, bits: i32) {
            .await
            .unwrap();
        context.sql().config_cache().write().await.clear();
-        context
-            .sql()
-            .execute("DELETE FROM leftgrps;", ())
-            .await
-            .unwrap();
        println!("(8) Rest but server config reset.");
    }

@@ -347,7 +340,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 createchat <contact-id>\n\
                 creategroup <name>\n\
                 createbroadcast <name>\n\
-                 createprotected <name>\n\
                 addmember <contact-id>\n\
                 removemember <contact-id>\n\
                 groupname <name>\n\
@@ -563,7 +555,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                for i in (0..cnt).rev() {
                    let chat = Chat::load_from_db(&context, chatlist.get_chat_id(i)?).await?;
                    println!(
-                        "{}#{}: {} [{} fresh] {}{}{}{}",
+                        "{}#{}: {} [{} fresh] {}{}{}",
                        chat_prefix(&chat),
                        chat.get_id(),
                        chat.get_name(),
@@ -574,7 +566,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                            ChatVisibility::Archived => "📦",
                            ChatVisibility::Pinned => "📌",
                        },
-                        if chat.is_protected() { "🛡️" } else { "" },
                        if chat.is_contact_request() {
                            "🆕"
                        } else {
@@ -689,7 +680,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                format!("{} member(s)", members.len())
            };
            println!(
-                "{}#{}: {} [{}]{}{}{} {}",
+                "{}#{}: {} [{}]{}{}{}",
                chat_prefix(sel_chat),
                sel_chat.get_id(),
                sel_chat.get_name(),
@@ -707,11 +698,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                    },
                    _ => "".to_string(),
                },
-                if sel_chat.is_protected() {
-                    "🛡️"
-                } else {
-                    ""
-                },
            );
            log_msglist(&context, &msglist).await?;
            if let Some(draft) = sel_chat.get_id().get_draft(&context).await? {
@@ -740,8 +726,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
        }
        "creategroup" => {
            ensure!(!arg1.is_empty(), "Argument <name> missing.");
-            let chat_id =
-                chat::create_group_chat(&context, ProtectionStatus::Unprotected, arg1).await?;
+            let chat_id = chat::create_group(&context, arg1).await?;

            println!("Group#{chat_id} created successfully.");
        }
@@ -751,13 +736,6 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu

            println!("Broadcast#{chat_id} created successfully.");
        }
-        "createprotected" => {
-            ensure!(!arg1.is_empty(), "Argument <name> missing.");
-            let chat_id =
-                chat::create_group_chat(&context, ProtectionStatus::Protected, arg1).await?;
-
-            println!("Group#{chat_id} created and protected successfully.");
-        }
        "addmember" => {
            ensure!(sel_chat.is_some(), "No chat selected");
            ensure!(!arg1.is_empty(), "Argument <contact-id> missing.");
@@ -1266,10 +1244,7 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
        }
        "providerinfo" => {
            ensure!(!arg1.is_empty(), "Argument <addr> missing.");
-            let proxy_enabled = context
-                .get_config_bool(config::Config::ProxyEnabled)
-                .await?;
-            match provider::get_provider_info(&context, arg1, proxy_enabled).await {
+            match provider::get_provider_info(arg1) {
                Some(info) => {
                    println!("Information for provider belonging to {arg1}:");
                    println!("status: {}", info.status as u32);
--- a/deltachat-rpc-client/README.md
+++ b/deltachat-rpc-client/README.md
@@ -30,6 +30,15 @@ $ pip install .

 Additional arguments to `tox` are passed to pytest, e.g. `tox -- -s` does not capture test output.

+
+## Activating current checkout of deltachat-rpc-client and -server for development 
+
+Go to root repository directory and run: 
+```
+$ scripts/make-rpc-testenv.sh 
+$ source venv/bin/activate 
+```
+
 ## Using in REPL

 Setup a development environment:
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -1,20 +1,18 @@
 [build-system]
-requires = ["setuptools>=45"]
+requires = ["setuptools>=77"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.21.0"
+version = "2.30.0"
+license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
-    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Operating System :: POSIX :: Linux",
    "Operating System :: MacOS :: MacOS X",
    "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.8",
-    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
@@ -24,7 +22,7 @@ classifiers = [
    "Topic :: Communications :: Email"
 ]
 readme = "README.md"
-requires-python = ">=3.8"
+requires-python = ">=3.10"

 [tool.setuptools.package-data]
 deltachat_rpc_client = [
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -125,6 +125,15 @@ class Account:
        """Add a new transport."""
        yield self._rpc.add_or_update_transport.future(self.id, params)

+    @futuremethod
+    def add_transport_from_qr(self, qr: str):
+        """Add a new transport using a QR code."""
+        yield self._rpc.add_transport_from_qr.future(self.id, qr)
+
+    def delete_transport(self, addr: str):
+        """Delete a transport."""
+        self._rpc.delete_transport(self.id, addr)
+
    @futuremethod
    def list_transports(self):
        """Return the list of all email accounts that are used as a transport in the current profile."""
@@ -300,7 +309,7 @@ class Account:
            chats.append(AttrDict(item))
        return chats

-    def create_group(self, name: str, protect: bool = False) -> Chat:
+    def create_group(self, name: str) -> Chat:
        """Create a new group chat.

        After creation,
@@ -317,15 +326,11 @@ class Account:
        To check, if a chat is still unpromoted, you can look at the `is_unpromoted` property of a chat
        (see `get_full_snapshot()` / `get_basic_snapshot()`).
        This may be useful if you want to show some help for just created groups.
-
-        :param protect: If set to 1 the function creates group with protection initially enabled.
-                        Only verified members are allowed in these groups
-                        and end-to-end-encryption is always enabled.
        """
-        return Chat(self, self._rpc.create_group_chat(self.id, name, protect))
+        return Chat(self, self._rpc.create_group_chat(self.id, name, False))

    def create_broadcast(self, name: str) -> Chat:
-        """Create a new **broadcast channel**
+        """Create a new, outgoing **broadcast channel**
        (called "Channel" in the UI).

        Broadcast channels are similar to groups on the sending device,
@@ -398,9 +403,10 @@ class Account:
        next_msg_ids = self._rpc.get_next_msgs(self.id)
        return [Message(self, msg_id) for msg_id in next_msg_ids]

+    @futuremethod
    def wait_next_messages(self) -> list[Message]:
        """Wait for new messages and return a list of them."""
-        next_msg_ids = self._rpc.wait_next_msgs(self.id)
+        next_msg_ids = yield self._rpc.wait_next_msgs.future(self.id)
        return [Message(self, msg_id) for msg_id in next_msg_ids]

    def wait_for_incoming_msg_event(self):
@@ -415,12 +421,21 @@ class Account:
        """Wait for messages noticed event and return it."""
        return self.wait_for_event(EventType.MSGS_NOTICED)

+    def wait_for_msg(self, event_type) -> Message:
+        """Wait for an event about the message.
+
+        Consumes all events before the matching event.
+        Returns a message corresponding to the msg_id field of the event.
+        """
+        event = self.wait_for_event(event_type)
+        return self.get_message_by_id(event.msg_id)
+
    def wait_for_incoming_msg(self):
        """Wait for incoming message and return it.

        Consumes all events before the next incoming message event.
        """
-        return self.get_message_by_id(self.wait_for_incoming_msg_event().msg_id)
+        return self.wait_for_msg(EventType.INCOMING_MSG)

    def wait_for_securejoin_inviter_success(self):
        """Wait until SecureJoin process finishes successfully on the inviter side."""
--- a/deltachat-rpc-client/src/deltachat_rpc_client/client.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/client.py
@@ -83,11 +83,10 @@ class Client:

    def configure(self, email: str, password: str, **kwargs) -> None:
        """Configure the client."""
-        self.account.set_config("addr", email)
-        self.account.set_config("mail_pw", password)
        for key, value in kwargs.items():
            self.account.set_config(key, value)
-        self.account.configure()
+        params = {"addr": email, "password": password}
+        self.account.add_or_update_transport(params)
        self.logger.debug("Account configured")

    def run_forever(self) -> None:
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -80,6 +80,7 @@ class EventType(str, Enum):
    CONFIG_SYNCED = "ConfigSynced"
    WEBXDC_REALTIME_DATA = "WebxdcRealtimeData"
    WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED = "WebxdcRealtimeAdvertisementReceived"
+    TRANSPORTS_MODIFIED = "TransportsModified"


 class ChatId(IntEnum):
@@ -91,19 +92,17 @@ class ChatId(IntEnum):
    LAST_SPECIAL = 9


-class ChatType(IntEnum):
+class ChatType(str, Enum):
    """Chat type."""

-    UNDEFINED = 0
-
-    SINGLE = 100
+    SINGLE = "Single"
    """1:1 chat, i.e. a direct chat with a single contact"""

-    GROUP = 120
+    GROUP = "Group"

-    MAILINGLIST = 140
+    MAILINGLIST = "Mailinglist"

-    OUT_BROADCAST = 160
+    OUT_BROADCAST = "OutBroadcast"
    """Outgoing broadcast channel, called "Channel" in the UI.

    The user can send into this channel,
@@ -115,7 +114,7 @@ class ChatType(IntEnum):
    which would make it hard to grep for it.
    """

-    IN_BROADCAST = 165
+    IN_BROADCAST = "InBroadcast"
    """Incoming broadcast channel, called "Channel" in the UI.

    This channel is read-only,
--- a/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/deltachat.py
@@ -4,7 +4,7 @@ from __future__ import annotations

 from typing import TYPE_CHECKING

-from ._utils import AttrDict
+from ._utils import AttrDict, futuremethod
 from .account import Account

 if TYPE_CHECKING:
@@ -39,6 +39,15 @@ class DeltaChat:
        """Stop the I/O of all accounts."""
        self.rpc.stop_io_for_all_accounts()

+    @futuremethod
+    def background_fetch(self, timeout_in_seconds: int) -> None:
+        """Run background fetch for all accounts."""
+        yield self.rpc.background_fetch.future(timeout_in_seconds)
+
+    def stop_background_fetch(self) -> None:
+        """Stop ongoing background fetch."""
+        self.rpc.stop_background_fetch()
+
    def maybe_network(self) -> None:
        """Indicate that the network conditions might have changed."""
        self.rpc.maybe_network()
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -60,6 +60,10 @@ class Message:
        """Mark the message as seen."""
        self._rpc.markseen_msgs(self.account.id, [self.id])

+    def exists(self) -> bool:
+        """Return True if the message exists."""
+        return bool(self._rpc.get_existing_msg_ids(self.account.id, [self.id]))
+
    def continue_autocrypt_key_transfer(self, setup_code: str) -> None:
        """Continue the Autocrypt Setup Message key transfer.

@@ -93,6 +97,17 @@ class Message:
            if event.kind == EventType.MSG_DELIVERED and event.msg_id == self.id:
                break

+    def resend(self) -> None:
+        """Resend messages and make information available for newly added chat members.
+        Resending sends out the original message, however, recipients and webxdc-status may differ.
+        Clients that already have the original message can still ignore the resent message as
+        they have tracked the state by dedicated updates.
+
+        Some messages cannot be resent, eg. info-messages, drafts, already pending messages,
+        or messages that are not sent by SELF.
+        """
+        self._rpc.resend_messages(self.account.id, [self.id])
+
    @futuremethod
    def send_webxdc_realtime_advertisement(self):
        """Send an advertisement to join the realtime channel."""
--- a/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/pytestplugin.py
@@ -3,9 +3,14 @@
 from __future__ import annotations

 import os
+import pathlib
+import platform
 import random
+import subprocess
+import sys
 from typing import AsyncGenerator, Optional

+import execnet
 import py
 import pytest

@@ -20,6 +25,18 @@ Currently this is "End-to-end encryption available".
 """


+def pytest_report_header():
+    for base in os.get_exec_path():
+        fn = pathlib.Path(base).joinpath(base, "deltachat-rpc-server")
+        if fn.exists():
+            proc = subprocess.Popen([str(fn), "--version"], stderr=subprocess.PIPE)
+            proc.wait()
+            version = proc.stderr.read().decode().strip()
+            return f"deltachat-rpc-server: {fn} [{version}]"
+
+    return None
+
+
 class ACFactory:
    """Test account factory."""

@@ -40,13 +57,17 @@ class ACFactory:
        username = "ci-" + "".join(random.choice("2345789acdefghjkmnpqrstuvwxyz") for i in range(6))
        return f"{username}@{domain}", f"{username}${username}"

+    def get_account_qr(self):
+        """Return "dcaccount:" QR code for testing chatmail relay."""
+        domain = os.getenv("CHATMAIL_DOMAIN")
+        return f"dcaccount:{domain}"
+
    @futuremethod
    def new_configured_account(self):
        """Create a new configured account."""
-        addr, password = self.get_credentials()
        account = self.get_unconfigured_account()
-        params = {"addr": addr, "password": password}
-        yield account.add_or_update_transport.future(params)
+        qr = self.get_account_qr()
+        yield account.add_transport_from_qr.future(qr)

        assert account.is_configured()
        return account
@@ -73,11 +94,12 @@ class ACFactory:
    def resetup_account(self, ac: Account) -> Account:
        """Resetup account from scratch, losing the encryption key."""
        ac.stop_io()
-        ac_clone = self.get_unconfigured_account()
-        for i in ["addr", "mail_pw"]:
-            ac_clone.set_config(i, ac.get_config(i))
+        transports = ac.list_transports()
        ac.remove()
-        ac_clone.configure()
+        ac_clone = self.get_unconfigured_account()
+        for transport in transports:
+            ac_clone.add_or_update_transport(transport)
+        ac_clone.bring_online()
        return ac_clone

    def get_accepted_chat(self, ac1: Account, ac2: Account) -> Chat:
@@ -136,9 +158,15 @@ def rpc(tmp_path) -> AsyncGenerator:


@pytest.fixture
-def acfactory(rpc) -> AsyncGenerator:
+def dc(rpc) -> DeltaChat:
+    """Return account manager."""
+    return DeltaChat(rpc)
+
+
+@pytest.fixture
+def acfactory(dc) -> AsyncGenerator:
    """Return account factory fixture."""
-    return ACFactory(DeltaChat(rpc))
+    return ACFactory(dc)


@pytest.fixture
@@ -186,3 +214,134 @@ def log():
            print("  " + msg)

    return Printer()
+
+
+#
+# support for testing against different deltachat-rpc-server/clients
+# installed into a temporary virtualenv and connected via 'execnet' channels
+#
+
+
+def find_path(venv, name):
+    is_windows = platform.system() == "Windows"
+    bin = venv / ("bin" if not is_windows else "Scripts")
+
+    tryadd = [""]
+    if is_windows:
+        tryadd += os.environ["PATHEXT"].split(os.pathsep)
+    for ext in tryadd:
+        p = bin.joinpath(name + ext)
+        if p.exists():
+            return str(p)
+
+    return None
+
+
+@pytest.fixture(scope="session")
+def get_core_python_env(tmp_path_factory):
+    """Return a factory to create virtualenv environments with rpc server/client packages
+    installed.
+
+    The factory takes a version and returns a (python_path, rpc_server_path) tuple
+    of the respective binaries in the virtualenv.
+    """
+
+    envs = {}
+
+    def get_versioned_venv(core_version):
+        venv = envs.get(core_version)
+        if not venv:
+            venv = tmp_path_factory.mktemp(f"temp-{core_version}")
+            subprocess.check_call([sys.executable, "-m", "venv", venv])
+
+            python = find_path(venv, "python")
+            pkgs = [f"deltachat-rpc-server=={core_version}", f"deltachat-rpc-client=={core_version}", "pytest"]
+            subprocess.check_call([python, "-m", "pip", "install"] + pkgs)
+
+            envs[core_version] = venv
+        python = find_path(venv, "python")
+        rpc_server_path = find_path(venv, "deltachat-rpc-server")
+        print(f"python={python}\nrpc_server={rpc_server_path}")
+        return python, rpc_server_path
+
+    return get_versioned_venv
+
+
+@pytest.fixture
+def alice_and_remote_bob(tmp_path, acfactory, get_core_python_env):
+    """return local Alice account, a contact to bob, and a remote 'eval' function for bob.
+
+    The 'eval' function allows to remote-execute arbitrary expressions
+    that can use the `bob` online account, and the `bob_contact_alice`.
+    """
+
+    def factory(core_version):
+        python, rpc_server_path = get_core_python_env(core_version)
+        gw = execnet.makegateway(f"popen//python={python}")
+
+        accounts_dir = str(tmp_path.joinpath("account1_venv1"))
+        channel = gw.remote_exec(remote_bob_loop)
+        cm = os.environ.get("CHATMAIL_DOMAIN")
+
+        # trigger getting an online account on bob's side
+        channel.send((accounts_dir, str(rpc_server_path), cm))
+
+        # meanwhile get a local alice account
+        alice = acfactory.get_online_account()
+        channel.send(alice.self_contact.make_vcard())
+
+        # wait for bob to have started
+        sysinfo = channel.receive()
+        assert sysinfo == f"v{core_version}"
+        bob_vcard = channel.receive()
+        [alice_contact_bob] = alice.import_vcard(bob_vcard)
+
+        def eval(eval_str):
+            channel.send(eval_str)
+            return channel.receive()
+
+        return alice, alice_contact_bob, eval
+
+    return factory
+
+
+def remote_bob_loop(channel):
+    # This function executes with versioned
+    # deltachat-rpc-client/server packages
+    # installed into the virtualenv.
+    #
+    # The "channel" argument is a send/receive pipe
+    # to the process that runs the corresponding remote_exec(remote_bob_loop)
+
+    import os
+
+    from deltachat_rpc_client import DeltaChat, Rpc
+    from deltachat_rpc_client.pytestplugin import ACFactory
+
+    accounts_dir, rpc_server_path, chatmail_domain = channel.receive()
+    os.environ["CHATMAIL_DOMAIN"] = chatmail_domain
+
+    # older core versions don't support specifying rpc_server_path
+    # so we can't just pass `rpc_server_path` argument to Rpc constructor
+    basepath = os.path.dirname(rpc_server_path)
+    os.environ["PATH"] = os.pathsep.join([basepath, os.environ["PATH"]])
+    rpc = Rpc(accounts_dir=accounts_dir)
+
+    with rpc:
+        dc = DeltaChat(rpc)
+        channel.send(dc.rpc.get_system_info()["deltachat_core_version"])
+        acfactory = ACFactory(dc)
+        bob = acfactory.get_online_account()
+        alice_vcard = channel.receive()
+        [alice_contact] = bob.import_vcard(alice_vcard)
+        ns = {"bob": bob, "bob_contact_alice": alice_contact}
+        channel.send(bob.self_contact.make_vcard())
+
+        while 1:
+            eval_str = channel.receive()
+            res = eval(eval_str, ns)
+            try:
+                channel.send(res)
+            except Exception:
+                # some unserializable result
+                channel.send(None)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/rpc.py
@@ -9,7 +9,7 @@ import os
 import subprocess
 import sys
 from queue import Empty, Queue
-from threading import Event, Thread
+from threading import Thread
 from typing import Any, Iterator, Optional


@@ -17,25 +17,6 @@ class JsonRpcError(Exception):
    """JSON-RPC error."""


-class RpcFuture:
-    """RPC future waiting for RPC call result."""
-
-    def __init__(self, rpc: "Rpc", request_id: int, event: Event):
-        self.rpc = rpc
-        self.request_id = request_id
-        self.event = event
-
-    def __call__(self):
-        """Wait for the future to return the result."""
-        self.event.wait()
-        response = self.rpc.request_results.pop(self.request_id)
-        if "error" in response:
-            raise JsonRpcError(response["error"])
-        if "result" in response:
-            return response["result"]
-        return None
-
-
 class RpcMethod:
    """RPC method."""

@@ -57,20 +38,26 @@ class RpcMethod:
            "params": args,
            "id": request_id,
        }
-        event = Event()
-        self.rpc.request_events[request_id] = event
+        self.rpc.request_results[request_id] = queue = Queue()
        self.rpc.request_queue.put(request)

-        return RpcFuture(self.rpc, request_id, event)
+        def rpc_future():
+            """Wait for the request to receive a result."""
+            response = queue.get()
+            if "error" in response:
+                raise JsonRpcError(response["error"])
+            return response.get("result", None)
+
+        return rpc_future


 class Rpc:
    """RPC client."""

-    def __init__(self, accounts_dir: Optional[str] = None, **kwargs):
+    def __init__(self, accounts_dir: Optional[str] = None, rpc_server_path="deltachat-rpc-server", **kwargs):
        """Initialize RPC client.

-        The given arguments will be passed to subprocess.Popen().
+        The 'kwargs' arguments will be passed to subprocess.Popen().
        """
        if accounts_dir:
            kwargs["env"] = {
@@ -79,13 +66,12 @@ class Rpc:
            }

        self._kwargs = kwargs
+        self.rpc_server_path = rpc_server_path
        self.process: subprocess.Popen
        self.id_iterator: Iterator[int]
        self.event_queues: dict[int, Queue]
-        # Map from request ID to `threading.Event`.
-        self.request_events: dict[int, Event]
-        # Map from request ID to the result.
-        self.request_results: dict[int, Any]
+        # Map from request ID to a Queue which provides a single result
+        self.request_results: dict[int, Queue]
        self.request_queue: Queue[Any]
        self.closing: bool
        self.reader_thread: Thread
@@ -94,27 +80,18 @@ class Rpc:

    def start(self) -> None:
        """Start RPC server subprocess."""
+        popen_kwargs = {"stdin": subprocess.PIPE, "stdout": subprocess.PIPE}
        if sys.version_info >= (3, 11):
-            self.process = subprocess.Popen(
-                "deltachat-rpc-server",
-                stdin=subprocess.PIPE,
-                stdout=subprocess.PIPE,
-                # Prevent subprocess from capturing SIGINT.
-                process_group=0,
-                **self._kwargs,
-            )
+            # Prevent subprocess from capturing SIGINT.
+            popen_kwargs["process_group"] = 0
        else:
-            self.process = subprocess.Popen(
-                "deltachat-rpc-server",
-                stdin=subprocess.PIPE,
-                stdout=subprocess.PIPE,
-                # `process_group` is not supported before Python 3.11.
-                preexec_fn=os.setpgrp,  # noqa: PLW1509
-                **self._kwargs,
-            )
+            # `process_group` is not supported before Python 3.11.
+            popen_kwargs["preexec_fn"] = os.setpgrp  # noqa: PLW1509
+
+        popen_kwargs.update(self._kwargs)
+        self.process = subprocess.Popen(self.rpc_server_path, **popen_kwargs)
        self.id_iterator = itertools.count(start=1)
        self.event_queues = {}
-        self.request_events = {}
        self.request_results = {}
        self.request_queue = Queue()
        self.closing = False
@@ -149,9 +126,7 @@ class Rpc:
                response = json.loads(line)
                if "id" in response:
                    response_id = response["id"]
-                    event = self.request_events.pop(response_id)
-                    self.request_results[response_id] = response
-                    event.set()
+                    self.request_results.pop(response_id).put(response)
                else:
                    logging.warning("Got a response without ID: %s", response)
        except Exception:
--- a/deltachat-rpc-client/tests/conftest.py
+++ b/deltachat-rpc-client/tests/conftest.py
@@ -85,11 +85,11 @@ class DirectImap:

    def get_all_messages(self) -> list[MailMessage]:
        assert not self._idling
-        return list(self.conn.fetch())
+        return list(self.conn.fetch(mark_seen=False))

    def get_unread_messages(self) -> list[str]:
        assert not self._idling
-        return [msg.uid for msg in self.conn.fetch(AND(seen=False))]
+        return [msg.uid for msg in self.conn.fetch(AND(seen=False), mark_seen=False)]

    def mark_all_read(self):
        messages = self.get_unread_messages()
@@ -173,7 +173,6 @@ class DirectImap:
 class IdleManager:
    def __init__(self, direct_imap) -> None:
        self.direct_imap = direct_imap
-        self.log = direct_imap.account.log
        # fetch latest messages before starting idle so that it only
        # returns messages that arrive anew
        self.direct_imap.conn.fetch("1:*")
@@ -181,14 +180,11 @@ class IdleManager:

    def check(self, timeout=None) -> list[bytes]:
        """(blocking) wait for next idle message from server."""
-        self.log("imap-direct: calling idle_check")
-        res = self.direct_imap.conn.idle.poll(timeout=timeout)
-        self.log(f"imap-direct: idle_check returned {res!r}")
-        return res
+        return self.direct_imap.conn.idle.poll(timeout=timeout)

-    def wait_for_new_message(self, timeout=None) -> bytes:
+    def wait_for_new_message(self) -> bytes:
        while True:
-            for item in self.check(timeout=timeout):
+            for item in self.check():
                if b"EXISTS" in item or b"RECENT" in item:
                    return item

@@ -196,10 +192,8 @@ class IdleManager:
        """Return first message with SEEN flag from a running idle-stream."""
        while True:
            for item in self.check(timeout=timeout):
-                if FETCH in item:
-                    self.log(str(item))
-                    if FLAGS in item and rb"\Seen" in item:
-                        return int(item.split(b" ")[1])
+                if FETCH in item and FLAGS in item and rb"\Seen" in item:
+                    return int(item.split(b" ")[1])

    def done(self):
        """send idle-done to server if we are currently in idle mode."""
--- a/deltachat-rpc-client/tests/test_calls.py
+++ b/deltachat-rpc-client/tests/test_calls.py
@@ -9,6 +9,7 @@ def test_calls(acfactory) -> None:

    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()
+    bob.create_chat(alice)  # Accept the chat so incoming call causes a notification.
    outgoing_call_message = alice_chat_bob.place_outgoing_call(place_call_info)
    assert outgoing_call_message.get_call_info().state.kind == "Alerting"

@@ -67,6 +68,7 @@ a=extmap:1 urn:ietf:params:rtp-hdrext:sdes:mid\r

    alice, bob = acfactory.get_online_accounts(2)

+    bob.create_chat(alice)  # Accept the chat so incoming call causes a notification.
    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_chat_bob = alice_contact_bob.create_chat()
    alice_chat_bob.place_outgoing_call(place_call_info)
@@ -84,3 +86,24 @@ def test_ice_servers(acfactory) -> None:

    ice_servers = alice.ice_servers()
    assert len(ice_servers) == 1
+
+
+def test_no_contact_request_call(acfactory) -> None:
+    alice, bob = acfactory.get_online_accounts(2)
+
+    alice_chat_bob = alice.create_chat(bob)
+    alice_chat_bob.place_outgoing_call("offer")
+    alice_chat_bob.send_text("Hello!")
+
+    # Notification for "Hello!" message should arrive
+    # without the call ringing.
+    while True:
+        event = bob.wait_for_event()
+
+        # There should be no incoming call notification.
+        assert event.kind != EventType.INCOMING_CALL
+
+        if event.kind == EventType.MSGS_CHANGED:
+            msg = bob.get_message_by_id(event.msg_id)
+            if msg.get_snapshot().text == "Hello!":
+                break
--- a/deltachat-rpc-client/tests/test_chatlist_events.py
+++ b/deltachat-rpc-client/tests/test_chatlist_events.py
@@ -169,6 +169,8 @@ def test_imap_sync_seen_msgs(acfactory: ACFactory) -> None:
    """
    alice, alice_second_device, bob, alice_chat_bob = get_multi_account_test_setup(acfactory)

+    bob.create_chat(alice)
+
    alice_chat_bob.send_text("hello")

    msg = bob.wait_for_incoming_msg()
--- a/deltachat-rpc-client/tests/test_cross_core.py
+++ b/deltachat-rpc-client/tests/test_cross_core.py
@@ -0,0 +1,44 @@
+import subprocess
+
+import pytest
+
+from deltachat_rpc_client import DeltaChat, Rpc
+
+
+def test_install_venv_and_use_other_core(tmp_path, get_core_python_env):
+    python, rpc_server_path = get_core_python_env("2.24.0")
+    subprocess.check_call([python, "-m", "pip", "install", "deltachat-rpc-server==2.24.0"])
+    rpc = Rpc(accounts_dir=tmp_path.joinpath("accounts"), rpc_server_path=rpc_server_path)
+
+    with rpc:
+        dc = DeltaChat(rpc)
+        assert dc.rpc.get_system_info()["deltachat_core_version"] == "v2.24.0"
+
+
+@pytest.mark.parametrize("version", ["2.24.0"])
+def test_qr_setup_contact(alice_and_remote_bob, version) -> None:
+    """Test other-core Bob profile can do securejoin with Alice on current core."""
+    alice, alice_contact_bob, remote_eval = alice_and_remote_bob(version)
+
+    qr_code = alice.get_qr_code()
+    remote_eval(f"bob.secure_join({qr_code!r})")
+    alice.wait_for_securejoin_inviter_success()
+
+    # Test that Alice verified Bob's profile.
+    alice_contact_bob_snapshot = alice_contact_bob.get_snapshot()
+    assert alice_contact_bob_snapshot.is_verified
+
+    remote_eval("bob.wait_for_securejoin_joiner_success()")
+
+    # Test that Bob verified Alice's profile.
+    assert remote_eval("bob_contact_alice.get_snapshot().is_verified")
+
+
+def test_send_and_receive_message(alice_and_remote_bob) -> None:
+    """Test other-core Bob profile can send a message to Alice on current core."""
+    alice, alice_contact_bob, remote_eval = alice_and_remote_bob("2.20.0")
+
+    remote_eval("bob_contact_alice.create_chat().send_text('hello')")
+
+    msg = alice.wait_for_incoming_msg()
+    assert msg.get_snapshot().text == "hello"
--- a/deltachat-rpc-client/tests/test_folders.py
+++ b/deltachat-rpc-client/tests/test_folders.py
@@ -0,0 +1,538 @@
+import logging
+import re
+import time
+
+import pytest
+from imap_tools import AND, U
+
+from deltachat_rpc_client import Contact, EventType, Message
+
+
+def test_move_works(acfactory):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
+    ac2.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+
+    # Message is moved to the movebox
+    ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+    # Message is downloaded
+    msg = ac2.wait_for_incoming_msg().get_snapshot()
+    assert msg.text == "message1"
+
+
+def test_move_avoids_loop(acfactory, direct_imap):
+    """Test that the message is only moved from INBOX to DeltaChat.
+
+    This is to avoid busy loop if moved message reappears in the Inbox
+    or some scanned folder later.
+    For example, this happens on servers that alias `INBOX.DeltaChat` to `DeltaChat` folder,
+    so the message moved to `DeltaChat` appears as a new message in the `INBOX.DeltaChat` folder.
+    We do not want to move this message from `INBOX.DeltaChat` to `DeltaChat` again.
+    """
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
+    ac2.set_config("delete_server_after", "0")
+    ac2.bring_online()
+
+    # Create INBOX.DeltaChat folder and make sure
+    # it is detected by full folder scan.
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("INBOX.DeltaChat")
+    ac2.stop_io()
+    ac2.start_io()
+
+    while True:
+        event = ac2.wait_for_event()
+        # Wait until the end of folder scan.
+        if event.kind == EventType.INFO and "Found folders:" in event.msg:
+            break
+
+    ac1_chat = acfactory.get_accepted_chat(ac1, ac2)
+    ac1_chat.send_text("Message 1")
+
+    # Message is moved to the DeltaChat folder and downloaded.
+    ac2_msg1 = ac2.wait_for_incoming_msg().get_snapshot()
+    assert ac2_msg1.text == "Message 1"
+
+    # Move the message to the INBOX.DeltaChat again.
+    # We assume that test server uses "." as the delimiter.
+    ac2_direct_imap.select_folder("DeltaChat")
+    ac2_direct_imap.conn.move(["*"], "INBOX.DeltaChat")
+
+    ac1_chat.send_text("Message 2")
+    ac2_msg2 = ac2.wait_for_incoming_msg().get_snapshot()
+    assert ac2_msg2.text == "Message 2"
+
+    # Stop and start I/O to trigger folder scan.
+    ac2.stop_io()
+    ac2.start_io()
+    while True:
+        event = ac2.wait_for_event()
+        # Wait until the end of folder scan.
+        if event.kind == EventType.INFO and "Found folders:" in event.msg:
+            break
+
+    # Check that Message 1 is still in the INBOX.DeltaChat folder
+    # and Message 2 is in the DeltaChat folder.
+    ac2_direct_imap.select_folder("INBOX")
+    assert len(ac2_direct_imap.get_all_messages()) == 0
+    ac2_direct_imap.select_folder("DeltaChat")
+    assert len(ac2_direct_imap.get_all_messages()) == 1
+    ac2_direct_imap.select_folder("INBOX.DeltaChat")
+    assert len(ac2_direct_imap.get_all_messages()) == 1
+
+
+def test_reactions_for_a_reordering_move(acfactory, direct_imap):
+    """When a batch of messages is moved from Inbox to DeltaChat folder with a single MOVE command,
+    their UIDs may be reordered (e.g. Gmail is known for that) which led to that messages were
+    processed by receive_imf in the wrong order, and, particularly, reactions were processed before
+    messages they refer to and thus dropped.
+    """
+    (ac1,) = acfactory.get_online_accounts(1)
+
+    addr, password = acfactory.get_credentials()
+    ac2 = acfactory.get_unconfigured_account()
+    ac2.add_or_update_transport({"addr": addr, "password": password})
+    ac2.set_config("mvbox_move", "1")
+    assert ac2.is_configured()
+
+    ac2.bring_online()
+    chat1 = acfactory.get_accepted_chat(ac1, ac2)
+    ac2.stop_io()
+
+    logging.info("sending message + reaction from ac1 to ac2")
+    msg1 = chat1.send_text("hi")
+    msg1.wait_until_delivered()
+    # It's is sad, but messages must differ in their INTERNALDATEs to be processed in the correct
+    # order by DC, and most (if not all) mail servers provide only seconds precision.
+    time.sleep(1.1)
+    react_str = "\N{THUMBS UP SIGN}"
+    msg1.send_reaction(react_str).wait_until_delivered()
+
+    logging.info("moving messages to ac2's DeltaChat folder in the reverse order")
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.connect()
+    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()], reverse=True):
+        ac2_direct_imap.conn.move(uid, "DeltaChat")
+
+    logging.info("receiving messages by ac2")
+    ac2.start_io()
+    msg2 = Message(ac2, ac2.wait_for_reactions_changed().msg_id)
+    assert msg2.get_snapshot().text == msg1.get_snapshot().text
+    reactions = msg2.get_reactions()
+    contacts = [Contact(ac2, int(i)) for i in reactions.reactions_by_contact]
+    assert len(contacts) == 1
+    assert contacts[0].get_snapshot().address == ac1.get_config("addr")
+    assert list(reactions.reactions_by_contact.values())[0] == [react_str]
+
+
+def test_delete_deltachat_folder(acfactory, direct_imap):
+    """Test that DeltaChat folder is recreated if user deletes it manually."""
+    ac1 = acfactory.new_configured_account()
+    ac1.set_config("mvbox_move", "1")
+    ac1.bring_online()
+
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.conn.folder.delete("DeltaChat")
+    assert "DeltaChat" not in ac1_direct_imap.list_folders()
+
+    # Wait until new folder is created and UIDVALIDITY is updated.
+    while True:
+        event = ac1.wait_for_event()
+        if event.kind == EventType.INFO and "transport 1: UID validity for folder DeltaChat changed from " in event.msg:
+            break
+
+    ac2 = acfactory.get_online_account()
+    ac2.create_chat(ac1).send_text("hello")
+    msg = ac1.wait_for_incoming_msg().get_snapshot()
+    assert msg.text == "hello"
+
+    assert "DeltaChat" in ac1_direct_imap.list_folders()
+
+
+def test_dont_show_emails(acfactory, direct_imap, log):
+    """Most mailboxes have a "Drafts" folder where constantly new emails appear but we don't actually want to show them.
+    So: If it's outgoing AND there is no Received header, then ignore the email.
+
+    If the draft email is sent out and received later (i.e. it's in "Inbox"), it must be shown.
+
+    Also, test that unknown emails in the Spam folder are not shown."""
+    ac1 = acfactory.new_configured_account()
+    ac1.stop_io()
+    ac1.set_config("show_emails", "2")
+
+    ac1.create_contact("alice@example.org").create_chat()
+
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder("Drafts")
+    ac1_direct_imap.create_folder("Spam")
+    ac1_direct_imap.create_folder("Junk")
+
+    # Learn UID validity for all folders.
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.start_io()
+    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+    ac1.stop_io()
+
+    ac1_direct_imap.append(
+        "Drafts",
+        """
+        From: ac1 <{}>
+        Subject: subj
+        To: alice@example.org
+        Message-ID: <aepiors@example.org>
+        Content-Type: text/plain; charset=utf-8
+
+        message in Drafts received later
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: unknown.address@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: unknown.address@junk.org, unkwnown.add@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message2@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown & malformed message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: delta<address: inbox@nhroy.com>
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message99@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown & malformed message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Spam",
+        """
+        From: alice@example.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message3@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Actually interesting message in Spam
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+    ac1_direct_imap.append(
+        "Junk",
+        """
+        From: unknown.address@junk.org
+        Subject: subj
+        To: {}
+        Message-ID: <spam.message@junk.org>
+        Content-Type: text/plain; charset=utf-8
+
+        Unknown message in Junk
+    """.format(
+            ac1.get_config("configured_addr"),
+        ),
+    )
+
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    log.section("All prepared, now let DC find the message")
+    ac1.start_io()
+
+    # Wait until each folder was scanned, this is necessary for this test to test what it should test:
+    ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+
+    fresh_msgs = list(ac1.get_fresh_messages())
+    msg = fresh_msgs[0].get_snapshot()
+    chat_msgs = msg.chat.get_messages()
+    assert len(chat_msgs) == 1
+    assert msg.text == "subj – Actually interesting message in Spam"
+
+    assert not any("unknown.address" in c.get_full_snapshot().name for c in ac1.get_chatlist())
+    ac1_direct_imap.select_folder("Spam")
+    assert ac1_direct_imap.get_uid_by_message_id("spam.message@junk.org")
+
+    ac1.stop_io()
+    log.section("'Send out' the draft by moving it to Inbox, and wait for DC to display it this time")
+    ac1_direct_imap.select_folder("Drafts")
+    uid = ac1_direct_imap.get_uid_by_message_id("aepiors@example.org")
+    ac1_direct_imap.conn.move(uid, "Inbox")
+
+    ac1.start_io()
+    event = ac1.wait_for_event(EventType.MSGS_CHANGED)
+    msg2 = Message(ac1, event.msg_id).get_snapshot()
+
+    assert msg2.text == "subj – message in Drafts received later"
+    assert len(msg.chat.get_messages()) == 2
+
+
+def test_move_works_on_self_sent(acfactory):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+
+    # Enable movebox and wait until it is created.
+    ac1.set_config("mvbox_move", "1")
+    ac1.set_config("bcc_self", "1")
+    ac1.bring_online()
+
+    chat = ac1.create_chat(ac2)
+    chat.send_text("message1")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message2")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+    chat.send_text("message3")
+    ac1.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+
+
+def test_moved_markseen(acfactory, direct_imap):
+    """Test that message already moved to DeltaChat folder is marked as seen."""
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("mvbox_move", "1")
+    ac2.set_config("delete_server_after", "0")
+    ac2.set_config("sync_msgs", "0")  # Do not send a sync message when accepting a contact request.
+    ac2.bring_online()
+
+    ac2.stop_io()
+    ac2_direct_imap = direct_imap(ac2)
+    with ac2_direct_imap.idle() as idle2:
+        ac1.create_chat(ac2).send_text("Hello!")
+        idle2.wait_for_new_message()
+
+    # Emulate moving of the message to DeltaChat folder by Sieve rule.
+    ac2_direct_imap.conn.move(["*"], "DeltaChat")
+    ac2_direct_imap.select_folder("DeltaChat")
+    assert len(list(ac2_direct_imap.conn.fetch("*", mark_seen=False))) == 1
+
+    with ac2_direct_imap.idle() as idle2:
+        ac2.start_io()
+
+        ev = ac2.wait_for_event(EventType.MSGS_CHANGED)
+        msg = ac2.get_message_by_id(ev.msg_id)
+        assert msg.get_snapshot().text == "Messages are end-to-end encrypted."
+
+        ev = ac2.wait_for_event(EventType.INCOMING_MSG)
+        msg = ac2.get_message_by_id(ev.msg_id)
+        chat = ac2.get_chat_by_id(ev.chat_id)
+
+        # Accept the contact request.
+        chat.accept()
+        msg.mark_seen()
+        idle2.wait_for_seen()
+
+    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True, uid=U(1, "*")), mark_seen=False))) == 1
+
+
+@pytest.mark.parametrize("mvbox_move", [True, False])
+def test_markseen_message_and_mdn(acfactory, direct_imap, mvbox_move):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+
+    for ac in ac1, ac2:
+        ac.set_config("delete_server_after", "0")
+        if mvbox_move:
+            ac.set_config("mvbox_move", "1")
+            ac.bring_online()
+
+    # Do not send BCC to self, we only want to test MDN on ac1.
+    ac1.set_config("bcc_self", "0")
+
+    acfactory.get_accepted_chat(ac1, ac2).send_text("hi")
+    msg = ac2.wait_for_incoming_msg()
+    msg.mark_seen()
+
+    if mvbox_move:
+        rex = re.compile("Marked messages [0-9]+ in folder DeltaChat as seen.")
+    else:
+        rex = re.compile("Marked messages [0-9]+ in folder INBOX as seen.")
+
+    for ac in ac1, ac2:
+        while True:
+            event = ac.wait_for_event()
+            if event.kind == EventType.INFO and rex.search(event.msg):
+                break
+
+    folder = "mvbox" if mvbox_move else "inbox"
+    ac1_direct_imap = direct_imap(ac1)
+    ac2_direct_imap = direct_imap(ac2)
+
+    ac1_direct_imap.select_config_folder(folder)
+    ac2_direct_imap.select_config_folder(folder)
+
+    # Check that the mdn is marked as seen
+    assert len(list(ac1_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1
+    # Check original message is marked as seen
+    assert len(list(ac2_direct_imap.conn.fetch(AND(seen=True), mark_seen=False))) == 1
+
+
+def test_mvbox_and_trash(acfactory, direct_imap, log):
+    log.section("ac1: start with mvbox")
+    ac1 = acfactory.get_online_account()
+    ac1.set_config("mvbox_move", "1")
+    ac1.bring_online()
+
+    log.section("ac2: start without a mvbox")
+    ac2 = acfactory.get_online_account()
+
+    log.section("ac1: create trash")
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder("Trash")
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.stop_io()
+    ac1.start_io()
+
+    log.section("ac1: send message and wait for ac2 to receive it")
+    acfactory.get_accepted_chat(ac1, ac2).send_text("message1")
+    assert ac2.wait_for_incoming_msg().get_snapshot().text == "message1"
+
+    assert ac1.get_config("configured_mvbox_folder") == "DeltaChat"
+    while ac1.get_config("configured_trash_folder") != "Trash":
+        ac1.wait_for_event(EventType.CONNECTIVITY_CHANGED)
+
+
+@pytest.mark.parametrize(
+    ("folder", "move", "expected_destination"),
+    [
+        (
+            "xyz",
+            False,
+            "xyz",
+        ),  # Test that emails aren't found in a random folder
+        (
+            "xyz",
+            True,
+            "xyz",
+        ),  # ...emails are found in a random folder and downloaded without moving
+        (
+            "Spam",
+            False,
+            "INBOX",
+        ),  # ...emails are moved from the spam folder to the Inbox
+    ],
+)
+# Testrun.org does not support the CREATE-SPECIAL-USE capability, which means that we can't create a folder with
+# the "\Junk" flag (see https://tools.ietf.org/html/rfc6154). So, we can't test spam folder detection by flag.
+def test_scan_folders(acfactory, log, direct_imap, folder, move, expected_destination):
+    """Delta Chat periodically scans all folders for new messages to make sure we don't miss any."""
+    variant = folder + "-" + str(move) + "-" + expected_destination
+    log.section("Testing variant " + variant)
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1.set_config("delete_server_after", "0")
+    if move:
+        ac1.set_config("mvbox_move", "1")
+        ac1.bring_online()
+
+    ac1.stop_io()
+    ac1_direct_imap = direct_imap(ac1)
+    ac1_direct_imap.create_folder(folder)
+
+    # Wait until each folder was selected once and we are IDLEing:
+    ac1.start_io()
+    ac1.bring_online()
+
+    ac1.stop_io()
+    assert folder in ac1_direct_imap.list_folders()
+
+    log.section("Send a message from ac2 to ac1 and manually move it to `folder`")
+    ac1_direct_imap.select_config_folder("inbox")
+    with ac1_direct_imap.idle() as idle1:
+        acfactory.get_accepted_chat(ac2, ac1).send_text("hello")
+        idle1.wait_for_new_message()
+    ac1_direct_imap.conn.move(["*"], folder)  # "*" means "biggest UID in mailbox"
+
+    log.section("start_io() and see if DeltaChat finds the message (" + variant + ")")
+    ac1.set_config("scan_all_folders_debounce_secs", "0")
+    ac1.start_io()
+    chat = ac1.create_chat(ac2)
+    n_msgs = 1  # "Messages are end-to-end encrypted."
+    if folder == "Spam":
+        msg = ac1.wait_for_incoming_msg().get_snapshot()
+        assert msg.text == "hello"
+        n_msgs += 1
+    else:
+        ac1.wait_for_event(EventType.IMAP_INBOX_IDLE)
+    assert len(chat.get_messages()) == n_msgs
+
+    # The message has reached its destination.
+    ac1_direct_imap.select_folder(expected_destination)
+    assert len(ac1_direct_imap.get_all_messages()) == 1
+    if folder != expected_destination:
+        ac1_direct_imap.select_folder(folder)
+        assert len(ac1_direct_imap.get_all_messages()) == 0
+
+
+def test_trash_multiple_messages(acfactory, direct_imap, log):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.stop_io()
+
+    # Create the Trash folder on IMAP server and configure deletion to it. There was a bug that if
+    # Trash wasn't configured initially, it can't be configured later, let's check this.
+    log.section("Creating trash folder")
+    ac2_direct_imap = direct_imap(ac2)
+    ac2_direct_imap.create_folder("Trash")
+    ac2.set_config("delete_server_after", "0")
+    ac2.set_config("sync_msgs", "0")
+    ac2.set_config("delete_to_trash", "1")
+
+    log.section("Check that Trash can be configured initially as well")
+    ac3 = ac2.clone()
+    ac3.bring_online()
+    assert ac3.get_config("configured_trash_folder")
+    ac3.stop_io()
+
+    ac2.start_io()
+    chat12 = acfactory.get_accepted_chat(ac1, ac2)
+
+    log.section("ac1: sending 3 messages")
+    texts = ["first", "second", "third"]
+    for text in texts:
+        chat12.send_text(text)
+
+    log.section("ac2: waiting for all messages on the other side")
+    to_delete = []
+    for text in texts:
+        msg = ac2.wait_for_incoming_msg().get_snapshot()
+        assert msg.text in texts
+        if text != "second":
+            to_delete.append(msg)
+    # ac2 has received some messages, this is impossible w/o the trash folder configured, let's
+    # check the configuration.
+    assert ac2.get_config("configured_trash_folder") == "Trash"
+
+    log.section("ac2: deleting all messages except second")
+    assert len(to_delete) == len(texts) - 1
+    ac2.delete_messages(to_delete)
+
+    log.section("ac2: test that only one message is left")
+    while 1:
+        ac2.wait_for_event(EventType.IMAP_MESSAGE_MOVED)
+        ac2_direct_imap.select_config_folder("inbox")
+        nr_msgs = len(ac2_direct_imap.get_all_messages())
+        assert nr_msgs > 0
+        if nr_msgs == 1:
+            break
--- a/deltachat-rpc-client/tests/test_iroh_webxdc.py
+++ b/deltachat-rpc-client/tests/test_iroh_webxdc.py
@@ -84,7 +84,7 @@ def test_realtime_sequentially(acfactory, path_to_webxdc):

    # share a webxdc app between ac1 and ac2
    ac1_webxdc_msg = acfactory.send_message(from_account=ac1, to_account=ac2, text="play", file=path_to_webxdc)
-    ac2_webxdc_msg = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id)
+    ac2_webxdc_msg = ac2.wait_for_incoming_msg()
    snapshot = ac2_webxdc_msg.get_snapshot()
    assert snapshot.text == "play"

@@ -94,7 +94,7 @@ def test_realtime_sequentially(acfactory, path_to_webxdc):
    acfactory.send_message(from_account=ac1, to_account=ac2, text="ping1")

    log("waiting for incoming message on ac2")
-    snapshot = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac2.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "ping1"

    log("sending ac2 -> ac1 realtime advertisement and additional message")
@@ -102,7 +102,7 @@ def test_realtime_sequentially(acfactory, path_to_webxdc):
    acfactory.send_message(from_account=ac2, to_account=ac1, text="ping2")

    log("waiting for incoming message on ac1")
-    snapshot = ac1.get_message_by_id(ac1.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac1.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "ping2"

    log("sending realtime data ac1 -> ac2")
@@ -214,7 +214,9 @@ def test_advertisement_after_chatting(acfactory, path_to_webxdc):
    ac1_ac2_chat = ac1.create_chat(ac2)
    ac1_webxdc_msg = ac1_ac2_chat.send_message(text="WebXDC", file=path_to_webxdc)
    ac2_webxdc_msg = ac2.wait_for_incoming_msg()
-    assert ac2_webxdc_msg.get_snapshot().text == "WebXDC"
+    ac2_webxdc_msg_snapshot = ac2_webxdc_msg.get_snapshot()
+    assert ac2_webxdc_msg_snapshot.text == "WebXDC"
+    ac2_webxdc_msg_snapshot.chat.accept()

    ac1_ac2_chat.send_text("Hello!")
    ac2_hello_msg = ac2.wait_for_incoming_msg()
--- a/deltachat-rpc-client/tests/test_key_transfer.py
+++ b/deltachat-rpc-client/tests/test_key_transfer.py
@@ -18,9 +18,7 @@ def test_autocrypt_setup_message_key_transfer(acfactory):
    alice1 = acfactory.get_online_account()

    alice2 = acfactory.get_unconfigured_account()
-    alice2.set_config("addr", alice1.get_config("addr"))
-    alice2.set_config("mail_pw", alice1.get_config("mail_pw"))
-    alice2.configure()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
    alice2.bring_online()

    setup_code = alice1.initiate_autocrypt_key_transfer()
@@ -37,9 +35,7 @@ def test_ac_setup_message_twice(acfactory):
    alice1 = acfactory.get_online_account()

    alice2 = acfactory.get_unconfigured_account()
-    alice2.set_config("addr", alice1.get_config("addr"))
-    alice2.set_config("mail_pw", alice1.get_config("mail_pw"))
-    alice2.configure()
+    alice2.add_or_update_transport({"addr": alice1.get_config("addr"), "password": alice1.get_config("mail_pw")})
    alice2.bring_online()

    # Send the first Autocrypt Setup Message and ignore it.
--- a/deltachat-rpc-client/tests/test_multidevice.py
+++ b/deltachat-rpc-client/tests/test_multidevice.py
@@ -4,6 +4,41 @@ from deltachat_rpc_client import EventType
 from deltachat_rpc_client.const import MessageState


+def test_bcc_self_delete_server_after_defaults(acfactory):
+    """Test default values for bcc_self and delete_server_after."""
+    ac = acfactory.get_online_account()
+
+    # Initially after getting online
+    # the setting bcc_self is set to 0 because there is only one device
+    # and delete_server_after is "1", meaning immediate deletion.
+    assert ac.get_config("bcc_self") == "0"
+    assert ac.get_config("delete_server_after") == "1"
+
+    # Setup a second device.
+    ac_clone = ac.clone()
+    ac_clone.bring_online()
+
+    # Second device setup
+    # enables bcc_self and changes default delete_server_after.
+    assert ac.get_config("bcc_self") == "1"
+    assert ac.get_config("delete_server_after") == "0"
+
+    assert ac_clone.get_config("bcc_self") == "1"
+    assert ac_clone.get_config("delete_server_after") == "0"
+
+    # Manually disabling bcc_self
+    # also restores the default for delete_server_after.
+    ac.set_config("bcc_self", "0")
+    assert ac.get_config("bcc_self") == "0"
+    assert ac.get_config("delete_server_after") == "1"
+
+    # Cloning the account again enables bcc_self
+    # even though it was manually disabled.
+    ac_clone = ac.clone()
+    assert ac.get_config("bcc_self") == "1"
+    assert ac.get_config("delete_server_after") == "0"
+
+
 def test_one_account_send_bcc_setting(acfactory, log, direct_imap):
    ac1, ac2 = acfactory.get_online_accounts(2)
    ac1_clone = ac1.clone()
--- a/deltachat-rpc-client/tests/test_multitransport.py
+++ b/deltachat-rpc-client/tests/test_multitransport.py
@@ -0,0 +1,203 @@
+import pytest
+
+from deltachat_rpc_client import EventType
+from deltachat_rpc_client.rpc import JsonRpcError
+
+
+def test_add_second_address(acfactory) -> None:
+    account = acfactory.new_configured_account()
+    assert len(account.list_transports()) == 1
+
+    # When the first transport is created,
+    # mvbox_move and only_fetch_mvbox should be disabled.
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("only_fetch_mvbox") == "0"
+    assert account.get_config("show_emails") == "2"
+
+    qr = acfactory.get_account_qr()
+    account.add_transport_from_qr(qr)
+    assert len(account.list_transports()) == 2
+
+    account.add_transport_from_qr(qr)
+    assert len(account.list_transports()) == 3
+
+    first_addr = account.list_transports()[0]["addr"]
+    second_addr = account.list_transports()[1]["addr"]
+
+    # Cannot delete the first address.
+    with pytest.raises(JsonRpcError):
+        account.delete_transport(first_addr)
+
+    account.delete_transport(second_addr)
+    assert len(account.list_transports()) == 2
+
+    # Enabling mvbox_move or only_fetch_mvbox
+    # is not allowed when multi-transport is enabled.
+    for option in ["mvbox_move", "only_fetch_mvbox"]:
+        with pytest.raises(JsonRpcError):
+            account.set_config(option, "1")
+
+    with pytest.raises(JsonRpcError):
+        account.set_config("show_emails", "0")
+
+
+@pytest.mark.parametrize("key", ["mvbox_move", "only_fetch_mvbox"])
+def test_no_second_transport_with_mvbox(acfactory, key) -> None:
+    """Test that second transport cannot be configured if mvbox is used."""
+    account = acfactory.new_configured_account()
+    assert len(account.list_transports()) == 1
+
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("only_fetch_mvbox") == "0"
+
+    qr = acfactory.get_account_qr()
+    account.set_config(key, "1")
+
+    with pytest.raises(JsonRpcError):
+        account.add_transport_from_qr(qr)
+
+
+def test_no_second_transport_without_classic_emails(acfactory) -> None:
+    """Test that second transport cannot be configured if classic emails are not fetched."""
+    account = acfactory.new_configured_account()
+    assert len(account.list_transports()) == 1
+
+    assert account.get_config("show_emails") == "2"
+
+    qr = acfactory.get_account_qr()
+    account.set_config("show_emails", "0")
+
+    with pytest.raises(JsonRpcError):
+        account.add_transport_from_qr(qr)
+
+
+def test_change_address(acfactory) -> None:
+    """Test Alice configuring a second transport and setting it as a primary one."""
+    alice, bob = acfactory.get_online_accounts(2)
+
+    bob_addr = bob.get_config("configured_addr")
+    bob.create_chat(alice)
+
+    alice_chat_bob = alice.create_chat(bob)
+    alice_chat_bob.send_text("Hello!")
+
+    msg1 = bob.wait_for_incoming_msg().get_snapshot()
+    sender_addr1 = msg1.sender.get_snapshot().address
+
+    alice.stop_io()
+    old_alice_addr = alice.get_config("configured_addr")
+    alice_vcard = alice.self_contact.make_vcard()
+    assert old_alice_addr in alice_vcard
+    qr = acfactory.get_account_qr()
+    alice.add_transport_from_qr(qr)
+    new_alice_addr = alice.list_transports()[1]["addr"]
+    with pytest.raises(JsonRpcError):
+        # Cannot use the address that is not
+        # configured for any transport.
+        alice.set_config("configured_addr", bob_addr)
+
+    # Load old address so it is cached.
+    assert alice.get_config("configured_addr") == old_alice_addr
+    alice.set_config("configured_addr", new_alice_addr)
+    # Make sure that setting `configured_addr` invalidated the cache.
+    assert alice.get_config("configured_addr") == new_alice_addr
+
+    alice_vcard = alice.self_contact.make_vcard()
+    assert old_alice_addr not in alice_vcard
+    assert new_alice_addr in alice_vcard
+    with pytest.raises(JsonRpcError):
+        alice.delete_transport(new_alice_addr)
+    alice.start_io()
+
+    alice_chat_bob.send_text("Hello again!")
+
+    msg2 = bob.wait_for_incoming_msg().get_snapshot()
+    sender_addr2 = msg2.sender.get_snapshot().address
+
+    assert msg1.sender == msg2.sender
+    assert sender_addr1 != sender_addr2
+    assert sender_addr1 == old_alice_addr
+    assert sender_addr2 == new_alice_addr
+
+
+@pytest.mark.parametrize("is_chatmail", ["0", "1"])
+def test_mvbox_move_first_transport(acfactory, is_chatmail) -> None:
+    """Test that mvbox_move is disabled by default even for non-chatmail accounts.
+    Disabling mvbox_move is required to be able to setup a second transport.
+    """
+    account = acfactory.get_unconfigured_account()
+
+    account.set_config("fix_is_chatmail", "1")
+    account.set_config("is_chatmail", is_chatmail)
+
+    # The default value when the setting is unset is "1".
+    # This is not changed for compatibility with old databases
+    # imported from backups.
+    assert account.get_config("mvbox_move") == "1"
+
+    qr = acfactory.get_account_qr()
+    account.add_transport_from_qr(qr)
+
+    # Once the first transport is set up,
+    # mvbox_move is disabled.
+    assert account.get_config("mvbox_move") == "0"
+    assert account.get_config("is_chatmail") == is_chatmail
+
+
+def test_reconfigure_transport(acfactory) -> None:
+    """Test that reconfiguring the transport works
+    even if settings not supported for multi-transport
+    like mvbox_move are enabled."""
+    account = acfactory.get_online_account()
+    account.set_config("mvbox_move", "1")
+
+    [transport] = account.list_transports()
+    account.add_or_update_transport(transport)
+
+    # Reconfiguring the transport should not reset
+    # the settings as if when configuring the first transport.
+    assert account.get_config("mvbox_move") == "1"
+
+
+def test_transport_synchronization(acfactory, log) -> None:
+    """Test synchronization of transports between devices."""
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1_clone = ac1.clone()
+    ac1_clone.bring_online()
+
+    qr = acfactory.get_account_qr()
+
+    ac1.add_transport_from_qr(qr)
+    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
+    assert len(ac1.list_transports()) == 2
+    assert len(ac1_clone.list_transports()) == 2
+
+    ac1_clone.add_transport_from_qr(qr)
+    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
+    assert len(ac1.list_transports()) == 3
+    assert len(ac1_clone.list_transports()) == 3
+
+    log.section("ac1 clone removes second transport")
+    [transport1, transport2, transport3] = ac1_clone.list_transports()
+    addr3 = transport3["addr"]
+    ac1_clone.delete_transport(transport2["addr"])
+
+    ac1.wait_for_event(EventType.TRANSPORTS_MODIFIED)
+    [transport1, transport3] = ac1.list_transports()
+
+    log.section("ac1 changes the primary transport")
+    ac1.set_config("configured_addr", transport3["addr"])
+
+    log.section("ac1 removes the first transport")
+    ac1.delete_transport(transport1["addr"])
+
+    ac1_clone.wait_for_event(EventType.TRANSPORTS_MODIFIED)
+    [transport3] = ac1_clone.list_transports()
+    assert transport3["addr"] == addr3
+    assert ac1_clone.get_config("configured_addr") == addr3
+
+    ac2_chat = ac2.create_chat(ac1)
+    ac2_chat.send_text("Hello!")
+
+    assert ac1.wait_for_incoming_msg().get_snapshot().text == "Hello!"
+    assert ac1_clone.wait_for_incoming_msg().get_snapshot().text == "Hello!"
--- a/deltachat-rpc-client/tests/test_securejoin.py
+++ b/deltachat-rpc-client/tests/test_securejoin.py
@@ -3,6 +3,7 @@ import logging
 import pytest

 from deltachat_rpc_client import Chat, EventType, SpecialContactId
+from deltachat_rpc_client.const import ChatType
 from deltachat_rpc_client.rpc import JsonRpcError


@@ -58,8 +59,7 @@ def test_qr_setup_contact_svg(acfactory) -> None:
    assert "Alice" in svg


-@pytest.mark.parametrize("protect", [True, False])
-def test_qr_securejoin(acfactory, protect):
+def test_qr_securejoin(acfactory):
    alice, bob, fiona = acfactory.get_online_accounts(3)

    # Setup second device for Alice
@@ -67,8 +67,7 @@ def test_qr_securejoin(acfactory, protect):
    alice2 = alice.clone()

    logging.info("Alice creates a group")
-    alice_chat = alice.create_group("Group", protect=protect)
-    assert alice_chat.get_basic_snapshot().is_protected == protect
+    alice_chat = alice.create_group("Group")

    logging.info("Bob joins the group")
    qr_code = alice_chat.get_qr_code()
@@ -87,9 +86,8 @@ def test_qr_securejoin(acfactory, protect):
    alice_contact_bob_snapshot = alice_contact_bob.get_snapshot()
    assert alice_contact_bob_snapshot.is_verified

-    snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Member Me added by {}.".format(alice.get_config("addr"))
-    assert snapshot.chat.get_basic_snapshot().is_protected == protect

    # Test that Bob verified Alice's profile.
    bob_contact_alice = bob.create_contact(alice)
@@ -112,6 +110,143 @@ def test_qr_securejoin(acfactory, protect):
    fiona.wait_for_securejoin_joiner_success()


+@pytest.mark.parametrize("all_devices_online", [True, False])
+def test_qr_securejoin_broadcast(acfactory, all_devices_online):
+    alice, bob, fiona = acfactory.get_online_accounts(3)
+
+    alice2 = alice.clone()
+    bob2 = bob.clone()
+
+    if all_devices_online:
+        alice2.start_io()
+        bob2.start_io()
+
+    logging.info("===================== Alice creates a broadcast =====================")
+    alice_chat = alice.create_broadcast("Broadcast channel!")
+    snapshot = alice_chat.get_basic_snapshot()
+    assert not snapshot.is_unpromoted  # Broadcast channels are never unpromoted
+
+    logging.info("===================== Bob joins the broadcast =====================")
+
+    qr_code = alice_chat.get_qr_code()
+    bob.secure_join(qr_code)
+    alice.wait_for_securejoin_inviter_success()
+    bob.wait_for_securejoin_joiner_success()
+    alice_chat.send_text("Hello everyone!")
+
+    def get_broadcast(ac):
+        chat = ac.get_chatlist(query="Broadcast channel!")[0]
+        assert chat.get_basic_snapshot().name == "Broadcast channel!"
+        return chat
+
+    def wait_for_broadcast_messages(ac):
+        snapshot1 = ac.wait_for_incoming_msg().get_snapshot()
+        assert snapshot1.text == "You joined the channel."
+
+        snapshot2 = ac.wait_for_incoming_msg().get_snapshot()
+        assert snapshot2.text == "Hello everyone!"
+
+        chat = get_broadcast(ac)
+        assert snapshot1.chat_id == chat.id
+        assert snapshot2.chat_id == chat.id
+
+    def check_account(ac, contact, inviter_side, please_wait_info_msg=False):
+        # Check that the chat partner is verified.
+        contact_snapshot = contact.get_snapshot()
+        assert contact_snapshot.is_verified
+
+        chat = get_broadcast(ac)
+        chat_msgs = chat.get_messages()
+
+        encrypted_msg = chat_msgs.pop(0).get_snapshot()
+        assert encrypted_msg.text == "Messages are end-to-end encrypted."
+        assert encrypted_msg.is_info
+
+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert "invited you to join this channel" in first_msg.text
+            assert first_msg.is_info
+
+        member_added_msg = chat_msgs.pop(0).get_snapshot()
+        if inviter_side:
+            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
+        else:
+            assert member_added_msg.text == "You joined the channel."
+        assert member_added_msg.is_info
+
+        hello_msg = chat_msgs.pop(0).get_snapshot()
+        assert hello_msg.text == "Hello everyone!"
+        assert not hello_msg.is_info
+        assert hello_msg.show_padlock
+        assert hello_msg.error is None
+
+        assert len(chat_msgs) == 0
+
+        chat_snapshot = chat.get_full_snapshot()
+        assert chat_snapshot.is_encrypted
+        assert chat_snapshot.name == "Broadcast channel!"
+        if inviter_side:
+            assert chat_snapshot.chat_type == ChatType.OUT_BROADCAST
+        else:
+            assert chat_snapshot.chat_type == ChatType.IN_BROADCAST
+        assert chat_snapshot.can_send == inviter_side
+
+        chat_contacts = chat_snapshot.contact_ids
+        assert contact.id in chat_contacts
+        if inviter_side:
+            assert len(chat_contacts) == 1
+        else:
+            assert len(chat_contacts) == 2
+            assert SpecialContactId.SELF in chat_contacts
+            assert chat_snapshot.self_in_group
+
+    wait_for_broadcast_messages(bob)
+
+    check_account(alice, alice.create_contact(bob), inviter_side=True)
+    check_account(bob, bob.create_contact(alice), inviter_side=False, please_wait_info_msg=True)
+
+    logging.info("===================== Test Alice's second device =====================")
+
+    # Start second Alice device, if it wasn't started already.
+    alice2.start_io()
+
+    while True:
+        msg_id = alice2.wait_for_msgs_changed_event().msg_id
+        if msg_id:
+            snapshot = alice2.get_message_by_id(msg_id).get_snapshot()
+            if snapshot.text == "Hello everyone!":
+                break
+
+    check_account(alice2, alice2.create_contact(bob), inviter_side=True)
+
+    logging.info("===================== Test Bob's second device =====================")
+
+    # Start second Bob device, if it wasn't started already.
+    bob2.start_io()
+    bob2.wait_for_securejoin_joiner_success()
+    wait_for_broadcast_messages(bob2)
+    check_account(bob2, bob2.create_contact(alice), inviter_side=False)
+
+    # The QR code token is synced, so alice2 must be able to handle join requests.
+    logging.info("===================== Fiona joins the group via alice2 =====================")
+    alice.stop_io()
+    fiona.secure_join(qr_code)
+    alice2.wait_for_securejoin_inviter_success()
+    fiona.wait_for_securejoin_joiner_success()
+
+    snapshot = fiona.wait_for_incoming_msg().get_snapshot()
+    assert snapshot.text == "You joined the channel."
+
+    get_broadcast(alice2).get_messages()[2].resend()
+    snapshot = fiona.wait_for_incoming_msg().get_snapshot()
+    assert snapshot.text == "Hello everyone!"
+
+    check_account(fiona, fiona.create_contact(alice), inviter_side=False, please_wait_info_msg=True)
+
+    # For Bob, the channel must not have changed:
+    check_account(bob, bob.create_contact(alice), inviter_side=False, please_wait_info_msg=True)
+
+
 def test_qr_securejoin_contact_request(acfactory) -> None:
    """Alice invites Bob to a group when Bob's chat with Alice is in a contact request mode."""
    alice, bob = acfactory.get_online_accounts(2)
@@ -120,13 +255,13 @@ def test_qr_securejoin_contact_request(acfactory) -> None:
    alice_chat_bob = alice_contact_bob.create_chat()
    alice_chat_bob.send_text("Hello!")

-    snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello!"
    bob_chat_alice = snapshot.chat
    assert bob_chat_alice.get_basic_snapshot().is_contact_request

-    alice_chat = alice.create_group("Verified group", protect=True)
-    logging.info("Bob joins verified group")
+    alice_chat = alice.create_group("Group")
+    logging.info("Bob joins the group")
    qr_code = alice_chat.get_qr_code()
    bob.secure_join(qr_code)
    while True:
@@ -150,8 +285,8 @@ def test_qr_readreceipt(acfactory) -> None:
    for joiner in [bob, charlie]:
        joiner.wait_for_securejoin_joiner_success()

-    logging.info("Alice creates a verified group")
-    group = alice.create_group("Group", protect=True)
+    logging.info("Alice creates a group")
+    group = alice.create_group("Group")

    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_contact_charlie = alice.create_contact(charlie, "Charlie")
@@ -164,8 +299,7 @@ def test_qr_readreceipt(acfactory) -> None:

    logging.info("Bob and Charlie receive a group")

-    bob_msg_id = bob.wait_for_incoming_msg_event().msg_id
-    bob_message = bob.get_message_by_id(bob_msg_id)
+    bob_message = bob.wait_for_incoming_msg()
    bob_snapshot = bob_message.get_snapshot()
    assert bob_snapshot.text == "Hello"

@@ -176,8 +310,7 @@ def test_qr_readreceipt(acfactory) -> None:

    bob_out_message = bob_snapshot.chat.send_message(text="Hi from Bob!")

-    charlie_msg_id = charlie.wait_for_incoming_msg_event().msg_id
-    charlie_message = charlie.get_message_by_id(charlie_msg_id)
+    charlie_message = charlie.wait_for_incoming_msg()
    charlie_snapshot = charlie_message.get_snapshot()
    assert charlie_snapshot.text == "Hi from Bob!"

@@ -216,11 +349,10 @@ def test_verified_group_member_added_recovery(acfactory) -> None:
    """Tests verified group recovery by reverifying then removing and adding a member back."""
    ac1, ac2, ac3 = acfactory.get_online_accounts(3)

-    logging.info("ac1 creates verified group")
-    chat = ac1.create_group("Verified group", protect=True)
-    assert chat.get_basic_snapshot().is_protected
+    logging.info("ac1 creates a group")
+    chat = ac1.create_group("Group")

-    logging.info("ac2 joins verified group")
+    logging.info("ac2 joins the group")
    qr_code = chat.get_qr_code()
    ac2.secure_join(qr_code)
    ac2.wait_for_securejoin_joiner_success()
@@ -253,7 +385,7 @@ def test_verified_group_member_added_recovery(acfactory) -> None:
    ac3_contact_ac2 = ac3.create_contact(ac2)
    ac3_chat.remove_contact(ac3_contact_ac2_old)

-    snapshot = ac1.get_message_by_id(ac1.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac1.wait_for_incoming_msg().get_snapshot()
    assert "removed" in snapshot.text

    ac3_chat.add_contact(ac3_contact_ac2)
@@ -266,25 +398,26 @@ def test_verified_group_member_added_recovery(acfactory) -> None:
    logging.info("ac2 got event message: %s", snapshot.text)
    assert "added" in snapshot.text

-    snapshot = ac1.get_message_by_id(ac1.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac1.wait_for_incoming_msg().get_snapshot()
    assert "added" in snapshot.text

    chat = Chat(ac2, chat_id)
    chat.send_text("Works again!")

-    msg_id = ac3.wait_for_incoming_msg_event().msg_id
-    message = ac3.get_message_by_id(msg_id)
+    message = ac3.wait_for_incoming_msg()
    snapshot = message.get_snapshot()
    assert snapshot.text == "Works again!"

-    snapshot = ac1.get_message_by_id(ac1.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac1.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Works again!"

    ac1_contact_ac2 = ac1.create_contact(ac2)
    ac1_contact_ac3 = ac1.create_contact(ac3)
    ac1_contact_ac2_snapshot = ac1_contact_ac2.get_snapshot()
-    assert ac1_contact_ac2_snapshot.is_verified
-    assert ac1_contact_ac2_snapshot.verifier_id == ac1_contact_ac3.id
+    # Until we reset verifications and then send the _verified header,
+    # verification is not gossiped here:
+    assert not ac1_contact_ac2_snapshot.is_verified
+    assert ac1_contact_ac2_snapshot.verifier_id != ac1_contact_ac3.id


 def test_qr_join_chat_with_pending_bobstate_issue4894(acfactory):
@@ -302,8 +435,8 @@ def test_qr_join_chat_with_pending_bobstate_issue4894(acfactory):
    # we first create a fully joined verified group, and then start
    # joining a second time but interrupt it, to create pending bob state

-    logging.info("ac1: create verified group that ac2 fully joins")
-    ch1 = ac1.create_group("Group", protect=True)
+    logging.info("ac1: create a group that ac2 fully joins")
+    ch1 = ac1.create_group("Group")
    qr_code = ch1.get_qr_code()
    ac2.secure_join(qr_code)
    ac1.wait_for_securejoin_inviter_success()
@@ -311,9 +444,8 @@ def test_qr_join_chat_with_pending_bobstate_issue4894(acfactory):
    # ensure ac1 can write and ac2 receives messages in verified chat
    ch1.send_text("ac1 says hello")
    while 1:
-        snapshot = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+        snapshot = ac2.wait_for_incoming_msg().get_snapshot()
        if snapshot.text == "ac1 says hello":
-            assert snapshot.chat.get_basic_snapshot().is_protected
            break

    logging.info("ac1: let ac2 join again but shutoff ac1 in the middle of securejoin")
@@ -327,15 +459,14 @@ def test_qr_join_chat_with_pending_bobstate_issue4894(acfactory):
    assert ac2.create_contact(ac3).get_snapshot().is_verified

    logging.info("ac3: create a verified group VG with ac2")
-    vg = ac3.create_group("ac3-created", protect=True)
+    vg = ac3.create_group("ac3-created")
    vg.add_contact(ac3.create_contact(ac2))

    # ensure ac2 receives message in VG
    vg.send_text("hello")
    while 1:
-        msg = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+        msg = ac2.wait_for_incoming_msg().get_snapshot()
        if msg.text == "hello":
-            assert msg.chat.get_basic_snapshot().is_protected
            break

    logging.info("ac3: create a join-code for group VG and let ac4 join, check that ac2 got it")
@@ -359,7 +490,7 @@ def test_qr_new_group_unblocked(acfactory):
    """

    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac1_chat = ac1.create_group("Group for joining", protect=True)
+    ac1_chat = ac1.create_group("Group for joining")
    qr_code = ac1_chat.get_qr_code()
    ac2.secure_join(qr_code)

@@ -371,7 +502,7 @@ def test_qr_new_group_unblocked(acfactory):
    ac2.wait_for_incoming_msg_event()

    ac1_new_chat.send_text("Hello!")
-    ac2_msg = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    ac2_msg = ac2.wait_for_incoming_msg().get_snapshot()
    assert ac2_msg.text == "Hello!"
    assert ac2_msg.chat.get_basic_snapshot().is_contact_request

@@ -384,8 +515,7 @@ def test_aeap_flow_verified(acfactory):
    addr, password = acfactory.get_credentials()

    logging.info("ac1: create verified-group QR, ac2 scans and joins")
-    chat = ac1.create_group("hello", protect=True)
-    assert chat.get_basic_snapshot().is_protected
+    chat = ac1.create_group("hello")
    qr_code = chat.get_qr_code()
    logging.info("ac2: start QR-code based join-group protocol")
    ac2.secure_join(qr_code)
@@ -397,7 +527,7 @@ def test_aeap_flow_verified(acfactory):

    logging.info("receiving first message")
    ac2.wait_for_incoming_msg_event()  # member added message
-    msg_in_1 = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    msg_in_1 = ac2.wait_for_incoming_msg().get_snapshot()
    assert msg_in_1.text == msg_out.text

    logging.info("changing email account")
@@ -411,7 +541,7 @@ def test_aeap_flow_verified(acfactory):
    msg_out = chat.send_text("changed address").get_snapshot()

    logging.info("receiving second message")
-    msg_in_2 = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id)
+    msg_in_2 = ac2.wait_for_incoming_msg()
    msg_in_2_snapshot = msg_in_2.get_snapshot()
    assert msg_in_2_snapshot.text == msg_out.text
    assert msg_in_2_snapshot.chat.id == msg_in_1.chat.id
@@ -439,33 +569,35 @@ def test_gossip_verification(acfactory) -> None:

    logging.info("Bob creates an Autocrypt group")
    bob_group_chat = bob.create_group("Autocrypt Group")
-    assert not bob_group_chat.get_basic_snapshot().is_protected
    bob_group_chat.add_contact(bob_contact_alice)
    bob_group_chat.add_contact(bob_contact_carol)
    bob_group_chat.send_message(text="Hello Autocrypt group")

-    snapshot = carol.get_message_by_id(carol.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = carol.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello Autocrypt group"
    assert snapshot.show_padlock

-    # Autocrypt group does not propagate verification.
+    # Group propagates verification using Autocrypt-Gossip header.
    carol_contact_alice_snapshot = carol_contact_alice.get_snapshot()
+    # Until we reset verifications and then send the _verified header,
+    # verification is not gossiped here:
    assert not carol_contact_alice_snapshot.is_verified

    logging.info("Bob creates a Securejoin group")
-    bob_group_chat = bob.create_group("Securejoin Group", protect=True)
-    assert bob_group_chat.get_basic_snapshot().is_protected
+    bob_group_chat = bob.create_group("Securejoin Group")
    bob_group_chat.add_contact(bob_contact_alice)
    bob_group_chat.add_contact(bob_contact_carol)
    bob_group_chat.send_message(text="Hello Securejoin group")

-    snapshot = carol.get_message_by_id(carol.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = carol.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello Securejoin group"
    assert snapshot.show_padlock

    # Securejoin propagates verification.
    carol_contact_alice_snapshot = carol_contact_alice.get_snapshot()
-    assert carol_contact_alice_snapshot.is_verified
+    # Until we reset verifications and then send the _verified header,
+    # verification is not gossiped here:
+    assert not carol_contact_alice_snapshot.is_verified


 def test_securejoin_after_contact_resetup(acfactory) -> None:
@@ -477,7 +609,7 @@ def test_securejoin_after_contact_resetup(acfactory) -> None:
    ac1, ac2, ac3 = acfactory.get_online_accounts(3)

    # ac3 creates protected group with ac1.
-    ac3_chat = ac3.create_group("Verified group", protect=True)
+    ac3_chat = ac3.create_group("Group")

    # ac1 joins ac3 group.
    ac3_qr_code = ac3_chat.get_qr_code()
@@ -485,7 +617,7 @@ def test_securejoin_after_contact_resetup(acfactory) -> None:
    ac1.wait_for_securejoin_joiner_success()

    # ac1 waits for member added message and creates a QR code.
-    snapshot = ac1.get_message_by_id(ac1.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac1.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Member Me added by {}.".format(ac3.get_config("addr"))
    ac1_qr_code = snapshot.chat.get_qr_code()

@@ -522,10 +654,9 @@ def test_securejoin_after_contact_resetup(acfactory) -> None:

    # Wait for member added.
    logging.info("ac2 waits for member added message")
-    snapshot = ac2.get_message_by_id(ac2.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = ac2.wait_for_incoming_msg().get_snapshot()
    assert snapshot.is_info
    ac2_chat = snapshot.chat
-    assert ac2_chat.get_basic_snapshot().is_protected
    assert len(ac2_chat.get_contacts()) == 3

    # ac1 is still "not verified" for ac2 due to inconsistent state.
@@ -535,9 +666,8 @@ def test_securejoin_after_contact_resetup(acfactory) -> None:
 def test_withdraw_securejoin_qr(acfactory):
    alice, bob = acfactory.get_online_accounts(2)

-    logging.info("Alice creates a verified group")
-    alice_chat = alice.create_group("Verified group", protect=True)
-    assert alice_chat.get_basic_snapshot().is_protected
+    logging.info("Alice creates a group")
+    alice_chat = alice.create_group("Group")
    logging.info("Bob joins verified group")

    qr_code = alice_chat.get_qr_code()
@@ -546,9 +676,8 @@ def test_withdraw_securejoin_qr(acfactory):

    alice.clear_all_events()

-    snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Member Me added by {}.".format(alice.get_config("addr"))
-    assert snapshot.chat.get_basic_snapshot().is_protected
    bob_chat.leave()

    snapshot = alice.get_message_by_id(alice.wait_for_msgs_changed_event().msg_id).get_snapshot()
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -11,7 +11,7 @@ from unittest.mock import MagicMock
 import pytest

 from deltachat_rpc_client import Contact, EventType, Message, events
-from deltachat_rpc_client.const import ChatType, DownloadState, MessageState
+from deltachat_rpc_client.const import DownloadState, MessageState
 from deltachat_rpc_client.pytestplugin import E2EE_INFO_MSGS
 from deltachat_rpc_client.rpc import JsonRpcError

@@ -338,44 +338,26 @@ def test_receive_imf_failure(acfactory) -> None:

    bob.set_config("fail_on_receiving_full_msg", "1")
    alice_chat_bob.send_text("Hello!")
-    event = bob.wait_for_incoming_msg_event()
-    chat_id = event.chat_id
+    event = bob.wait_for_event(EventType.MSGS_CHANGED)
+    assert event.chat_id == bob.get_device_chat().id
    msg_id = event.msg_id
    message = bob.get_message_by_id(msg_id)
    snapshot = message.get_snapshot()
-    assert snapshot.chat_id == chat_id
-    assert snapshot.download_state == DownloadState.AVAILABLE
-    assert snapshot.error is not None
-    assert snapshot.show_padlock
+    assert (
+        snapshot.text == "❌ Failed to receive a message:"
+        " Condition failed: `!context.get_config_bool(Config::FailOnReceivingFullMsg).await?`."
+        " Please report this bug to delta@merlinux.eu or https://support.delta.chat/."
+    )

    # The failed message doesn't break the IMAP loop.
    bob.set_config("fail_on_receiving_full_msg", "0")
    alice_chat_bob.send_text("Hello again!")
-    event = bob.wait_for_incoming_msg_event()
-    assert event.chat_id == chat_id
-    msg_id = event.msg_id
-    message1 = bob.get_message_by_id(msg_id)
-    snapshot = message1.get_snapshot()
-    assert snapshot.chat_id == chat_id
+    message = bob.wait_for_incoming_msg()
+    snapshot = message.get_snapshot()
+    assert snapshot.text == "Hello again!"
    assert snapshot.download_state == DownloadState.DONE
    assert snapshot.error is None

-    # The failed message can be re-downloaded later.
-    bob._rpc.download_full_message(bob.id, message.id)
-    event = bob.wait_for_event(EventType.MSGS_CHANGED)
-    message = bob.get_message_by_id(event.msg_id)
-    snapshot = message.get_snapshot()
-    assert snapshot.download_state == DownloadState.IN_PROGRESS
-    event = bob.wait_for_event(EventType.MSGS_CHANGED)
-    assert event.chat_id == chat_id
-    msg_id = event.msg_id
-    message = bob.get_message_by_id(msg_id)
-    snapshot = message.get_snapshot()
-    assert snapshot.chat_id == chat_id
-    assert snapshot.download_state == DownloadState.DONE
-    assert snapshot.error is None
-    assert snapshot.text == "Hello!"
-

 def test_selfavatar_sync(acfactory, data, log) -> None:
    alice = acfactory.get_online_account()
@@ -439,10 +421,7 @@ def test_is_bot(acfactory) -> None:
    alice.set_config("bot", "1")
    alice_chat_bob.send_text("Hello!")

-    event = bob.wait_for_incoming_msg_event()
-    message = bob.get_message_by_id(event.msg_id)
-    snapshot = message.get_snapshot()
-    assert snapshot.chat_id == event.chat_id
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello!"
    assert snapshot.is_bot

@@ -488,7 +467,7 @@ def test_bot(acfactory) -> None:


 def test_wait_next_messages(acfactory) -> None:
-    alice = acfactory.new_configured_account()
+    alice = acfactory.get_online_account()

    # Create a bot account so it does not receive device messages in the beginning.
    addr, password = acfactory.get_credentials()
@@ -496,26 +475,26 @@ def test_wait_next_messages(acfactory) -> None:
    bot.set_config("bot", "1")
    bot.add_or_update_transport({"addr": addr, "password": password})
    assert bot.is_configured()
+    bot.bring_online()

    # There are no old messages and the call returns immediately.
    assert not bot.wait_next_messages()

-    with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:
-        # Bot starts waiting for messages.
-        next_messages_task = executor.submit(bot.wait_next_messages)
+    # Bot starts waiting for messages.
+    next_messages_task = bot.wait_next_messages.future()

-        alice_contact_bot = alice.create_contact(bot, "Bot")
-        alice_chat_bot = alice_contact_bot.create_chat()
-        alice_chat_bot.send_text("Hello!")
+    alice_contact_bot = alice.create_contact(bot, "Bot")
+    alice_chat_bot = alice_contact_bot.create_chat()
+    alice_chat_bot.send_text("Hello!")

-        next_messages = next_messages_task.result()
+    next_messages = next_messages_task()

-        if len(next_messages) == E2EE_INFO_MSGS:
-            next_messages += bot.wait_next_messages()
+    if len(next_messages) == E2EE_INFO_MSGS:
+        next_messages += bot.wait_next_messages()

-        assert len(next_messages) == 1 + E2EE_INFO_MSGS
-        snapshot = next_messages[0 + E2EE_INFO_MSGS].get_snapshot()
-        assert snapshot.text == "Hello!"
+    assert len(next_messages) == 1 + E2EE_INFO_MSGS
+    snapshot = next_messages[0 + E2EE_INFO_MSGS].get_snapshot()
+    assert snapshot.text == "Hello!"


 def test_import_export_backup(acfactory, tmp_path) -> None:
@@ -535,7 +514,7 @@ def test_import_export_keys(acfactory, tmp_path) -> None:
    alice_chat_bob = alice.create_chat(bob)
    alice_chat_bob.send_text("Hello Bob!")

-    snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello Bob!"

    # Alice resetups account, but keeps the key.
@@ -547,7 +526,7 @@ def test_import_export_keys(acfactory, tmp_path) -> None:

    snapshot.chat.accept()
    snapshot.chat.send_text("Hello Alice!")
-    snapshot = alice.get_message_by_id(alice.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = alice.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "Hello Alice!"
    assert snapshot.show_padlock

@@ -570,8 +549,11 @@ def test_provider_info(rpc) -> None:
    assert provider_info is None

    # Test MX record resolution.
+    # This previously resulted in Gmail provider
+    # because MX record pointed to google.com domain,
+    # but MX record resolution has been removed.
    provider_info = rpc.get_provider_info(account_id, "github.com")
-    assert provider_info["id"] == "gmail"
+    assert provider_info is None

    # Disable MX record resolution.
    rpc.set_config(account_id, "proxy_enabled", "1")
@@ -589,18 +571,13 @@ def test_mdn_doesnt_break_autocrypt(acfactory) -> None:

    # Alice sends a message to Bob.
    alice_chat_bob.send_text("Hello Bob!")
-    event = bob.wait_for_incoming_msg_event()
-    msg_id = event.msg_id
-    message = bob.get_message_by_id(msg_id)
-    snapshot = message.get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()

    # Bob sends a message to Alice.
    bob_chat_alice = snapshot.chat
    bob_chat_alice.accept()
    bob_chat_alice.send_text("Hello Alice!")
-    event = alice.wait_for_incoming_msg_event()
-    msg_id = event.msg_id
-    message = alice.get_message_by_id(msg_id)
+    message = alice.wait_for_incoming_msg()
    snapshot = message.get_snapshot()
    assert snapshot.show_padlock

@@ -610,10 +587,7 @@ def test_mdn_doesnt_break_autocrypt(acfactory) -> None:

    # Bob sends a message to Alice, it should also be encrypted.
    bob_chat_alice.send_text("Hi Alice!")
-    event = alice.wait_for_incoming_msg_event()
-    msg_id = event.msg_id
-    message = alice.get_message_by_id(msg_id)
-    snapshot = message.get_snapshot()
+    snapshot = alice.wait_for_incoming_msg().get_snapshot()
    assert snapshot.show_padlock


@@ -671,50 +645,6 @@ def test_reaction_to_partially_fetched_msg(acfactory, tmp_path):
    assert list(reactions.reactions_by_contact.values())[0] == [react_str]


-def test_reactions_for_a_reordering_move(acfactory, direct_imap):
-    """When a batch of messages is moved from Inbox to DeltaChat folder with a single MOVE command,
-    their UIDs may be reordered (e.g. Gmail is known for that) which led to that messages were
-    processed by receive_imf in the wrong order, and, particularly, reactions were processed before
-    messages they refer to and thus dropped.
-    """
-    (ac1,) = acfactory.get_online_accounts(1)
-
-    addr, password = acfactory.get_credentials()
-    ac2 = acfactory.get_unconfigured_account()
-    ac2.add_or_update_transport({"addr": addr, "password": password})
-    ac2.set_config("mvbox_move", "1")
-    assert ac2.is_configured()
-
-    ac2.bring_online()
-    chat1 = acfactory.get_accepted_chat(ac1, ac2)
-    ac2.stop_io()
-
-    logging.info("sending message + reaction from ac1 to ac2")
-    msg1 = chat1.send_text("hi")
-    msg1.wait_until_delivered()
-    # It's is sad, but messages must differ in their INTERNALDATEs to be processed in the correct
-    # order by DC, and most (if not all) mail servers provide only seconds precision.
-    time.sleep(1.1)
-    react_str = "\N{THUMBS UP SIGN}"
-    msg1.send_reaction(react_str).wait_until_delivered()
-
-    logging.info("moving messages to ac2's DeltaChat folder in the reverse order")
-    ac2_direct_imap = direct_imap(ac2)
-    ac2_direct_imap.connect()
-    for uid in sorted([m.uid for m in ac2_direct_imap.get_all_messages()], reverse=True):
-        ac2_direct_imap.conn.move(uid, "DeltaChat")
-
-    logging.info("receiving messages by ac2")
-    ac2.start_io()
-    msg2 = Message(ac2, ac2.wait_for_reactions_changed().msg_id)
-    assert msg2.get_snapshot().text == msg1.get_snapshot().text
-    reactions = msg2.get_reactions()
-    contacts = [Contact(ac2, int(i)) for i in reactions.reactions_by_contact]
-    assert len(contacts) == 1
-    assert contacts[0].get_snapshot().address == ac1.get_config("addr")
-    assert list(reactions.reactions_by_contact.values())[0] == [react_str]
-
-
@pytest.mark.parametrize("n_accounts", [3, 2])
 def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
    download_limit = 300000
@@ -726,17 +656,15 @@ def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
    for account in others:
        chat = account.create_chat(alice)
        chat.send_text("Hello Alice!")
-        assert alice.get_message_by_id(alice.wait_for_incoming_msg_event().msg_id).get_snapshot().text == "Hello Alice!"
+        assert alice.wait_for_incoming_msg().get_snapshot().text == "Hello Alice!"

        contact = alice.create_contact(account)
        alice_group.add_contact(contact)

-    if n_accounts == 2:
-        bob_chat_alice = bob.create_chat(alice)
    bob.set_config("download_limit", str(download_limit))

    alice_group.send_text("hi")
-    snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+    snapshot = bob.wait_for_incoming_msg().get_snapshot()
    assert snapshot.text == "hi"
    bob_group = snapshot.chat

@@ -746,17 +674,9 @@ def test_download_limit_chat_assignment(acfactory, tmp_path, n_accounts):
    for i in range(10):
        logging.info("Sending message %s", i)
        alice_group.send_file(str(path))
-        snapshot = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id).get_snapshot()
+        snapshot = bob.wait_for_incoming_msg().get_snapshot()
        assert snapshot.download_state == DownloadState.AVAILABLE
-        if n_accounts > 2:
-            assert snapshot.chat == bob_group
-        else:
-            # Group contains only Alice and Bob,
-            # so partially downloaded messages are
-            # hard to distinguish from private replies to group messages.
-            #
-            # Message may be a private reply, so we assign it to 1:1 chat with Alice.
-            assert snapshot.chat == bob_chat_alice
+        assert snapshot.chat == bob_group


 def test_markseen_contact_request(acfactory):
@@ -773,8 +693,8 @@ def test_markseen_contact_request(acfactory):
    alice_chat_bob = alice.create_chat(bob)
    alice_chat_bob.send_text("Hello Bob!")

-    message = bob.get_message_by_id(bob.wait_for_incoming_msg_event().msg_id)
-    message2 = bob2.get_message_by_id(bob2.wait_for_incoming_msg_event().msg_id)
+    message = bob.wait_for_incoming_msg()
+    message2 = bob2.wait_for_incoming_msg()
    assert message2.get_snapshot().state == MessageState.IN_FRESH

    message.mark_seen()
@@ -796,7 +716,7 @@ def test_read_receipt(acfactory):
    msg = bob.wait_for_incoming_msg()
    msg.mark_seen()

-    read_msg = alice.get_message_by_id(alice.wait_for_event(EventType.MSG_READ).msg_id)
+    read_msg = alice.wait_for_msg(EventType.MSG_READ)
    read_receipts = read_msg.get_read_receipts()
    assert len(read_receipts) == 1
    assert read_receipts[0].contact_id == alice_contact_bob.id
@@ -813,7 +733,7 @@ def test_configured_imap_certificate_checks(acfactory):
    alice = acfactory.new_configured_account()

    # Certificate checks should be configured (not None)
-    assert "cert_automatic" in alice.get_info().used_account_settings
+    assert "cert_strict" in alice.get_info().used_account_settings

    # "cert_old_automatic" is the value old Delta Chat core versions used
    # to mean user entered "imap_certificate_checks=0" (Automatic)
@@ -885,10 +805,12 @@ def test_rename_group(acfactory):
    bob_msg = bob.wait_for_incoming_msg()
    bob_chat = bob_msg.get_snapshot().chat
    assert bob_chat.get_basic_snapshot().name == "Test group"
+    bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)

    for name in ["Baz", "Foo bar", "Xyzzy"]:
        alice_group.set_name(name)
-        bob.wait_for_incoming_msg_event()
+        bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)
+        bob.wait_for_event(EventType.CHATLIST_ITEM_CHANGED)
        assert bob_chat.get_basic_snapshot().name == name


@@ -900,58 +822,193 @@ def test_get_all_accounts_deadlock(rpc):
        all_accounts()


-def test_delete_deltachat_folder(acfactory, direct_imap):
-    """Test that DeltaChat folder is recreated if user deletes it manually."""
-    ac1 = acfactory.new_configured_account()
-    ac1.set_config("mvbox_move", "1")
-    ac1.bring_online()
-
-    ac1_direct_imap = direct_imap(ac1)
-    ac1_direct_imap.conn.folder.delete("DeltaChat")
-    assert "DeltaChat" not in ac1_direct_imap.list_folders()
-
-    # Wait until new folder is created and UIDVALIDITY is updated.
-    while True:
-        event = ac1.wait_for_event()
-        if event.kind == EventType.INFO and "uid/validity change folder DeltaChat" in event.msg:
-            break
-
-    ac2 = acfactory.get_online_account()
-    ac2.create_chat(ac1).send_text("hello")
-    msg = ac1.wait_for_incoming_msg().get_snapshot()
-    assert msg.text == "hello"
-
-    assert "DeltaChat" in ac1_direct_imap.list_folders()
-
-
-def test_broadcast(acfactory):
+@pytest.mark.parametrize("all_devices_online", [True, False])
+def test_leave_broadcast(acfactory, all_devices_online):
    alice, bob = acfactory.get_online_accounts(2)

-    alice_chat = alice.create_broadcast("My great channel")
-    snapshot = alice_chat.get_basic_snapshot()
-    assert snapshot.name == "My great channel"
-    assert snapshot.is_unpromoted
-    assert snapshot.is_encrypted
-    assert snapshot.chat_type == ChatType.OUT_BROADCAST
+    bob2 = bob.clone()

-    alice_contact_bob = alice.create_contact(bob, "Bob")
-    alice_chat.add_contact(alice_contact_bob)
+    if all_devices_online:
+        bob2.start_io()

-    alice_msg = alice_chat.send_message(text="hello").get_snapshot()
-    assert alice_msg.text == "hello"
-    assert alice_msg.show_padlock
+    logging.info("===================== Alice creates a broadcast =====================")
+    alice_chat = alice.create_broadcast("Broadcast channel!")

-    bob_msg = bob.wait_for_incoming_msg().get_snapshot()
-    assert bob_msg.text == "hello"
-    assert bob_msg.show_padlock
-    assert bob_msg.error is None
+    logging.info("===================== Bob joins the broadcast =====================")
+    qr_code = alice_chat.get_qr_code()
+    bob.secure_join(qr_code)
+    alice.wait_for_securejoin_inviter_success()
+    bob.wait_for_securejoin_joiner_success()

-    bob_chat = bob.get_chat_by_id(bob_msg.chat_id)
-    bob_chat_snapshot = bob_chat.get_basic_snapshot()
-    assert bob_chat_snapshot.name == "My great channel"
-    assert not bob_chat_snapshot.is_unpromoted
-    assert bob_chat_snapshot.is_encrypted
-    assert bob_chat_snapshot.chat_type == ChatType.IN_BROADCAST
-    assert bob_chat_snapshot.is_contact_request
+    alice_bob_contact = alice.create_contact(bob)
+    alice_contacts = alice_chat.get_contacts()
+    assert len(alice_contacts) == 1  # 1 recipient
+    assert alice_contacts[0].id == alice_bob_contact.id

-    assert not bob_chat.can_send()
+    member_added_msg = bob.wait_for_incoming_msg()
+    assert member_added_msg.get_snapshot().text == "You joined the channel."
+
+    def get_broadcast(ac):
+        chat = ac.get_chatlist(query="Broadcast channel!")[0]
+        assert chat.get_basic_snapshot().name == "Broadcast channel!"
+        return chat
+
+    def check_account(ac, contact, inviter_side, please_wait_info_msg=False):
+        chat = get_broadcast(ac)
+        contact_snapshot = contact.get_snapshot()
+        chat_msgs = chat.get_messages()
+
+        encrypted_msg = chat_msgs.pop(0).get_snapshot()
+        assert encrypted_msg.text == "Messages are end-to-end encrypted."
+        assert encrypted_msg.is_info
+
+        if please_wait_info_msg:
+            first_msg = chat_msgs.pop(0).get_snapshot()
+            assert "invited you to join this channel" in first_msg.text
+            assert first_msg.is_info
+
+        member_added_msg = chat_msgs.pop(0).get_snapshot()
+        if inviter_side:
+            assert member_added_msg.text == f"Member {contact_snapshot.display_name} added."
+        else:
+            assert member_added_msg.text == "You joined the channel."
+        assert member_added_msg.is_info
+
+        if not inviter_side:
+            leave_msg = chat_msgs.pop(0).get_snapshot()
+            assert leave_msg.text == "You left the channel."
+
+        assert len(chat_msgs) == 0
+
+        chat_snapshot = chat.get_full_snapshot()
+
+        # On Alice's side, SELF is not in the list of contact ids
+        # because OutBroadcast chats never contain SELF in the list.
+        # On Bob's side, SELF is not in the list because he left.
+        if inviter_side:
+            assert len(chat_snapshot.contact_ids) == 0
+        else:
+            assert chat_snapshot.contact_ids == [contact.id]
+
+    logging.info("===================== Bob leaves the broadcast =====================")
+    bob_chat = get_broadcast(bob)
+    assert bob_chat.get_full_snapshot().self_in_group
+    assert len(bob_chat.get_contacts()) == 2  # Alice and Bob
+
+    bob_chat.leave()
+    assert not bob_chat.get_full_snapshot().self_in_group
+    # After Bob left, only Alice will be left in Bob's memberlist
+    assert len(bob_chat.get_contacts()) == 1
+
+    check_account(bob, bob.create_contact(alice), inviter_side=False, please_wait_info_msg=True)
+
+    logging.info("===================== Test Alice's device =====================")
+    while len(alice_chat.get_contacts()) != 0:  # After Bob left, there will be 0 recipients
+        alice.wait_for_event(EventType.CHAT_MODIFIED)
+
+    check_account(alice, alice.create_contact(bob), inviter_side=True)
+
+    logging.info("===================== Test Bob's second device =====================")
+    # Start second Bob device, if it wasn't started already.
+    bob2.start_io()
+
+    member_added_msg = bob2.wait_for_incoming_msg()
+    assert member_added_msg.get_snapshot().text == "You joined the channel."
+
+    bob2_chat = get_broadcast(bob2)
+
+    # After Bob left, only Alice will be left in Bob's memberlist
+    while len(bob2_chat.get_contacts()) != 1:
+        bob2.wait_for_event(EventType.CHAT_MODIFIED)
+
+    check_account(bob2, bob2.create_contact(alice), inviter_side=False)
+
+
+def test_immediate_autodelete(acfactory, direct_imap, log):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+
+    # "1" means delete immediately, while "0" means do not delete
+    ac2.set_config("delete_server_after", "1")
+
+    log.section("ac1: create chat with ac2")
+    chat1 = ac1.create_chat(ac2)
+    ac2.create_chat(ac1)
+
+    log.section("ac1: send message to ac2")
+    sent_msg = chat1.send_text("hello")
+
+    msg = ac2.wait_for_incoming_msg()
+    assert msg.get_snapshot().text == "hello"
+
+    log.section("ac2: wait for close/expunge on autodelete")
+    ac2.wait_for_event(EventType.IMAP_MESSAGE_DELETED)
+    while True:
+        event = ac2.wait_for_event()
+        if event.kind == EventType.INFO and "Close/expunge succeeded." in event.msg:
+            break
+
+    log.section("ac2: check that message was autodeleted on server")
+    ac2_direct_imap = direct_imap(ac2)
+    assert len(ac2_direct_imap.get_all_messages()) == 0
+
+    log.section("ac2: Mark deleted message as seen and check that read receipt arrives")
+    msg.mark_seen()
+    ev = ac1.wait_for_event(EventType.MSG_READ)
+    assert ev.chat_id == chat1.id
+    assert ev.msg_id == sent_msg.id
+
+
+def test_background_fetch(acfactory, dc):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac1.stop_io()
+
+    ac1_chat = ac1.create_chat(ac2)
+
+    ac2_chat = ac2.create_chat(ac1)
+    ac2_chat.send_text("Hello!")
+
+    while True:
+        dc.background_fetch(300)
+        messages = ac1_chat.get_messages()
+        snapshot = messages[-1].get_snapshot()
+        if snapshot.text == "Hello!":
+            break
+
+    # Stopping background fetch immediately after starting
+    # does not result in any errors.
+    background_fetch_future = dc.background_fetch.future(300)
+    dc.stop_background_fetch()
+    background_fetch_future()
+
+    # Starting background fetch with zero timeout is ok,
+    # it should terminate immediately.
+    dc.background_fetch(0)
+
+    # Background fetch can still be used to send and receive messages.
+    ac2_chat.send_text("Hello again!")
+
+    while True:
+        dc.background_fetch(300)
+        messages = ac1_chat.get_messages()
+        snapshot = messages[-1].get_snapshot()
+        if snapshot.text == "Hello again!":
+            break
+
+
+def test_message_exists(acfactory):
+    ac1, ac2 = acfactory.get_online_accounts(2)
+    chat = ac1.create_chat(ac2)
+    message1 = chat.send_text("Hello!")
+    message2 = chat.send_text("Hello again!")
+    assert message1.exists()
+    assert message2.exists()
+
+    ac1.delete_messages([message1])
+    assert not message1.exists()
+    assert message2.exists()
+
+    # There is no error when checking if
+    # the message exists for deleted account.
+    ac1.remove()
+    assert not message1.exists()
+    assert not message2.exists()
--- a/deltachat-rpc-client/tests/test_vcard.py
+++ b/deltachat-rpc-client/tests/test_vcard.py
@@ -1,8 +1,12 @@
 def test_vcard(acfactory) -> None:
-    alice, bob = acfactory.get_online_accounts(2)
+    alice, bob, fiona = acfactory.get_online_accounts(3)

+    bob.create_chat(alice)
    alice_contact_bob = alice.create_contact(bob, "Bob")
    alice_contact_charlie = alice.create_contact("charlie@example.org", "Charlie")
+    alice_contact_charlie_snapshot = alice_contact_charlie.get_snapshot()
+    alice_contact_fiona = alice.create_contact(fiona, "Fiona")
+    alice_contact_fiona_snapshot = alice_contact_fiona.get_snapshot()

    alice_chat_bob = alice_contact_bob.create_chat()
    alice_chat_bob.send_contact(alice_contact_charlie)
@@ -12,3 +16,12 @@ def test_vcard(acfactory) -> None:
    snapshot = message.get_snapshot()
    assert snapshot.vcard_contact
    assert snapshot.vcard_contact.addr == "charlie@example.org"
+    assert snapshot.vcard_contact.color == alice_contact_charlie_snapshot.color
+
+    alice_chat_bob.send_contact(alice_contact_fiona)
+    event = bob.wait_for_incoming_msg_event()
+    message = bob.get_message_by_id(event.msg_id)
+    snapshot = message.get_snapshot()
+    assert snapshot.vcard_contact
+    assert snapshot.vcard_contact.key
+    assert snapshot.vcard_contact.color == alice_contact_fiona_snapshot.color
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.21.0"
+version = "2.30.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.21.0"
+  "version": "2.30.0"
 }
--- a/deltachat-time/src/lib.rs
+++ b/deltachat-time/src/lib.rs
@@ -20,6 +20,11 @@ impl SystemTimeTools {
    pub fn shift(duration: Duration) {
        *SYSTEM_TIME_SHIFT.write().unwrap() += duration;
    }
+
+    /// Simulates the system clock being rewound by `duration`.
+    pub fn shift_back(duration: Duration) {
+        *SYSTEM_TIME_SHIFT.write().unwrap() -= duration;
+    }
 }

 #[cfg(test)]
--- a/deny.toml
+++ b/deny.toml
@@ -36,10 +36,9 @@ skip = [
     { name = "rand_chacha", version = "0.3.1" },
     { name = "rand_core", version = "0.6.4" },
     { name = "rand", version = "0.8.5" },
-     { name = "redox_syscall", version = "0.3.5" },
-     { name = "redox_syscall", version = "0.4.1" },
     { name = "rustix", version = "0.38.44" },
     { name = "serdect", version = "0.2.0" },
+     { name = "socket2", version = "0.5.9" },
     { name = "spin", version = "0.9.8" },
     { name = "strum_macros", version = "0.26.2" },
     { name = "strum", version = "0.26.2" },
@@ -64,7 +63,6 @@ skip = [
     { name = "windows_x86_64_gnu" },
     { name = "windows_x86_64_gnullvm" },
     { name = "windows_x86_64_msvc" },
-     { name = "zerocopy", version = "0.7.32" },
 ]


--- a/flake.lock
+++ b/flake.lock
@@ -47,11 +47,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1747291057,
-        "narHash": "sha256-9Wir6aLJAeJKqdoQUiwfKdBn7SyNXTJGRSscRyVOo2Y=",
+        "lastModified": 1763361733,
+        "narHash": "sha256-ka7dpwH3HIXCyD2wl5F7cPLeRbqZoY2ullALsvxdPt8=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "76ffc1b7b3ec8078fe01794628b6abff35cbda8f",
+        "rev": "6c8d48e3b0ae371b19ac1485744687b788e80193",
        "type": "github"
      },
      "original": {
@@ -147,11 +147,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1747179050,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
        "type": "github"
      },
      "original": {
@@ -202,11 +202,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1746889290,
-        "narHash": "sha256-h3LQYZgyv2l3U7r+mcsrEOGRldaK0zJFwAAva4hV/6g=",
+        "lastModified": 1762860488,
+        "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "2bafe9d96c6734aacfd49e115f6cf61e7adc68bc",
+        "rev": "2efc80078029894eec0699f62ec8d5c1a56af763",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Delta Chat core";
+  description = "Chatmail core";
  inputs = {
    fenix.url = "github:nix-community/fenix";
    flake-utils.url = "github:numtide/flake-utils";
@@ -14,7 +14,15 @@
        pkgs = nixpkgs.legacyPackages.${system};
        inherit (pkgs.stdenv) isDarwin;
        fenixPkgs = fenix.packages.${system};
-        naersk' = pkgs.callPackage naersk { };
+        fenixToolchain = fenixPkgs.combine [
+          fenixPkgs.stable.rustc
+          fenixPkgs.stable.cargo
+          fenixPkgs.stable.rust-std
+        ];
+        naersk' = pkgs.callPackage naersk {
+          cargo = fenixToolchain;
+          rustc = fenixToolchain;
+        };
        manifest = (pkgs.lib.importTOML ./Cargo.toml).package;
        androidSdk = android.sdk.${system} (sdkPkgs:
          builtins.attrValues {
@@ -34,7 +42,6 @@
            ./Cargo.lock
            ./Cargo.toml
            ./CMakeLists.txt
-            ./CONTRIBUTING.md
            ./deltachat_derive
            ./deltachat-contact-tools
            ./deltachat-ffi
@@ -237,6 +244,9 @@
            auditable = false; # Avoid cargo-auditable failures.
            doCheck = false; # Disable test as it requires network access.

+            CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS = "-Clink-args=-L${pkgsCross.libiconv}/lib";
+            CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS = "-Clink-args=-L${pkgsCross.libiconv}/lib";
+
            CARGO_BUILD_TARGET = rustTarget;
            TARGET_CC = "${pkgsCross.stdenv.cc}/bin/${pkgsCross.stdenv.cc.targetPrefix}cc";
            CARGO_BUILD_RUSTFLAGS = [
@@ -468,6 +478,12 @@
              };

            libdeltachat =
+              let
+                rustPlatform = (pkgs.makeRustPlatform {
+                  cargo = fenixToolchain;
+                  rustc = fenixToolchain;
+                });
+              in
              pkgs.stdenv.mkDerivation {
                pname = "libdeltachat";
                version = manifest.version;
@@ -477,8 +493,9 @@
                nativeBuildInputs = [
                  pkgs.perl # Needed to build vendored OpenSSL.
                  pkgs.cmake
-                  pkgs.rustPlatform.cargoSetupHook
-                  pkgs.cargo
+                  rustPlatform.cargoSetupHook
+                  fenixPkgs.stable.rustc
+                  fenixPkgs.stable.cargo
                ];

                postInstall = ''
--- a/python/examples/test_examples.py
+++ b/python/examples/test_examples.py
@@ -14,6 +14,7 @@ def datadir():
    return None


+@pytest.mark.skip("The test is flaky in CI and crashes the interpreter as of 2025-11-12")
 def test_echo_quit_plugin(acfactory, lp):
    lp.sec("creating one echo_and_quit bot")
    botproc = acfactory.run_bot_process(echo_and_quit)
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -1,20 +1,20 @@
 [build-system]
-requires = ["setuptools>=45", "wheel", "cffi>=1.0.0", "pkgconfig"]
+requires = ["setuptools>=77", "wheel", "cffi>=1.0.0", "pkgconfig"]
 build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.21.0"
+version = "2.30.0"
+license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
-requires-python = ">=3.8"
+requires-python = ">=3.10"
 authors = [
    { name = "holger krekel, Floris Bruynooghe, Bjoern Petersen and contributors" },
 ]
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
-    "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    "Programming Language :: Python :: 3",
    "Topic :: Communications :: Chat",
    "Topic :: Communications :: Email",
@@ -23,7 +23,6 @@ classifiers = [
 dependencies = [
    "cffi>=1.0.0",
    "imap-tools",
-    "importlib_metadata;python_version<'3.8'",
    "pluggy",
    "requests",
 ]
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -404,18 +404,16 @@ class Account:
        self,
        name: str,
        contacts: Optional[List[Contact]] = None,
-        verified: bool = False,
    ) -> Chat:
        """create a new group chat object.

        Chats are unpromoted until the first message is sent.

        :param contacts: list of contacts to add
-        :param verified: if true only verified contacts can be added.
        :returns: a :class:`deltachat.chat.Chat` object.
        """
        bytes_name = name.encode("utf8")
-        chat_id = lib.dc_create_group_chat(self._dc_context, int(verified), bytes_name)
+        chat_id = lib.dc_create_group_chat(self._dc_context, 0, bytes_name)
        chat = Chat(self, chat_id)
        if contacts is not None:
            for contact in contacts:
--- a/python/src/deltachat/chat.py
+++ b/python/src/deltachat/chat.py
@@ -142,13 +142,6 @@ class Chat:
        """
        return bool(lib.dc_chat_can_send(self._dc_chat))

-    def is_protected(self) -> bool:
-        """return True if this chat is a protected chat.
-
-        :returns: True if chat is protected, False otherwise.
-        """
-        return bool(lib.dc_chat_is_protected(self._dc_chat))
-
    def get_name(self) -> Optional[str]:
        """return name of this chat.

--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -523,7 +523,6 @@ class ACFactory:
        assert "addr" in configdict and "mail_pw" in configdict, configdict
        configdict.setdefault("bcc_self", False)
        configdict.setdefault("mvbox_move", False)
-        configdict.setdefault("sentbox_watch", False)
        configdict.setdefault("sync_msgs", False)
        configdict.setdefault("delete_server_after", 0)
        ac.update_config(configdict)
@@ -604,20 +603,6 @@ class ACFactory:
        ac2.create_chat(ac1)
        return ac1.create_chat(ac2)

-    def get_protected_chat(self, ac1: Account, ac2: Account):
-        chat = ac1.create_group_chat("Protected Group", verified=True)
-        qr = chat.get_join_qr()
-        ac2.qr_join_chat(qr)
-        ac2._evtracker.wait_securejoin_joiner_progress(1000)
-        ev = ac2._evtracker.get_matching("DC_EVENT_MSGS_CHANGED")
-        msg = ac2.get_message_by_id(ev.data2)
-        assert msg is not None
-        assert msg.text == "Messages are end-to-end encrypted."
-        msg = ac2._evtracker.wait_next_incoming_message()
-        assert msg is not None
-        assert "Member Me " in msg.text and " added by " in msg.text
-        return chat
-
    def introduce_each_other(self, accounts, sending=True):
        to_wait = []
        for i, acc in enumerate(accounts):
--- a/python/tests/test_0_complex_or_slow.py
+++ b/python/tests/test_0_complex_or_slow.py
@@ -116,10 +116,8 @@ class TestGroupStressTests:

 def test_qr_verified_group_and_chatting(acfactory, lp):
    ac1, ac2, ac3 = acfactory.get_online_accounts(3)
-    ac1_addr = ac1.get_self_contact().addr
    lp.sec("ac1: create verified-group QR, ac2 scans and joins")
-    chat1 = ac1.create_group_chat("hello", verified=True)
-    assert chat1.is_protected()
+    chat1 = ac1.create_group_chat("hello")
    qr = chat1.get_join_qr()
    lp.sec("ac2: start QR-code based join-group protocol")
    chat2 = ac2.qr_join_chat(qr)
@@ -142,7 +140,6 @@ def test_qr_verified_group_and_chatting(acfactory, lp):
    lp.sec("ac2: read message and check that it's a verified chat")
    msg = ac2._evtracker.wait_next_incoming_message()
    assert msg.text == "hello"
-    assert msg.chat.is_protected()
    assert msg.is_encrypted()

    lp.sec("ac2: Check that ac2 verified ac1")
@@ -173,8 +170,12 @@ def test_qr_verified_group_and_chatting(acfactory, lp):
    lp.sec("ac2: Check that ac1 verified ac3 for ac2")
    ac2_ac1_contact = ac2.get_contacts()[0]
    assert ac2.get_self_contact().get_verifier(ac2_ac1_contact).id == dc.const.DC_CONTACT_ID_SELF
-    ac2_ac3_contact = ac2.get_contacts()[1]
-    assert ac2.get_self_contact().get_verifier(ac2_ac3_contact).addr == ac1_addr
+    for ac2_contact in chat2.get_contacts():
+        if ac2_contact == ac2_ac1_contact or ac2_contact.id == dc.const.DC_CONTACT_ID_SELF:
+            continue
+        # Until we reset verifications and then send the _verified header,
+        # verification is not gossiped here:
+        assert ac2.get_self_contact().get_verifier(ac2_contact) is None

    lp.sec("ac2: send message and let ac3 read it")
    chat2.send_text("hi")
@@ -266,8 +267,7 @@ def test_see_new_verified_member_after_going_online(acfactory, tmp_path, lp):
    ac1_offl.stop_io()

    lp.sec("ac1: create verified-group QR, ac2 scans and joins")
-    chat = ac1.create_group_chat("hello", verified=True)
-    assert chat.is_protected()
+    chat = ac1.create_group_chat("hello")
    qr = chat.get_join_qr()
    lp.sec("ac2: start QR-code based join-group protocol")
    chat2 = ac2.qr_join_chat(qr)
@@ -321,8 +321,7 @@ def test_use_new_verified_group_after_going_online(acfactory, data, tmp_path, lp
    ac1.set_avatar(avatar_path)

    lp.sec("ac1: create verified-group QR, ac2 scans and joins")
-    chat = ac1.create_group_chat("hello", verified=True)
-    assert chat.is_protected()
+    chat = ac1.create_group_chat("hello")
    qr = chat.get_join_qr()
    lp.sec("ac2: start QR-code based join-group protocol")
    ac2.qr_join_chat(qr)
@@ -336,7 +335,6 @@ def test_use_new_verified_group_after_going_online(acfactory, data, tmp_path, lp
    assert msg_in.is_system_message()
    assert contact.addr == ac1.get_config("addr")
    chat2 = msg_in.chat
-    assert chat2.is_protected()
    assert chat2.get_messages()[0].text == "Messages are end-to-end encrypted."
    assert open(contact.get_profile_image(), "rb").read() == open(avatar_path, "rb").read()

@@ -376,8 +374,7 @@ def test_verified_group_vs_delete_server_after(acfactory, tmp_path, lp):
    ac2_offl.stop_io()

    lp.sec("ac1: create verified-group QR, ac2 scans and joins")
-    chat1 = ac1.create_group_chat("hello", verified=True)
-    assert chat1.is_protected()
+    chat1 = ac1.create_group_chat("hello")
    qr = chat1.get_join_qr()
    lp.sec("ac2: start QR-code based join-group protocol")
    chat2 = ac2.qr_join_chat(qr)
@@ -402,29 +399,20 @@ def test_verified_group_vs_delete_server_after(acfactory, tmp_path, lp):
    assert ac2_offl_ac1_contact.addr == ac1.get_config("addr")
    assert not ac2_offl_ac1_contact.is_verified()
    chat2_offl = msg_in.chat
-    assert not chat2_offl.is_protected()

    lp.sec("ac2: sending message re-gossiping Autocrypt keys")
    chat2.send_text("hi2")

    lp.sec("ac2_offl: receiving message")
-    ev = ac2_offl._evtracker.get_matching("DC_EVENT_INCOMING_MSG|DC_EVENT_MSGS_CHANGED")
-    msg_in = ac2_offl.get_message_by_id(ev.data2)
-    assert msg_in.is_system_message()
-    assert msg_in.text == "Messages are end-to-end encrypted."
-
-    # We need to consume one event that has data2=0
-    ev = ac2_offl._evtracker.get_matching("DC_EVENT_INCOMING_MSG|DC_EVENT_MSGS_CHANGED")
-    assert ev.data2 == 0
-
    ev = ac2_offl._evtracker.get_matching("DC_EVENT_INCOMING_MSG|DC_EVENT_MSGS_CHANGED")
    msg_in = ac2_offl.get_message_by_id(ev.data2)
    assert not msg_in.is_system_message()
    assert msg_in.text == "hi2"
    assert msg_in.chat == chat2_offl
    assert msg_in.get_sender_contact().addr == ac2.get_config("addr")
-    assert msg_in.chat.is_protected()
-    assert ac2_offl_ac1_contact.is_verified()
+    # Until we reset verifications and then send the _verified header,
+    # verification is not gossiped here:
+    assert not ac2_offl_ac1_contact.is_verified()


 def test_deleted_msgs_dont_reappear(acfactory):
--- a/python/tests/test_1_online.py
+++ b/python/tests/test_1_online.py
@@ -5,7 +5,7 @@ import base64
 from datetime import datetime, timezone

 import pytest
-from imap_tools import AND, U
+from imap_tools import AND

 import deltachat as dc
 from deltachat import account_hookimpl, Message
@@ -269,94 +269,6 @@ def test_enable_mvbox_move(acfactory, lp):
    assert ac2._evtracker.wait_next_incoming_message().text == "message1"


-def test_mvbox_sentbox_threads(acfactory, lp):
-    lp.sec("ac1: start with mvbox thread")
-    ac1 = acfactory.new_online_configuring_account(mvbox_move=True, sentbox_watch=False)
-
-    lp.sec("ac2: start without mvbox/sentbox threads")
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=False, sentbox_watch=False)
-
-    lp.sec("ac2 and ac1: waiting for configuration")
-    acfactory.bring_accounts_online()
-
-    lp.sec("ac1: create and configure sentbox")
-    ac1.direct_imap.create_folder("Sent")
-    ac1.set_config("sentbox_watch", "1")
-
-    lp.sec("ac1: send message and wait for ac2 to receive it")
-    acfactory.get_accepted_chat(ac1, ac2).send_text("message1")
-    assert ac2._evtracker.wait_next_incoming_message().text == "message1"
-
-    assert ac1.get_config("configured_mvbox_folder") == "DeltaChat"
-    while ac1.get_config("configured_sentbox_folder") != "Sent":
-        ac1._evtracker.get_matching("DC_EVENT_CONNECTIVITY_CHANGED")
-
-
-def test_move_works(acfactory):
-    ac1 = acfactory.new_online_configuring_account()
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=True)
-    acfactory.bring_accounts_online()
-    chat = acfactory.get_accepted_chat(ac1, ac2)
-    chat.send_text("message1")
-
-    # Message is moved to the movebox
-    ac2._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-
-    # Message is downloaded
-    ev = ac2._evtracker.get_matching("DC_EVENT_INCOMING_MSG")
-    assert ev.data2 > dc.const.DC_CHAT_ID_LAST_SPECIAL
-
-
-def test_move_avoids_loop(acfactory):
-    """Test that the message is only moved once.
-
-    This is to avoid busy loop if moved message reappears in the Inbox
-    or some scanned folder later.
-    For example, this happens on servers that alias `INBOX.DeltaChat` to `DeltaChat` folder,
-    so the message moved to `DeltaChat` appears as a new message in the `INBOX.DeltaChat` folder.
-    We do not want to move this message from `INBOX.DeltaChat` to `DeltaChat` again.
-    """
-    ac1 = acfactory.new_online_configuring_account()
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=True)
-    acfactory.bring_accounts_online()
-    ac1_chat = acfactory.get_accepted_chat(ac1, ac2)
-    ac1_chat.send_text("Message 1")
-
-    # Message is moved to the DeltaChat folder and downloaded.
-    ac2_msg1 = ac2._evtracker.wait_next_incoming_message()
-    assert ac2_msg1.text == "Message 1"
-
-    # Move the message to the INBOX again.
-    ac2.direct_imap.select_folder("DeltaChat")
-    ac2.direct_imap.conn.move(["*"], "INBOX")
-
-    ac1_chat.send_text("Message 2")
-    ac2_msg2 = ac2._evtracker.wait_next_incoming_message()
-    assert ac2_msg2.text == "Message 2"
-
-    # Check that Message 1 is still in the INBOX folder
-    # and Message 2 is in the DeltaChat folder.
-    ac2.direct_imap.select_folder("INBOX")
-    assert len(ac2.direct_imap.get_all_messages()) == 1
-    ac2.direct_imap.select_folder("DeltaChat")
-    assert len(ac2.direct_imap.get_all_messages()) == 1
-
-
-def test_move_works_on_self_sent(acfactory):
-    ac1 = acfactory.new_online_configuring_account(mvbox_move=True)
-    ac2 = acfactory.new_online_configuring_account()
-    acfactory.bring_accounts_online()
-    ac1.set_config("bcc_self", "1")
-
-    chat = acfactory.get_accepted_chat(ac1, ac2)
-    chat.send_text("message1")
-    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-    chat.send_text("message2")
-    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-    chat.send_text("message3")
-    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-
-
 def test_move_sync_msgs(acfactory):
    ac1 = acfactory.new_online_configuring_account(bcc_self=True, sync_msgs=True, fix_is_chatmail=True)
    acfactory.bring_accounts_online()
@@ -442,7 +354,7 @@ def test_forward_own_message(acfactory, lp):

 def test_resend_message(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
-    chat1 = ac1.create_chat(ac2)
+    chat1 = acfactory.get_accepted_chat(ac1, ac2)

    lp.sec("ac1: send message to ac2")
    chat1.send_text("message")
@@ -450,14 +362,19 @@ def test_resend_message(acfactory, lp):
    lp.sec("ac2: receive message")
    msg_in = ac2._evtracker.wait_next_incoming_message()
    assert msg_in.text == "message"
-    chat2 = msg_in.chat
-    chat2_msg_cnt = len(chat2.get_messages())

    lp.sec("ac1: resend message")
    ac1.resend_messages([msg_in])

-    lp.sec("ac2: check that message is deleted")
-    ac2._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_DELETED")
+    lp.sec("ac1: send another message")
+    chat1.send_text("another message")
+
+    lp.sec("ac2: receive another message")
+    msg_in = ac2._evtracker.wait_next_incoming_message()
+    assert msg_in.text == "another message"
+    chat2 = msg_in.chat
+    chat2_msg_cnt = len(chat2.get_messages())
+
    assert len(chat2.get_messages()) == chat2_msg_cnt


@@ -584,39 +501,6 @@ def test_send_and_receive_message_markseen(acfactory, lp):
        pass  # mark_seen_messages() has generated events before it returns


-def test_moved_markseen(acfactory):
-    """Test that message already moved to DeltaChat folder is marked as seen."""
-    ac1 = acfactory.new_online_configuring_account()
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=True)
-    acfactory.bring_accounts_online()
-
-    ac2.stop_io()
-    with ac2.direct_imap.idle() as idle2:
-        ac1.create_chat(ac2).send_text("Hello!")
-        idle2.wait_for_new_message()
-
-    # Emulate moving of the message to DeltaChat folder by Sieve rule.
-    ac2.direct_imap.conn.move(["*"], "DeltaChat")
-    ac2.direct_imap.select_folder("DeltaChat")
-
-    with ac2.direct_imap.idle() as idle2:
-        ac2.start_io()
-
-        ev = ac2._evtracker.get_matching("DC_EVENT_INCOMING_MSG|DC_EVENT_MSGS_CHANGED")
-        msg = ac2.get_message_by_id(ev.data2)
-        assert msg.text == "Messages are end-to-end encrypted."
-
-        ev = ac2._evtracker.get_matching("DC_EVENT_INCOMING_MSG|DC_EVENT_MSGS_CHANGED")
-        msg = ac2.get_message_by_id(ev.data2)
-
-        # Accept the contact request.
-        msg.chat.accept()
-        ac2.mark_seen_messages([msg])
-        uid = idle2.wait_for_seen()
-
-    assert len(list(ac2.direct_imap.conn.fetch(AND(seen=True, uid=U(uid, "*"))))) == 1
-
-
 def test_message_override_sender_name(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
    ac1.set_config("displayname", "ac1-default-displayname")
@@ -651,36 +535,6 @@ def test_message_override_sender_name(acfactory, lp):
    assert not msg2.override_sender_name


-@pytest.mark.parametrize("mvbox_move", [True, False])
-def test_markseen_message_and_mdn(acfactory, mvbox_move):
-    # Please only change this test if you are very sure that it will still catch the issues it catches now.
-    # We had so many problems with markseen, if in doubt, rather create another test, it can't harm.
-    ac1 = acfactory.new_online_configuring_account(mvbox_move=mvbox_move)
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=mvbox_move)
-    acfactory.bring_accounts_online()
-    # Do not send BCC to self, we only want to test MDN on ac1.
-    ac1.set_config("bcc_self", "0")
-
-    acfactory.get_accepted_chat(ac1, ac2).send_text("hi")
-    msg = ac2._evtracker.wait_next_incoming_message()
-
-    ac2.mark_seen_messages([msg])
-
-    folder = "mvbox" if mvbox_move else "inbox"
-    for ac in [ac1, ac2]:
-        if mvbox_move:
-            ac._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")
-        else:
-            ac._evtracker.get_info_contains("Marked messages [0-9]+ in folder INBOX as seen.")
-    ac1.direct_imap.select_config_folder(folder)
-    ac2.direct_imap.select_config_folder(folder)
-
-    # Check that the mdn is marked as seen
-    assert len(list(ac1.direct_imap.conn.fetch(AND(seen=True)))) == 1
-    # Check original message is marked as seen
-    assert len(list(ac2.direct_imap.conn.fetch(AND(seen=True)))) == 1
-
-
 def test_reply_privately(acfactory):
    ac1, ac2 = acfactory.get_online_accounts(2)

@@ -830,156 +684,6 @@ def test_no_draft_if_cant_send(acfactory):
    assert device_chat.get_draft() is None


-def test_dont_show_emails(acfactory, lp):
-    """Most mailboxes have a "Drafts" folder where constantly new emails appear but we don't actually want to show them.
-    So: If it's outgoing AND there is no Received header AND it's not in the sentbox, then ignore the email.
-
-    If the draft email is sent out later (i.e. moved to "Sent"), it must be shown.
-
-    Also, test that unknown emails in the Spam folder are not shown."""
-    ac1 = acfactory.new_online_configuring_account()
-    ac1.set_config("show_emails", "2")
-    ac1.create_contact("alice@example.org").create_chat()
-
-    acfactory.wait_configured(ac1)
-    ac1.direct_imap.create_folder("Drafts")
-    ac1.direct_imap.create_folder("Sent")
-    ac1.direct_imap.create_folder("Spam")
-    ac1.direct_imap.create_folder("Junk")
-
-    acfactory.bring_accounts_online()
-    ac1.stop_io()
-
-    ac1.direct_imap.append(
-        "Drafts",
-        """
-        From: ac1 <{}>
-        Subject: subj
-        To: alice@example.org
-        Message-ID: <aepiors@example.org>
-        Content-Type: text/plain; charset=utf-8
-
-        message in Drafts that is moved to Sent later
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Sent",
-        """
-        From: ac1 <{}>
-        Subject: subj
-        To: alice@example.org
-        Message-ID: <hsabaeni@example.org>
-        Content-Type: text/plain; charset=utf-8
-
-        message in Sent
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Spam",
-        """
-        From: unknown.address@junk.org
-        Subject: subj
-        To: {}
-        Message-ID: <spam.message@junk.org>
-        Content-Type: text/plain; charset=utf-8
-
-        Unknown message in Spam
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Spam",
-        """
-        From: unknown.address@junk.org, unkwnown.add@junk.org
-        Subject: subj
-        To: {}
-        Message-ID: <spam.message2@junk.org>
-        Content-Type: text/plain; charset=utf-8
-
-        Unknown & malformed message in Spam
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Spam",
-        """
-        From: delta<address: inbox@nhroy.com>
-        Subject: subj
-        To: {}
-        Message-ID: <spam.message99@junk.org>
-        Content-Type: text/plain; charset=utf-8
-
-        Unknown & malformed message in Spam
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Spam",
-        """
-        From: alice@example.org
-        Subject: subj
-        To: {}
-        Message-ID: <spam.message3@junk.org>
-        Content-Type: text/plain; charset=utf-8
-
-        Actually interesting message in Spam
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-    ac1.direct_imap.append(
-        "Junk",
-        """
-        From: unknown.address@junk.org
-        Subject: subj
-        To: {}
-        Message-ID: <spam.message@junk.org>
-        Content-Type: text/plain; charset=utf-8
-
-        Unknown message in Junk
-    """.format(
-            ac1.get_config("configured_addr"),
-        ),
-    )
-
-    ac1.set_config("scan_all_folders_debounce_secs", "0")
-    lp.sec("All prepared, now let DC find the message")
-    ac1.start_io()
-
-    msg = ac1._evtracker.wait_next_messages_changed()
-
-    # Wait until each folder was scanned, this is necessary for this test to test what it should test:
-    ac1._evtracker.wait_idle_inbox_ready()
-
-    assert msg.text == "subj – message in Sent"
-    chat_msgs = msg.chat.get_messages()
-    assert len(chat_msgs) == 2
-    assert any(msg.text == "subj – Actually interesting message in Spam" for msg in chat_msgs)
-
-    assert not any("unknown.address" in c.get_name() for c in ac1.get_chats())
-    ac1.direct_imap.select_folder("Spam")
-    assert ac1.direct_imap.get_uid_by_message_id("spam.message@junk.org")
-
-    ac1.stop_io()
-    lp.sec("'Send out' the draft, i.e. move it to the Sent folder, and wait for DC to display it this time")
-    ac1.direct_imap.select_folder("Drafts")
-    uid = ac1.direct_imap.get_uid_by_message_id("aepiors@example.org")
-    ac1.direct_imap.conn.move(uid, "Sent")
-
-    ac1.start_io()
-    msg2 = ac1._evtracker.wait_next_messages_changed()
-
-    assert msg2.text == "subj – message in Drafts that is moved to Sent later"
-    assert len(msg.chat.get_messages()) == 3
-
-
 def test_bot(acfactory, lp):
    """Test that bot messages can be identified as such"""
    ac1, ac2 = acfactory.get_online_accounts(2)
@@ -1204,7 +908,7 @@ def test_import_export_online_all(acfactory, tmp_path, data, lp):

 def test_qr_email_capitalization(acfactory, lp):
    """Regression test for a bug
-    that resulted in failure to propagate verification via gossip in a verified group
+    that resulted in failure to propagate verification
    when the database already contained the contact with a different email address capitalization.
    """

@@ -1215,24 +919,27 @@ def test_qr_email_capitalization(acfactory, lp):
    lp.sec(f"ac1 creates a contact for ac2 ({ac2_addr_uppercase})")
    ac1.create_contact(ac2_addr_uppercase)

-    lp.sec("ac3 creates a verified group with a QR code")
-    chat = ac3.create_group_chat("hello", verified=True)
+    lp.sec("ac3 creates a group with a QR code")
+    chat = ac3.create_group_chat("hello")
    qr = chat.get_join_qr()

-    lp.sec("ac1 joins a verified group via a QR code")
+    lp.sec("ac1 joins a group via a QR code")
    ac1_chat = ac1.qr_join_chat(qr)
    msg = ac1._evtracker.wait_next_incoming_message()
    assert msg.text == "Member Me added by {}.".format(ac3.get_config("addr"))
    assert len(ac1_chat.get_contacts()) == 2

-    lp.sec("ac2 joins a verified group via a QR code")
+    lp.sec("ac2 joins a group via a QR code")
    ac2.qr_join_chat(qr)
    ac1._evtracker.wait_next_incoming_message()

    # ac1 should see both ac3 and ac2 as verified.
    assert len(ac1_chat.get_contacts()) == 3
+    # Until we reset verifications and then send the _verified header,
+    # the verification of ac2 is not gossiped here:
    for contact in ac1_chat.get_contacts():
-        assert contact.is_verified()
+        is_ac2 = contact.addr == ac2.get_config("addr")
+        assert contact.is_verified() != is_ac2


 def test_set_get_contact_avatar(acfactory, data, lp):
@@ -1499,9 +1206,15 @@ def test_send_receive_locations(acfactory, lp):
    assert locations[0].latitude == 2.0
    assert locations[0].longitude == 3.0
    assert locations[0].accuracy == 0.5
-    assert locations[0].timestamp > now
    assert locations[0].marker is None

+    # Make sure the timestamp is not in the past.
+    # Note that location timestamp has only 1 second precision,
+    # while `now` has a fractional part, so we have to truncate it
+    # first, otherwise `now` may appear to be in the future
+    # even though it is the same second.
+    assert int(locations[0].timestamp.timestamp()) >= int(now.timestamp())
+
    contact = ac2.create_contact(ac1)
    locations2 = chat2.get_locations(contact=contact)
    assert len(locations2) == 1
@@ -1512,38 +1225,6 @@ def test_send_receive_locations(acfactory, lp):
    assert not locations3


-def test_immediate_autodelete(acfactory, lp):
-    ac1 = acfactory.new_online_configuring_account()
-    ac2 = acfactory.new_online_configuring_account()
-    acfactory.bring_accounts_online()
-
-    # "1" means delete immediately, while "0" means do not delete
-    ac2.set_config("delete_server_after", "1")
-
-    lp.sec("ac1: create chat with ac2")
-    chat1 = ac1.create_chat(ac2)
-    ac2.create_chat(ac1)
-
-    lp.sec("ac1: send message to ac2")
-    sent_msg = chat1.send_text("hello")
-
-    msg = ac2._evtracker.wait_next_incoming_message()
-    assert msg.text == "hello"
-
-    lp.sec("ac2: wait for close/expunge on autodelete")
-    ac2._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_DELETED")
-    ac2._evtracker.get_info_contains("Close/expunge succeeded.")
-
-    lp.sec("ac2: check that message was autodeleted on server")
-    assert len(ac2.direct_imap.get_all_messages()) == 0
-
-    lp.sec("ac2: Mark deleted message as seen and check that read receipt arrives")
-    msg.mark_seen()
-    ev = ac1._evtracker.get_matching("DC_EVENT_MSG_READ")
-    assert ev.data1 == chat1.id
-    assert ev.data2 == sent_msg.id
-
-
 def test_delete_multiple_messages(acfactory, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
    chat12 = acfactory.get_accepted_chat(ac1, ac2)
@@ -1576,55 +1257,6 @@ def test_delete_multiple_messages(acfactory, lp):
            break


-def test_trash_multiple_messages(acfactory, lp):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    ac2.stop_io()
-
-    # Create the Trash folder on IMAP server and configure deletion to it. There was a bug that if
-    # Trash wasn't configured initially, it can't be configured later, let's check this.
-    lp.sec("Creating trash folder")
-    ac2.direct_imap.create_folder("Trash")
-    ac2.set_config("delete_to_trash", "1")
-
-    lp.sec("Check that Trash can be configured initially as well")
-    ac3 = acfactory.new_online_configuring_account(cloned_from=ac2)
-    acfactory.bring_accounts_online()
-    assert ac3.get_config("configured_trash_folder")
-    ac3.stop_io()
-
-    ac2.start_io()
-    chat12 = acfactory.get_accepted_chat(ac1, ac2)
-
-    lp.sec("ac1: sending 3 messages")
-    texts = ["first", "second", "third"]
-    for text in texts:
-        chat12.send_text(text)
-
-    lp.sec("ac2: waiting for all messages on the other side")
-    to_delete = []
-    for text in texts:
-        msg = ac2._evtracker.wait_next_incoming_message()
-        assert msg.text in texts
-        if text != "second":
-            to_delete.append(msg)
-    # ac2 has received some messages, this is impossible w/o the trash folder configured, let's
-    # check the configuration.
-    assert ac2.get_config("configured_trash_folder") == "Trash"
-
-    lp.sec("ac2: deleting all messages except second")
-    assert len(to_delete) == len(texts) - 1
-    ac2.delete_messages(to_delete)
-
-    lp.sec("ac2: test that only one message is left")
-    while 1:
-        ac2._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")
-        ac2.direct_imap.select_config_folder("inbox")
-        nr_msgs = len(ac2.direct_imap.get_all_messages())
-        assert nr_msgs > 0
-        if nr_msgs == 1:
-            break
-
-
 def test_configure_error_msgs_wrong_pw(acfactory):
    (ac1,) = acfactory.get_online_accounts(1)

@@ -1748,71 +1380,6 @@ def test_group_quote(acfactory, lp):
    assert received_reply.quote.id == out_msg.id


-@pytest.mark.parametrize(
-    ("folder", "move", "expected_destination"),
-    [
-        (
-            "xyz",
-            False,
-            "xyz",
-        ),  # Test that emails aren't found in a random folder
-        (
-            "Spam",
-            True,
-            "DeltaChat",
-        ),  # ...emails are moved from the spam folder to "DeltaChat"
-        (
-            "Spam",
-            False,
-            "INBOX",
-        ),  # ...emails are moved from the spam folder to the Inbox
-    ],
-)
-# Testrun.org does not support the CREATE-SPECIAL-USE capability, which means that we can't create a folder with
-# the "\Junk" flag (see https://tools.ietf.org/html/rfc6154). So, we can't test spam folder detection by flag.
-def test_scan_folders(acfactory, lp, folder, move, expected_destination):
-    """Delta Chat periodically scans all folders for new messages to make sure we don't miss any."""
-    variant = folder + "-" + str(move) + "-" + expected_destination
-    lp.sec("Testing variant " + variant)
-    ac1 = acfactory.new_online_configuring_account(mvbox_move=move)
-    ac2 = acfactory.new_online_configuring_account()
-
-    acfactory.wait_configured(ac1)
-    ac1.direct_imap.create_folder(folder)
-
-    # Wait until each folder was selected once and we are IDLEing:
-    acfactory.bring_accounts_online()
-    ac1.stop_io()
-    assert folder in ac1.direct_imap.list_folders()
-
-    lp.sec("Send a message to from ac2 to ac1 and manually move it to `folder`")
-    ac1.direct_imap.select_config_folder("inbox")
-    with ac1.direct_imap.idle() as idle1:
-        acfactory.get_accepted_chat(ac2, ac1).send_text("hello")
-        idle1.wait_for_new_message()
-    ac1.direct_imap.conn.move(["*"], folder)  # "*" means "biggest UID in mailbox"
-
-    lp.sec("start_io() and see if DeltaChat finds the message (" + variant + ")")
-    ac1.set_config("scan_all_folders_debounce_secs", "0")
-    ac1.start_io()
-    chat = ac1.create_chat(ac2)
-    n_msgs = 1  # "Messages are end-to-end encrypted."
-    if folder == "Spam":
-        msg = ac1._evtracker.wait_next_incoming_message()
-        assert msg.text == "hello"
-        n_msgs += 1
-    else:
-        ac1._evtracker.wait_idle_inbox_ready()
-    assert len(chat.get_messages()) == n_msgs
-
-    # The message has reached its destination.
-    ac1.direct_imap.select_folder(expected_destination)
-    assert len(ac1.direct_imap.get_all_messages()) == 1
-    if folder != expected_destination:
-        ac1.direct_imap.select_folder(folder)
-        assert len(ac1.direct_imap.get_all_messages()) == 0
-
-
 def test_archived_muted_chat(acfactory, lp):
    """If an archived and muted chat receives a new message, DC_EVENT_MSGS_CHANGED for
    DC_CHAT_ID_ARCHIVED_LINK must be generated if the chat had only seen messages previously.
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -35,7 +35,7 @@ class TestOfflineAccountBasic:
        d = ac1.get_info()
        assert d["arch"]
        assert d["number_of_chats"] == "0"
-        assert d["bcc_self"] == "1"
+        assert d["bcc_self"] == "0"

    def test_is_not_configured(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
@@ -69,7 +69,7 @@ class TestOfflineAccountBasic:
    def test_has_bccself(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
        assert "bcc_self" in ac1.get_config("sys.config_keys").split()
-        assert ac1.get_config("bcc_self") == "1"
+        assert ac1.get_config("bcc_self") == "0"

    def test_selfcontact_if_unconfigured(self, acfactory):
        ac1 = acfactory.get_unconfigured_account()
@@ -271,10 +271,9 @@ class TestOfflineChat:
        chat.set_name("Homework")
        assert chat.get_messages()[-1].text == "abc homework xyz Homework"

-    @pytest.mark.parametrize("verified", [True, False])
-    def test_group_chat_qr(self, acfactory, ac1, verified):
+    def test_group_chat_qr(self, acfactory, ac1):
        ac2 = acfactory.get_pseudo_configured_account()
-        chat = ac1.create_group_chat(name="title1", verified=verified)
+        chat = ac1.create_group_chat(name="title1")
        assert chat.is_group()
        qr = chat.get_join_qr()
        assert ac2.check_qr(qr).is_ask_verifygroup
--- a/python/tox.ini
+++ b/python/tox.ini
@@ -23,7 +23,6 @@ deps =
    pytest
    pytest-timeout
    pytest-xdist
-    pdbpp
    requests
 # urllib3 2.0 does not work in manylinux2014 containers.
 # https://github.com/deltachat/deltachat-core-rust/issues/4788
@@ -47,7 +46,7 @@ deps =
 commands =
    ruff format --diff setup.py src/deltachat examples/ tests/
    ruff check src/deltachat tests/ examples/
-    rst-lint --encoding 'utf-8' README.rst
+    rst-lint README.rst

 [testenv:mypy]
 deps =
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2025-10-16
+2025-12-04
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -26,10 +26,10 @@ and an own build machine.
   i.e. `deltachat-rpc-client` and `deltachat-rpc-server`.

 - `remote_tests_python.sh` rsyncs to a build machine and runs
-  `run-python-test.sh` remotely on the build machine. 
+  JSON-RPC Python tests remotely on the build machine. 

 - `remote_tests_rust.sh` rsyncs to the build machine and runs
-  `run-rust-test.sh` remotely on the build machine. 
+  Rust tests remotely on the build machine. 

 - `run-doxygen.sh` generates C-docs which are then uploaded to https://c.delta.chat/

--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.90.0
+RUST_VERSION=1.91.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/remote_tests_python.sh
+++ b/scripts/remote_tests_python.sh
@@ -1,45 +1,32 @@
-#!/bin/bash 
+#!/usr/bin/env bash
+set -euo pipefail

-BUILD_ID=${1:?specify build ID}
-
-SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
-BUILDDIR=ci_builds/$BUILD_ID
+set -x
+if ! test -v SSHTARGET; then
+	echo >&2 SSHTARGET is not set
+	exit 1
+fi
+BUILDDIR=ci_builds/chatmailcore

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-set -xe
-
-ssh -oBatchMode=yes -oStrictHostKeyChecking=no  $SSHTARGET mkdir -p "$BUILDDIR"
-git ls-files >.rsynclist 
-# we seem to need .git for setuptools_scm versioning 
-find .git >>.rsynclist
-rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"
-
-set +x
+rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"

 echo "--- Running Python tests remotely"

-ssh $SSHTARGET <<_HERE
+ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
    set +x -e

    # make sure all processes exit when ssh dies
    shopt -s huponexit

-    export RUSTC_WRAPPER=\`which sccache\`
+    export RUSTC_WRAPPER=\`command -v sccache\`
    cd $BUILDDIR
-    export TARGET=release
    export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN

-    #we rely on tox/virtualenv being available in the host
-    #rm -rf virtualenv venv
-    #virtualenv -q -p python3.7 venv 
-    #source venv/bin/activate
-    #pip install -q tox virtualenv
+    scripts/make-rpc-testenv.sh
+    . venv/bin/activate

-    set -x
-    which python
-    source \$HOME/venv/bin/activate
-    which python
-
-    bash scripts/run-python-test.sh 
+    cd deltachat-rpc-client
+    pytest -n6 $@
 _HERE
--- a/scripts/remote_tests_rust.sh
+++ b/scripts/remote_tests_rust.sh
@@ -1,29 +1,25 @@
-#!/bin/bash 
+#!/usr/bin/env bash
+set -euo pipefail

-BUILD_ID=${1:?specify build ID}
-
-SSHTARGET=${SSHTARGET-ci@b1.delta.chat}
-BUILDDIR=ci_builds/$BUILD_ID
-
-set -e
+if ! test -v SSHTARGET; then
+        echo >&2 SSHTARGET is not set
+        exit 1
+fi
+BUILDDIR=ci_builds/chatmailcore

 echo "--- Copying files to $SSHTARGET:$BUILDDIR"

-ssh -oBatchMode=yes -oStrictHostKeyChecking=no $SSHTARGET mkdir -p "$BUILDDIR"
-git ls-files >.rsynclist
-rsync --delete --files-from=.rsynclist -az ./ "$SSHTARGET:$BUILDDIR"
+rsync -az --delete --mkpath --files-from=<(git ls-files) ./ "$SSHTARGET:$BUILDDIR"

 echo "--- Running Rust tests remotely"

-ssh $SSHTARGET <<_HERE
+ssh -oBatchMode=yes -- "$SSHTARGET" <<_HERE
    set +x -e
    # make sure all processes exit when ssh dies
    shopt -s huponexit
-    export RUSTC_WRAPPER=\`which sccache\`
+    export RUSTC_WRAPPER=\`command -v sccache\`
    cd $BUILDDIR
-    export TARGET=x86_64-unknown-linux-gnu
-    export RUSTC_WRAPPER=sccache

-    bash scripts/run-rust-test.sh
+    cargo nextest run
 _HERE

--- a/scripts/run_all.sh
+++ b/scripts/run_all.sh
@@ -31,6 +31,6 @@ unset CHATMAIL_DOMAIN

 # Try to build wheels for a range of interpreters, but don't fail if they are not available.
 # E.g. musllinux_1_1 does not have PyPy interpreters as of 2022-07-10
-tox --workdir "$TOXWORKDIR" -e py38,py39,py310,py311,py312,py313,pypy38,pypy39,pypy310 --skip-missing-interpreters true
+tox --workdir "$TOXWORKDIR" -e py310,py311,py312,py313,pypy310 --skip-missing-interpreters true

 auditwheel repair "$TOXWORKDIR"/wheelhouse/deltachat* -w "$TOXWORKDIR/wheelhouse"
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=1cce91c1f1065b47e4f307d6fe2f4cca68c74d2e
+REV=d041136c19a48b493823b46d472f12b9ee94ae80

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
--- a/spec.md
+++ b/spec.md
@@ -1,6 +1,6 @@
 # Chatmail Specification

-Version: 0.36.0
+Version: 0.37.0
 Status:  In-progress 
 Format:  [Semantic Line Breaks](https://sembr.org/)

@@ -582,6 +582,24 @@ and e.g. simply search for the line starting with `EMAIL`
 in order to get the email address.


+# Verifications
+
+Keys obtained using [SecureJoin](https://securejoin.readthedocs.io) protocol
+and corresponding contacts
+are considered "verified".
+
+As an extension to `Autocrypt-Gossip` header,
+chatmail clients can add `_verified=1` attribute
+(underscore marks the attribute as non-critical)
+to indicate that they have the gossiped key
+and the corresponding contact marked as verified.
+
+When receiving such `Autocrypt-Gossip` header
+in a message signed by a verified key,
+chatmail clients mark the gossiped key
+as indirectly verified.
+
+
 # Transitioning to a new e-mail address (AEAP)

 When receiving a message:
--- a/src/accounts.rs
+++ b/src/accounts.rs
@@ -3,8 +3,12 @@
 use std::collections::{BTreeMap, BTreeSet};
 use std::future::Future;
 use std::path::{Path, PathBuf};
+use std::sync::Arc;

 use anyhow::{Context as _, Result, bail, ensure};
+use async_channel::{self, Receiver, Sender};
+use futures::FutureExt as _;
+use futures_lite::FutureExt as _;
 use serde::{Deserialize, Serialize};
 use tokio::fs;
 use tokio::io::AsyncWriteExt;
@@ -18,7 +22,7 @@ use tokio::time::{Duration, sleep};

 use crate::context::{Context, ContextBuilder};
 use crate::events::{Event, EventEmitter, EventType, Events};
-use crate::log::{info, warn};
+use crate::log::warn;
 use crate::push::PushSubscriber;
 use crate::stock_str::StockStrings;

@@ -41,6 +45,13 @@ pub struct Accounts {

    /// Push notification subscriber shared between accounts.
    push_subscriber: PushSubscriber,
+
+    /// Channel sender to cancel ongoing background_fetch().
+    ///
+    /// If background_fetch() is not running, this is `None`.
+    /// New background_fetch() should not be started if this
+    /// contains `Some`.
+    background_fetch_interrupt_sender: Arc<parking_lot::Mutex<Option<Sender<()>>>>,
 }

 impl Accounts {
@@ -96,6 +107,7 @@ impl Accounts {
            events,
            stockstrings,
            push_subscriber,
+            background_fetch_interrupt_sender: Default::default(),
        })
    }

@@ -352,6 +364,11 @@ impl Accounts {
    ///
    /// This is an auxiliary function and not part of public API.
    /// Use [Accounts::background_fetch] instead.
+    ///
+    /// This function is cancellation-safe.
+    /// It is intended to be cancellable,
+    /// either because of the timeout or because background
+    /// fetch was explicitly cancelled.
    async fn background_fetch_no_timeout(accounts: Vec<Context>, events: Events) {
        let n_accounts = accounts.len();
        events.emit(Event {
@@ -378,14 +395,33 @@ impl Accounts {
    }

    /// Auxiliary function for [Accounts::background_fetch].
+    ///
+    /// Runs `background_fetch` until it finishes
+    /// or until the timeout.
+    ///
+    /// Produces `AccountsBackgroundFetchDone` event in every case
+    /// and clears [`Self::background_fetch_interrupt_sender`]
+    /// so a new background fetch can be started.
+    ///
+    /// This function is not cancellation-safe.
+    /// Cancelling it before it returns may result
+    /// in not being able to run any new background fetch
+    /// if interrupt sender was not cleared.
    async fn background_fetch_with_timeout(
        accounts: Vec<Context>,
        events: Events,
        timeout: std::time::Duration,
+        interrupt_sender: Arc<parking_lot::Mutex<Option<Sender<()>>>>,
+        interrupt_receiver: Option<Receiver<()>>,
    ) {
+        let Some(interrupt_receiver) = interrupt_receiver else {
+            // Nothing to do if we got no interrupt receiver.
+            return;
+        };
        if let Err(_err) = tokio::time::timeout(
            timeout,
-            Self::background_fetch_no_timeout(accounts, events.clone()),
+            Self::background_fetch_no_timeout(accounts, events.clone())
+                .race(interrupt_receiver.recv().map(|_| ())),
        )
        .await
        {
@@ -398,10 +434,16 @@ impl Accounts {
            id: 0,
            typ: EventType::AccountsBackgroundFetchDone,
        });
+        (*interrupt_sender.lock()) = None;
    }

    /// Performs a background fetch for all accounts in parallel with a timeout.
    ///
+    /// Ongoing background fetch can also be cancelled manually
+    /// by calling `stop_background_fetch()`, in which case it will
+    /// return immediately even before the timeout expiration
+    /// or finishing fetching.
+    ///
    /// The `AccountsBackgroundFetchDone` event is emitted at the end,
    /// process all events until you get this one and you can safely return to the background
    /// without forgetting to create notifications caused by timing race conditions.
@@ -414,7 +456,39 @@ impl Accounts {
    ) -> impl Future<Output = ()> + use<> {
        let accounts: Vec<Context> = self.accounts.values().cloned().collect();
        let events = self.events.clone();
-        Self::background_fetch_with_timeout(accounts, events, timeout)
+        let (sender, receiver) = async_channel::bounded(1);
+        let receiver = {
+            let mut lock = self.background_fetch_interrupt_sender.lock();
+            if (*lock).is_some() {
+                // Another background_fetch() is already running,
+                // return immeidately.
+                None
+            } else {
+                *lock = Some(sender);
+                Some(receiver)
+            }
+        };
+        Self::background_fetch_with_timeout(
+            accounts,
+            events,
+            timeout,
+            self.background_fetch_interrupt_sender.clone(),
+            receiver,
+        )
+    }
+
+    /// Interrupts ongoing background_fetch() call,
+    /// making it return early.
+    ///
+    /// This method allows to cancel background_fetch() early,
+    /// e.g. on Android, when `Service.onTimeout` is called.
+    ///
+    /// If there is no ongoing background_fetch(), does nothing.
+    pub fn stop_background_fetch(&self) {
+        let mut lock = self.background_fetch_interrupt_sender.lock();
+        if let Some(sender) = lock.take() {
+            sender.try_send(()).ok();
+        }
    }

    /// Emits a single event.
@@ -604,13 +678,12 @@ impl Config {
        // Convert them to relative paths.
        let mut modified = false;
        for account in &mut config.inner.accounts {
-            if account.dir.is_absolute() {
-                if let Some(old_path_parent) = account.dir.parent() {
-                    if let Ok(new_path) = account.dir.strip_prefix(old_path_parent) {
-                        account.dir = new_path.to_path_buf();
-                        modified = true;
-                    }
-                }
+            if account.dir.is_absolute()
+                && let Some(old_path_parent) = account.dir.parent()
+                && let Ok(new_path) = account.dir.strip_prefix(old_path_parent)
+            {
+                account.dir = new_path.to_path_buf();
+                modified = true;
            }
        }
        if modified && writable {
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -61,9 +61,11 @@ impl fmt::Display for Aheader {
        if self.prefer_encrypt == EncryptPreference::Mutual {
            write!(fmt, " prefer-encrypt=mutual;")?;
        }
-        if self.verified {
-            write!(fmt, " _verified=1;")?;
-        }
+        // TODO After we reset all existing verifications,
+        // we want to start sending the _verified attribute
+        // if self.verified {
+        //     write!(fmt, " _verified=1;")?;
+        // }

        // adds a whitespace every 78 characters, this allows
        // email crate to wrap the lines according to RFC 5322
@@ -282,8 +284,9 @@ mod tests {
            .contains("test@example.com")
        );

+        // We don't send the _verified header yet:
        assert!(
-            format!(
+            !format!(
                "{}",
                Aheader {
                    addr: "test@example.com".to_string(),
--- a/src/authres.rs
+++ b/src/authres.rs
@@ -468,7 +468,7 @@ Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@
            // The ordering in which the emails are received can matter;
            // the test _should_ pass for every ordering.
            dir.sort_by_key(|d| d.file_name());
-            //rand::seq::SliceRandom::shuffle(&mut dir[..], &mut rand::thread_rng());
+            //rand::seq::SliceRandom::shuffle(&mut dir[..], &mut rand::rng());

            for entry in &dir {
                let mut file = fs::File::open(entry.path()).await?;
--- a/src/blob.rs
+++ b/src/blob.rs
@@ -20,7 +20,7 @@ use crate::config::Config;
 use crate::constants::{self, MediaQuality};
 use crate::context::Context;
 use crate::events::EventType;
-use crate::log::{LogExt, error, info, warn};
+use crate::log::{LogExt, warn};
 use crate::message::Viewtype;
 use crate::tools::sanitize_filename;

@@ -234,8 +234,13 @@ impl<'a> BlobObject<'a> {
    /// If `data` represents an image of known format, this adds the corresponding extension.
    ///
    /// Even though this function is not async, it's OK to call it from an async context.
-    pub(crate) fn store_from_base64(context: &Context, data: &str) -> Result<String> {
-        let buf = base64::engine::general_purpose::STANDARD.decode(data)?;
+    ///
+    /// Returns an error if there is an I/O problem,
+    /// but in case of a failure to decode base64 returns `Ok(None)`.
+    pub(crate) fn store_from_base64(context: &Context, data: &str) -> Result<Option<String>> {
+        let Ok(buf) = base64::engine::general_purpose::STANDARD.decode(data) else {
+            return Ok(None);
+        };
        let name = if let Ok(format) = image::guess_format(&buf) {
            if let Some(ext) = format.extensions_str().first() {
                format!("file.{ext}")
@@ -246,7 +251,7 @@ impl<'a> BlobObject<'a> {
            String::new()
        };
        let blob = BlobObject::create_and_deduplicate_from_bytes(context, &buf, &name)?;
-        Ok(blob.as_name().to_string())
+        Ok(Some(blob.as_name().to_string()))
    }

    /// Recode image to avatar size.
--- a/src/blob/blob_tests.rs
+++ b/src/blob/blob_tests.rs
@@ -173,11 +173,8 @@ async fn test_selfavatar_outside_blobdir() {
        .unwrap();
    let avatar_blob = t.get_config(Config::Selfavatar).await.unwrap().unwrap();
    let avatar_path = Path::new(&avatar_blob);
-    assert!(
-        avatar_blob.ends_with("7dde69e06b5ae6c27520a436bbfd65b.jpg"),
-        "The avatar filename should be its hash, put instead it's {avatar_blob}"
-    );
    let scaled_avatar_size = file_size(avatar_path).await;
+    info!(&t, "Scaled avatar size: {scaled_avatar_size}.");
    assert!(scaled_avatar_size < avatar_bytes.len() as u64);

    check_image_size(avatar_src, 1000, 1000);
@@ -187,6 +184,11 @@ async fn test_selfavatar_outside_blobdir() {
        constants::BALANCED_AVATAR_SIZE,
    );

+    assert!(
+        avatar_blob.ends_with("2a048b6fcd86448032b854ea1ad7608.jpg"),
+        "The avatar filename should be its hash, but instead it's {avatar_blob}"
+    );
+
    let mut blob = BlobObject::create_and_deduplicate(&t, avatar_path, avatar_path).unwrap();
    let viewtype = &mut Viewtype::Image;
    let strict_limits = true;
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -2,13 +2,14 @@
 //!
 //! Internally, calls are bound a user-visible message initializing the call.
 //! This means, the "Call ID" is a "Message ID" - similar to Webxdc IDs.
+use crate::chat::ChatIdBlocked;
 use crate::chat::{Chat, ChatId, send_msg};
-use crate::constants::Chattype;
+use crate::constants::{Blocked, Chattype};
 use crate::contact::ContactId;
-use crate::context::Context;
+use crate::context::{Context, WeakContext};
 use crate::events::EventType;
 use crate::headerdef::HeaderDef;
-use crate::log::{info, warn};
+use crate::log::warn;
 use crate::message::{self, Message, MsgId, Viewtype};
 use crate::mimeparser::{MimeMessage, SystemMessage};
 use crate::net::dns::lookup_host_with_cache;
@@ -198,8 +199,9 @@ impl Context {
        call.id = send_msg(self, chat_id, &mut call).await?;

        let wait = RINGING_SECONDS;
+        let context = self.get_weak_context();
        task::spawn(Context::emit_end_call_if_unaccepted(
-            self.clone(),
+            context,
            wait.try_into()?,
            call.id,
        ));
@@ -290,11 +292,12 @@ impl Context {
    }

    async fn emit_end_call_if_unaccepted(
-        context: Context,
+        context: WeakContext,
        wait: u64,
        call_id: MsgId,
    ) -> Result<()> {
        sleep(Duration::from_secs(wait)).await;
+        let context = context.upgrade()?;
        let Some(mut call) = context.load_call_by_id(call_id).await? else {
            warn!(
                context,
@@ -345,15 +348,31 @@ impl Context {
                            false
                        }
                    };
-                    self.emit_event(EventType::IncomingCall {
-                        msg_id: call.msg.id,
-                        chat_id: call.msg.chat_id,
-                        place_call_info: call.place_call_info.to_string(),
-                        has_video,
-                    });
+                    if let Some(chat_id_blocked) =
+                        ChatIdBlocked::lookup_by_contact(self, from_id).await?
+                    {
+                        match chat_id_blocked.blocked {
+                            Blocked::Not => {
+                                self.emit_event(EventType::IncomingCall {
+                                    msg_id: call.msg.id,
+                                    chat_id: call.msg.chat_id,
+                                    place_call_info: call.place_call_info.to_string(),
+                                    has_video,
+                                });
+                            }
+                            Blocked::Yes | Blocked::Request => {
+                                // Do not notify about incoming calls
+                                // from contact requests and blocked contacts.
+                                //
+                                // User can still access the call and accept it
+                                // via the chat in case of contact requests.
+                            }
+                        }
+                    }
                    let wait = call.remaining_ring_seconds();
+                    let context = self.get_weak_context();
                    task::spawn(Context::emit_end_call_if_unaccepted(
-                        self.clone(),
+                        context,
                        wait.try_into()?,
                        call.msg.id,
                    ));
--- a/src/calls/calls_tests.rs
+++ b/src/calls/calls_tests.rs
@@ -45,6 +45,12 @@ async fn setup_call() -> Result<CallSetup> {
    // Alice creates a chat with Bob and places an outgoing call there.
    // Alice's other device sees the same message as an outgoing call.
    let alice_chat = alice.create_chat(&bob).await;
+
+    // Create chat on Bob's side
+    // so incoming call causes a notification.
+    bob.create_chat(&alice).await;
+    bob2.create_chat(&alice).await;
+
    let test_msg_id = alice
        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string())
        .await?;
--- a/src/chat.rs
+++ b/src/chat.rs
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -107,11 +107,6 @@ impl Chatlist {
            Ok((chat_id, msg_id))
        };

-        let process_rows = |rows: rusqlite::MappedRows<_>| {
-            rows.collect::<std::result::Result<Vec<_>, _>>()
-                .map_err(Into::into)
-        };
-
        let skip_id = if flag_for_forwarding {
            ChatId::lookup_by_contact(context, ContactId::DEVICE)
                .await?
@@ -132,7 +127,7 @@ impl Chatlist {
        // groups. Otherwise it would be hard to follow conversations.
        let ids = if let Some(query_contact_id) = query_contact_id {
            // show chats shared with a given contact
-            context.sql.query_map(
+            context.sql.query_map_vec(
                "SELECT c.id, m.id
                 FROM chats c
                 LEFT JOIN msgs m
@@ -150,7 +145,6 @@ impl Chatlist {
                 ORDER BY c.archived=?3 DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                (MessageState::OutDraft, query_contact_id, ChatVisibility::Pinned),
                process_row,
-                process_rows,
            ).await?
        } else if flag_archived_only {
            // show archived chats
@@ -159,7 +153,7 @@ impl Chatlist {
            // and adapting the number requires larger refactorings and seems not to be worth the effort)
            context
                .sql
-                .query_map(
+                .query_map_vec(
                    "SELECT c.id, m.id
                 FROM chats c
                 LEFT JOIN msgs m
@@ -177,7 +171,6 @@ impl Chatlist {
                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft,),
                    process_row,
-                    process_rows,
                )
                .await?
        } else if let Some(query) = query {
@@ -195,7 +188,7 @@ impl Chatlist {
            let str_like_cmd = format!("%{query}%");
            context
                .sql
-                .query_map(
+                .query_map_vec(
                    "SELECT c.id, m.id
                 FROM chats c
                 LEFT JOIN msgs m
@@ -214,7 +207,6 @@ impl Chatlist {
                 ORDER BY IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, str_like_cmd, only_unread, MessageState::InFresh),
                    process_row,
-                    process_rows,
                )
                .await?
        } else {
@@ -229,7 +221,7 @@ impl Chatlist {
                    let msg_id: Option<MsgId> = row.get(3)?;
                    Ok((chat_id, typ, param, msg_id))
                };
-                let process_rows = |rows: rusqlite::MappedRows<_>| {
+                let process_rows = |rows: rusqlite::AndThenRows<_>| {
                    rows.filter_map(|row: std::result::Result<(_, _, Params, _), _>| match row {
                        Ok((chat_id, typ, param, msg_id)) => {
                            if typ == Chattype::Mailinglist
@@ -243,7 +235,6 @@ impl Chatlist {
                        Err(e) => Some(Err(e)),
                    })
                    .collect::<std::result::Result<Vec<_>, _>>()
-                    .map_err(Into::into)
                };
                context.sql.query_map(
                    "SELECT c.id, c.type, c.param, m.id
@@ -272,7 +263,7 @@ impl Chatlist {
                ).await?
            } else {
                //  show normal chatlist
-                context.sql.query_map(
+                context.sql.query_map_vec(
                    "SELECT c.id, m.id
                     FROM chats c
                     LEFT JOIN msgs m
@@ -290,7 +281,6 @@ impl Chatlist {
                     ORDER BY c.id=0 DESC, c.archived=? DESC, IFNULL(m.timestamp,c.created_timestamp) DESC, m.id DESC;",
                    (MessageState::OutDraft, skip_id, ChatVisibility::Archived, ChatVisibility::Pinned),
                    process_row,
-                    process_rows,
                ).await?
            };
            if !flag_no_specials && get_archived_cnt(context).await? > 0 {
@@ -481,8 +471,8 @@ mod tests {
    use super::*;
    use crate::chat::save_msgs;
    use crate::chat::{
-        ProtectionStatus, add_contact_to_chat, create_group_chat, get_chat_contacts,
-        remove_contact_from_chat, send_text_msg,
+        add_contact_to_chat, create_group, get_chat_contacts, remove_contact_from_chat,
+        send_text_msg,
    };
    use crate::receive_imf::receive_imf;
    use crate::stock_str::StockMessage;
@@ -495,15 +485,9 @@ mod tests {
    async fn test_try_load() {
        let mut tcm = TestContextManager::new();
        let bob = &tcm.bob().await;
-        let chat_id1 = create_group_chat(bob, ProtectionStatus::Unprotected, "a chat")
-            .await
-            .unwrap();
-        let chat_id2 = create_group_chat(bob, ProtectionStatus::Unprotected, "b chat")
-            .await
-            .unwrap();
-        let chat_id3 = create_group_chat(bob, ProtectionStatus::Unprotected, "c chat")
-            .await
-            .unwrap();
+        let chat_id1 = create_group(bob, "a chat").await.unwrap();
+        let chat_id2 = create_group(bob, "b chat").await.unwrap();
+        let chat_id3 = create_group(bob, "c chat").await.unwrap();

        // check that the chatlist starts with the most recent message
        let chats = Chatlist::try_load(bob, 0, None, None).await.unwrap();
@@ -536,9 +520,7 @@ mod tests {

        // receive a message from alice
        let alice = &tcm.alice().await;
-        let alice_chat_id = create_group_chat(alice, ProtectionStatus::Unprotected, "alice chat")
-            .await
-            .unwrap();
+        let alice_chat_id = create_group(alice, "alice chat").await.unwrap();
        add_contact_to_chat(
            alice,
            alice_chat_id,
@@ -576,9 +558,7 @@ mod tests {
    async fn test_sort_self_talk_up_on_forward() {
        let t = TestContext::new_alice().await;
        t.update_device_chats().await.unwrap();
-        create_group_chat(&t, ProtectionStatus::Unprotected, "a chat")
-            .await
-            .unwrap();
+        create_group(&t, "a chat").await.unwrap();

        let chats = Chatlist::try_load(&t, 0, None, None).await.unwrap();
        assert_eq!(chats.len(), 3);
@@ -765,9 +745,7 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_get_summary_unwrap() {
        let t = TestContext::new().await;
-        let chat_id1 = create_group_chat(&t, ProtectionStatus::Unprotected, "a chat")
-            .await
-            .unwrap();
+        let chat_id1 = create_group(&t, "a chat").await.unwrap();

        let mut msg = Message::new_text("foo:\nbar \r\n test".to_string());
        chat_id1.set_draft(&t, Some(&mut msg)).await.unwrap();
@@ -783,9 +761,7 @@ mod tests {
    async fn test_get_summary_deleted_draft() {
        let t = TestContext::new().await;

-        let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "a chat")
-            .await
-            .unwrap();
+        let chat_id = create_group(&t, "a chat").await.unwrap();
        let mut msg = Message::new_text("Foobar".to_string());
        chat_id.set_draft(&t, Some(&mut msg)).await.unwrap();

@@ -824,15 +800,9 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_load_broken() {
        let t = TestContext::new_bob().await;
-        let chat_id1 = create_group_chat(&t, ProtectionStatus::Unprotected, "a chat")
-            .await
-            .unwrap();
-        create_group_chat(&t, ProtectionStatus::Unprotected, "b chat")
-            .await
-            .unwrap();
-        create_group_chat(&t, ProtectionStatus::Unprotected, "c chat")
-            .await
-            .unwrap();
+        let chat_id1 = create_group(&t, "a chat").await.unwrap();
+        create_group(&t, "b chat").await.unwrap();
+        create_group(&t, "c chat").await.unwrap();

        // check that the chatlist starts with the most recent message
        let chats = Chatlist::try_load(&t, 0, None, None).await.unwrap();
--- a/src/config.rs
+++ b/src/config.rs
@@ -14,15 +14,15 @@ use tokio::fs;

 use crate::blob::BlobObject;
 use crate::configure::EnteredLoginParam;
-use crate::constants;
 use crate::context::Context;
 use crate::events::EventType;
-use crate::log::{LogExt, info};
-use crate::login_param::ConfiguredLoginParam;
+use crate::log::LogExt;
 use crate::mimefactory::RECOMMENDED_FILE_SIZE;
-use crate::provider::{Provider, get_provider_by_id};
+use crate::provider::Provider;
 use crate::sync::{self, Sync::*, SyncData};
 use crate::tools::get_abs_path;
+use crate::transport::ConfiguredLoginParam;
+use crate::{constants, stats};

 /// The available configuration keys.
 #[derive(
@@ -144,11 +144,11 @@ pub enum Config {

    /// Send BCC copy to self.
    ///
-    /// Should be enabled for multidevice setups.
-    /// Default is 0 for chatmail accounts, 1 otherwise.
+    /// Should be enabled for multi-device setups.
    ///
    /// This is automatically enabled when importing/exporting a backup,
    /// setting up a second device, or receiving a sync message.
+    #[strum(props(default = "0"))]
    BccSelf,

    /// True if Message Delivery Notifications (read receipts) should
@@ -156,10 +156,6 @@ pub enum Config {
    #[strum(props(default = "1"))]
    MdnsEnabled,

-    /// True if "Sent" folder should be watched for changes.
-    #[strum(props(default = "0"))]
-    SentboxWatch,
-
    /// True if chat messages should be moved to a separate folder. Auto-sent messages like sync
    /// ones are moved there anyway.
    #[strum(props(default = "1"))]
@@ -285,9 +281,6 @@ pub enum Config {
    /// Configured folder for chat messages.
    ConfiguredMvboxFolder,

-    /// Configured "Sent" folder.
-    ConfiguredSentboxFolder,
-
    /// Configured "Trash" folder.
    ConfiguredTrashFolder,

@@ -389,12 +382,6 @@ pub enum Config {
    /// Make all outgoing messages with Autocrypt header "multipart/signed".
    SignUnencrypted,

-    /// Enable header protection for `Autocrypt` header.
-    ///
-    /// This is an experimental setting not compatible to other MUAs
-    /// and older Delta Chat versions (core version <= v1.149.0).
-    ProtectAutocrypt,
-
    /// Let the core save all events to the database.
    /// This value is used internally to remember the MsgId of the logging xdc
    #[strum(props(default = "0"))]
@@ -414,9 +401,22 @@ pub enum Config {
    /// used for signatures, encryption to self and included in `Autocrypt` header.
    KeyId,

-    /// This key is sent to the self_reporting bot so that the bot can recognize the user
+    /// Send statistics to Delta Chat's developers.
+    /// Can be exposed to the user as a setting.
+    StatsSending,
+
+    /// Last time statistics were sent to Delta Chat's developers
+    StatsLastSent,
+
+    /// Last time `update_message_stats()` was called
+    StatsLastUpdate,
+
+    /// This key is sent to the statistics bot so that the bot can recognize the user
    /// without storing the email address
-    SelfReportingId,
+    StatsId,
+
+    /// The last contact id that already existed when statistics-sending was enabled for the first time.
+    StatsLastOldContactId,

    /// MsgId of webxdc map integration.
    WebxdcIntegration,
@@ -438,8 +438,19 @@ pub enum Config {
    /// storing the same token multiple times on the server.
    EncryptedDeviceToken,

+    /// Enables running test hooks, e.g. see `InnerContext::pre_encrypt_mime_hook`.
+    /// This way is better than conditional compilation, i.e. `#[cfg(test)]`, because tests not
+    /// using this still run unmodified code.
+    TestHooks,
+
    /// Return an error from `receive_imf_inner()` for a fully downloaded message. For tests.
    FailOnReceivingFullMsg,
+
+    /// Enable composing emails with Header Protection as defined in
+    /// <https://www.rfc-editor.org/rfc/rfc9788.html> "Header Protection for Cryptographically
+    /// Protected Email".
+    #[strum(props(default = "1"))]
+    StdHeaderProtectionComposing,
 }

 impl Config {
@@ -468,7 +479,7 @@ impl Config {
    pub(crate) fn needs_io_restart(&self) -> bool {
        matches!(
            self,
-            Config::MvboxMove | Config::OnlyFetchMvbox | Config::SentboxWatch
+            Config::MvboxMove | Config::OnlyFetchMvbox | Config::ConfiguredAddr
        )
    }
 }
@@ -515,10 +526,6 @@ impl Context {

        // Default values
        let val = match key {
-            Config::BccSelf => match Box::pin(self.is_chatmail()).await? {
-                false => Some("1".to_string()),
-                true => Some("0".to_string()),
-            },
            Config::ConfiguredInboxFolder => Some("INBOX".to_string()),
            Config::DeleteServerAfter => {
                match !Box::pin(self.get_config_bool(Config::BccSelf)).await?
@@ -582,8 +589,9 @@ impl Context {
    /// Returns boolean configuration value for the given key.
    pub async fn get_config_bool(&self, key: Config) -> Result<bool> {
        Ok(self
-            .get_config_parsed::<i32>(key)
+            .get_config(key)
            .await?
+            .and_then(|s| s.parse::<i32>().ok())
            .map(|x| x != 0)
            .unwrap_or_default())
    }
@@ -595,15 +603,6 @@ impl Context {
            || !self.get_config_bool(Config::IsChatmail).await?)
    }

-    /// Returns true if sentbox ("Sent" folder) should be watched.
-    pub(crate) async fn should_watch_sentbox(&self) -> Result<bool> {
-        Ok(self.get_config_bool(Config::SentboxWatch).await?
-            && self
-                .get_config(Config::ConfiguredSentboxFolder)
-                .await?
-                .is_some())
-    }
-
    /// Returns true if sync messages should be sent.
    pub(crate) async fn should_send_sync_msgs(&self) -> Result<bool> {
        Ok(self.get_config_bool(Config::SyncMsgs).await?
@@ -647,15 +646,14 @@ impl Context {
        Ok(val)
    }

-    /// Gets the configured provider, as saved in the `configured_provider` value.
+    /// Gets the configured provider.
    ///
-    /// The provider is determined by `get_provider_info()` during configuration and then saved
-    /// to the db in `param.save_to_database()`, together with all the other `configured_*` values.
+    /// The provider is determined by the current primary transport.
    pub async fn get_configured_provider(&self) -> Result<Option<&'static Provider>> {
-        if let Some(cfg) = self.get_config(Config::ConfiguredProvider).await? {
-            return Ok(get_provider_by_id(&cfg));
-        }
-        Ok(None)
+        let provider = ConfiguredLoginParam::load(self)
+            .await?
+            .and_then(|(_transport_id, param)| param.provider);
+        Ok(provider)
    }

    /// Gets configured "delete_device_after" value.
@@ -676,7 +674,7 @@ impl Context {
            Config::Selfavatar if value.is_empty() => None,
            Config::Selfavatar => {
                config_value = BlobObject::store_from_base64(self, value)?;
-                Some(config_value.as_str())
+                config_value.as_deref()
            }
            _ => Some(value),
        };
@@ -692,7 +690,6 @@ impl Context {
            | Config::ProxyEnabled
            | Config::BccSelf
            | Config::MdnsEnabled
-            | Config::SentboxWatch
            | Config::MvboxMove
            | Config::OnlyFetchMvbox
            | Config::DeleteToTrash
@@ -718,13 +715,29 @@ impl Context {
    pub async fn set_config(&self, key: Config, value: Option<&str>) -> Result<()> {
        Self::check_config(key, value)?;

+        let n_transports = self.count_transports().await?;
+        if n_transports > 1
+            && matches!(
+                key,
+                Config::MvboxMove | Config::OnlyFetchMvbox | Config::ShowEmails
+            )
+        {
+            bail!("Cannot reconfigure {key} when multiple transports are configured");
+        }
+
        let _pause = match key.needs_io_restart() {
            true => self.scheduler.pause(self).await?,
            _ => Default::default(),
        };
+        if key == Config::StatsSending {
+            let old_value = self.get_config(key).await?;
+            let old_value = bool_from_config(old_value.as_deref());
+            let new_value = bool_from_config(value);
+            stats::pre_sending_config_change(self, old_value, new_value).await?;
+        }
        self.set_config_internal(key, value).await?;
-        if key == Config::SentboxWatch {
-            self.last_full_folder_scan.lock().await.take();
+        if key == Config::StatsSending {
+            stats::maybe_send_stats(self).await?;
        }
        Ok(())
    }
@@ -797,20 +810,59 @@ impl Context {
                    .await?;
            }
            Config::ConfiguredAddr => {
-                if self.is_configured().await? {
-                    bail!("Cannot change ConfiguredAddr");
-                }
-                if let Some(addr) = value {
+                let Some(addr) = value else {
+                    bail!("Cannot unset configured_addr");
+                };
+
+                if !self.is_configured().await? {
                    info!(
                        self,
                        "Creating a pseudo configured account which will not be able to send or receive messages. Only meant for tests!"
                    );
-                    ConfiguredLoginParam::from_json(&format!(
-                        r#"{{"addr":"{addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#
-                    ))?
-                    .save_to_transports_table(self, &EnteredLoginParam::default())
-                    .await?;
+                    self.sql
+                        .execute(
+                            "INSERT INTO transports (addr, entered_param, configured_param) VALUES (?, ?, ?)",
+                            (
+                                addr,
+                                serde_json::to_string(&EnteredLoginParam::default())?,
+                                format!(r#"{{"addr":"{addr}","imap":[],"imap_user":"","imap_password":"","smtp":[],"smtp_user":"","smtp_password":"","certificate_checks":"Automatic","oauth2":false}}"#)
+                            ),
+                        )
+                        .await?;
+                    self.sql
+                        .set_raw_config(Config::ConfiguredAddr.as_ref(), Some(addr))
+                        .await?;
                }
+                self.sql
+                    .transaction(|transaction| {
+                        if transaction.query_row(
+                            "SELECT COUNT(*) FROM transports WHERE addr=?",
+                            (addr,),
+                            |row| {
+                                let res: i64 = row.get(0)?;
+                                Ok(res)
+                            },
+                        )? == 0
+                        {
+                            bail!("Address does not belong to any transport.");
+                        }
+                        transaction.execute(
+                            "UPDATE config SET value=? WHERE keyname='configured_addr'",
+                            (addr,),
+                        )?;
+
+                        // Clean up SMTP and IMAP APPEND queue.
+                        //
+                        // The messages in the queue have a different
+                        // From address so we cannot send them over
+                        // the new SMTP transport.
+                        transaction.execute("DELETE FROM smtp", ())?;
+                        transaction.execute("DELETE FROM imap_send", ())?;
+
+                        Ok(())
+                    })
+                    .await?;
+                self.sql.uncache_raw_config("configured_addr").await;
            }
            _ => {
                self.sql.set_raw_config(key.as_ref(), value).await?;
@@ -877,6 +929,10 @@ pub(crate) fn from_bool(val: bool) -> Option<&'static str> {
    Some(if val { "1" } else { "0" })
 }

+pub(crate) fn bool_from_config(config: Option<&str>) -> bool {
+    config.is_some_and(|v| v.parse::<i32>().unwrap_or_default() != 0)
+}
+
 // Separate impl block for self address handling
 impl Context {
    /// Determine whether the specified addr maps to the/a self addr.
--- a/src/config/config_tests.rs
+++ b/src/config/config_tests.rs
@@ -278,7 +278,6 @@ async fn test_sync() -> Result<()> {
    Ok(())
 }

-/// Sync message mustn't be sent if self-{status,avatar} is changed by a self-sent message.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_no_sync_on_self_sent_msg() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -288,7 +287,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
        a.set_config_bool(Config::SyncMsgs, true).await?;
    }

-    let status = "Synced via usual message";
+    let status = "Sent via usual message";
    alice0.set_config(Config::Selfstatus, Some(status)).await?;
    alice0.send_sync_msg().await?;
    alice0.pop_sent_sync_msg().await;
@@ -297,7 +296,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
    tcm.send_recv(alice0, alice1, "hi Alice!").await;
    assert_eq!(
        alice1.get_config(Config::Selfstatus).await?,
-        Some(status.to_string())
+        Some(status1.to_string())
    );
    sync(alice1, alice0).await;
    assert_eq!(
@@ -328,7 +327,7 @@ async fn test_no_sync_on_self_sent_msg() -> Result<()> {
        alice1
            .get_config(Config::Selfavatar)
            .await?
-            .filter(|path| path.ends_with(".png"))
+            .filter(|path| path.ends_with(".jpg"))
            .is_some()
    );
    sync(alice1, alice0).await;
--- a/src/configure.rs
+++ b/src/configure.rs
@@ -27,21 +27,23 @@ use crate::config::{self, Config};
 use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
 use crate::imap::Imap;
-use crate::log::{LogExt, info, warn};
+use crate::log::warn;
+use crate::login_param::EnteredCertificateChecks;
 pub use crate::login_param::EnteredLoginParam;
-use crate::login_param::{
-    ConfiguredCertificateChecks, ConfiguredLoginParam, ConfiguredServerLoginParam,
-    ConnectionCandidate, EnteredCertificateChecks, ProxyConfig,
-};
 use crate::message::Message;
+use crate::net::proxy::ProxyConfig;
 use crate::oauth2::get_oauth2_addr;
 use crate::provider::{Protocol, Provider, Socket, UsernamePattern};
+use crate::qr::{login_param_from_account_qr, login_param_from_login_qr};
 use crate::smtp::Smtp;
 use crate::sync::Sync::*;
 use crate::tools::time;
+use crate::transport::{
+    ConfiguredCertificateChecks, ConfiguredLoginParam, ConfiguredServerLoginParam,
+    ConnectionCandidate, send_sync_transports,
+};
 use crate::{EventType, stock_str};
 use crate::{chat, provider};
-use deltachat_contact_tools::addr_cmp;

 macro_rules! progress {
    ($context:tt, $progress:expr, $comment:expr) => {
@@ -117,7 +119,7 @@ impl Context {
        Ok(())
    }

-    async fn add_transport_inner(&self, param: &mut EnteredLoginParam) -> Result<()> {
+    pub(crate) async fn add_transport_inner(&self, param: &mut EnteredLoginParam) -> Result<()> {
        ensure!(
            !self.scheduler.is_running().await,
            "cannot configure, already running"
@@ -127,12 +129,6 @@ impl Context {
            "cannot configure, database not opened."
        );
        param.addr = addr_normalize(&param.addr);
-        let old_addr = self.get_config(Config::ConfiguredAddr).await?;
-        if self.is_configured().await? && !addr_cmp(&old_addr.unwrap_or_default(), &param.addr) {
-            let error_msg = "Changing your email address is not supported right now. Check back in a few months!";
-            progress!(self, 0, Some(error_msg.to_string()));
-            bail!(error_msg);
-        }
        let cancel_channel = self.alloc_ongoing().await?;

        let res = self
@@ -162,20 +158,15 @@ impl Context {
    pub async fn add_transport_from_qr(&self, qr: &str) -> Result<()> {
        self.stop_io().await;

-        // This code first sets the deprecated Config::Addr, Config::MailPw, etc.
-        // and then calls configure(), which loads them again.
-        // At some point, we will remove configure()
-        // and then simplify the code
-        // to directly create an EnteredLoginParam.
        let result = async move {
-            match crate::qr::check_qr(self, qr).await? {
-                crate::qr::Qr::Account { .. } => crate::qr::set_account_from_qr(self, qr).await?,
+            let mut param = match crate::qr::check_qr(self, qr).await? {
+                crate::qr::Qr::Account { .. } => login_param_from_account_qr(self, qr).await?,
                crate::qr::Qr::Login { address, options } => {
-                    crate::qr::configure_from_login_qr(self, &address, options).await?
+                    login_param_from_login_qr(&address, options)?
                }
                _ => bail!("QR code does not contain account"),
-            }
-            self.configure().await?;
+            };
+            self.add_transport_inner(&mut param).await?;
            Ok(())
        }
        .await;
@@ -196,38 +187,102 @@ impl Context {
    pub async fn list_transports(&self) -> Result<Vec<EnteredLoginParam>> {
        let transports = self
            .sql
-            .query_map(
-                "SELECT entered_param FROM transports",
-                (),
-                |row| row.get::<_, String>(0),
-                |rows| {
-                    rows.flatten()
-                        .map(|s| Ok(serde_json::from_str(&s)?))
-                        .collect::<Result<Vec<EnteredLoginParam>>>()
-                },
-            )
+            .query_map_vec("SELECT entered_param FROM transports", (), |row| {
+                let entered_param: String = row.get(0)?;
+                let transport: EnteredLoginParam = serde_json::from_str(&entered_param)?;
+                Ok(transport)
+            })
            .await?;

        Ok(transports)
    }

+    /// Returns the number of configured transports.
+    pub async fn count_transports(&self) -> Result<usize> {
+        self.sql.count("SELECT COUNT(*) FROM transports", ()).await
+    }
+
    /// Removes the transport with the specified email address
    /// (i.e. [EnteredLoginParam::addr]).
-    #[expect(clippy::unused_async)]
-    pub async fn delete_transport(&self, _addr: &str) -> Result<()> {
-        bail!(
-            "Adding and removing additional transports is not supported yet. Check back in a few months!"
-        )
+    pub async fn delete_transport(&self, addr: &str) -> Result<()> {
+        let now = time();
+        self.sql
+            .transaction(|transaction| {
+                let primary_addr = transaction.query_row(
+                    "SELECT value FROM config WHERE keyname='configured_addr'",
+                    (),
+                    |row| {
+                        let addr: String = row.get(0)?;
+                        Ok(addr)
+                    },
+                )?;
+
+                if primary_addr == addr {
+                    bail!("Cannot delete primary transport");
+                }
+                let (transport_id, add_timestamp) = transaction.query_row(
+                    "DELETE FROM transports WHERE addr=? RETURNING id, add_timestamp",
+                    (addr,),
+                    |row| {
+                        let id: u32 = row.get(0)?;
+                        let add_timestamp: i64 = row.get(1)?;
+                        Ok((id, add_timestamp))
+                    },
+                )?;
+                transaction.execute("DELETE FROM imap WHERE transport_id=?", (transport_id,))?;
+                transaction.execute(
+                    "DELETE FROM imap_sync WHERE transport_id=?",
+                    (transport_id,),
+                )?;
+
+                // Removal timestamp should not be lower than addition timestamp
+                // to be accepted by other devices when synced.
+                let remove_timestamp = std::cmp::max(now, add_timestamp);
+
+                transaction.execute(
+                    "INSERT INTO removed_transports (addr, remove_timestamp)
+                     VALUES (?, ?)
+                     ON CONFLICT (addr)
+                     DO UPDATE SET remove_timestamp = excluded.remove_timestamp",
+                    (addr, remove_timestamp),
+                )?;
+
+                Ok(())
+            })
+            .await?;
+        send_sync_transports(self).await?;
+
+        Ok(())
    }

    async fn inner_configure(&self, param: &EnteredLoginParam) -> Result<()> {
        info!(self, "Configure ...");

        let old_addr = self.get_config(Config::ConfiguredAddr).await?;
+        if old_addr.is_some()
+            && !self
+                .sql
+                .exists(
+                    "SELECT COUNT(*) FROM transports WHERE addr=?",
+                    (&param.addr,),
+                )
+                .await?
+        {
+            if self.get_config(Config::MvboxMove).await?.as_deref() != Some("0") {
+                bail!("Cannot use multi-transport with mvbox_move enabled.");
+            }
+            if self.get_config(Config::OnlyFetchMvbox).await?.as_deref() != Some("0") {
+                bail!("Cannot use multi-transport with only_fetch_mvbox enabled.");
+            }
+            if self.get_config(Config::ShowEmails).await?.as_deref() != Some("2") {
+                bail!("Cannot use multi-transport with disabled fetching of classic emails.");
+            }
+        }
+
        let provider = configure(self, param).await?;
        self.set_config_internal(Config::NotifyAboutWrongPw, Some("1"))
            .await?;
-        on_configure_completed(self, provider, old_addr).await?;
+        on_configure_completed(self, provider).await?;
        Ok(())
    }
 }
@@ -235,7 +290,6 @@ impl Context {
 async fn on_configure_completed(
    context: &Context,
    provider: Option<&'static Provider>,
-    old_addr: Option<String>,
 ) -> Result<()> {
    if let Some(provider) = provider {
        if let Some(config_defaults) = provider.config_defaults {
@@ -265,21 +319,6 @@ async fn on_configure_completed(
        }
    }

-    if let Some(new_addr) = context.get_config(Config::ConfiguredAddr).await? {
-        if let Some(old_addr) = old_addr {
-            if !addr_cmp(&new_addr, &old_addr) {
-                let mut msg = Message::new_text(
-                    stock_str::aeap_explanation_and_link(context, &old_addr, &new_addr).await,
-                );
-                chat::add_device_msg(context, None, Some(&mut msg))
-                    .await
-                    .context("Cannot add AEAP explanation")
-                    .log_err(context)
-                    .ok();
-            }
-        }
-    }
-
    Ok(())
 }

@@ -300,8 +339,6 @@ async fn get_configured_param(
        param.smtp.password.clone()
    };

-    let proxy_enabled = ctx.get_config_bool(Config::ProxyEnabled).await?;
-
    let mut addr = param.addr.clone();
    if param.oauth2 {
        // the used oauth2 addr may differ, check this.
@@ -343,7 +380,7 @@ async fn get_configured_param(
            "checking internal provider-info for offline autoconfig"
        );

-        provider = provider::get_provider_info(ctx, &param_domain, proxy_enabled).await;
+        provider = provider::get_provider_info(&param_domain);
        if let Some(provider) = provider {
            if provider.server.is_empty() {
                info!(ctx, "Offline autoconfig found, but no servers defined.");
@@ -513,80 +550,40 @@ async fn configure(ctx: &Context, param: &EnteredLoginParam) -> Result<Option<&'

    // Configure IMAP

+    let transport_id = 0;
    let (_s, r) = async_channel::bounded(1);
-    let mut imap = Imap::new(
-        configured_param.imap.clone(),
-        configured_param.imap_password.clone(),
-        proxy_config,
-        &configured_param.addr,
-        strict_tls,
-        configured_param.oauth2,
-        r,
-    );
+    let mut imap = Imap::new(ctx, transport_id, configured_param.clone(), r).await?;
    let configuring = true;
-    let mut imap_session = match imap.connect(ctx, configuring).await {
-        Ok(session) => session,
-        Err(err) => bail!(
+    if let Err(err) = imap.connect(ctx, configuring).await {
+        bail!(
            "{}",
            nicer_configuration_error(ctx, format!("{err:#}")).await
-        ),
+        );
    };

    progress!(ctx, 850);

    // Wait for SMTP configuration
-    smtp_config_task.await.unwrap()?;
+    smtp_config_task.await??;

    progress!(ctx, 900);

-    let is_chatmail = match ctx.get_config_bool(Config::FixIsChatmail).await? {
-        false => {
-            let is_chatmail = imap_session.is_chatmail();
-            ctx.set_config(
-                Config::IsChatmail,
-                Some(match is_chatmail {
-                    false => "0",
-                    true => "1",
-                }),
-            )
-            .await?;
-            is_chatmail
-        }
-        true => ctx.get_config_bool(Config::IsChatmail).await?,
-    };
-    if is_chatmail {
-        ctx.set_config(Config::SentboxWatch, None).await?;
-        ctx.set_config(Config::MvboxMove, Some("0")).await?;
-        ctx.set_config(Config::OnlyFetchMvbox, None).await?;
-        ctx.set_config(Config::ShowEmails, None).await?;
+    let is_configured = ctx.is_configured().await?;
+    if !is_configured {
+        ctx.sql.set_raw_config("mvbox_move", Some("0")).await?;
+        ctx.sql.set_raw_config("only_fetch_mvbox", None).await?;
    }

-    let create_mvbox = !is_chatmail;
-    imap.configure_folders(ctx, &mut imap_session, create_mvbox)
-        .await?;
-
-    let create = true;
-    imap_session
-        .select_with_uidvalidity(ctx, "INBOX", create)
-        .await
-        .context("could not read INBOX status")?;
-
    drop(imap);

    progress!(ctx, 910);

-    if let Some(configured_addr) = ctx.get_config(Config::ConfiguredAddr).await? {
-        if configured_addr != param.addr {
-            // Switched account, all server UIDs we know are invalid
-            info!(ctx, "Scheduling resync because the address has changed.");
-            ctx.schedule_resync().await?;
-        }
-    }
-
    let provider = configured_param.provider;
    configured_param
-        .save_to_transports_table(ctx, param)
+        .clone()
+        .save_to_transports_table(ctx, param, time())
        .await?;
+    send_sync_transports(ctx).await?;

    ctx.set_config_internal(Config::ConfiguredTimestamp, Some(&time().to_string()))
        .await?;
--- a/src/configure/auto_mozilla.rs
+++ b/src/configure/auto_mozilla.rs
@@ -28,8 +28,9 @@ struct MozAutoconfigure {
    pub outgoing_servers: Vec<Server>,
 }

-#[derive(Debug)]
+#[derive(Debug, Default)]
 enum MozConfigTag {
+    #[default]
    Undefined,
    Hostname,
    Port,
@@ -37,12 +38,6 @@ enum MozConfigTag {
    Username,
 }

-impl Default for MozConfigTag {
-    fn default() -> Self {
-        Self::Undefined
-    }
-}
-
 impl FromStr for MozConfigTag {
    type Err = ();

@@ -159,10 +154,10 @@ fn parse_xml_reader<B: BufRead>(
                    if let Some(incoming_server) = parse_server(reader, event)? {
                        incoming_servers.push(incoming_server);
                    }
-                } else if tag == "outgoingserver" {
-                    if let Some(outgoing_server) = parse_server(reader, event)? {
-                        outgoing_servers.push(outgoing_server);
-                    }
+                } else if tag == "outgoingserver"
+                    && let Some(outgoing_server) = parse_server(reader, event)?
+                {
+                    outgoing_servers.push(outgoing_server);
                }
            }
            Event::Eof => break,
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -101,6 +101,8 @@ pub const DC_CHAT_ID_LAST_SPECIAL: ChatId = ChatId::new(9);
    Copy,
    PartialEq,
    Eq,
+    PartialOrd,
+    Ord,
    FromPrimitive,
    ToPrimitive,
    FromSql,
@@ -118,7 +120,7 @@ pub enum Chattype {

    /// Group chat.
    ///
-    /// Created by [`crate::chat::create_group_chat`].
+    /// Created by [`crate::chat::create_group`].
    Group = 120,

    /// An (unencrypted) mailing list,
@@ -221,6 +223,9 @@ pub(crate) const DC_FOLDERS_CONFIGURED_VERSION: i32 = 5;
 // `max_smtp_rcpt_to` in the provider db.
 pub(crate) const DEFAULT_MAX_SMTP_RCPT_TO: usize = 50;

+/// Same as `DEFAULT_MAX_SMTP_RCPT_TO`, but for chatmail relays.
+pub(crate) const DEFAULT_CHATMAIL_MAX_SMTP_RCPT_TO: usize = 999;
+
 /// How far the last quota check needs to be in the past to be checked by the background function (in seconds).
 pub(crate) const DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT: u64 = 12 * 60 * 60; // 12 hours

@@ -248,6 +253,18 @@ pub(crate) const ASM_BODY: &str = "This is the Autocrypt Setup Message \
 /// Period between `sql::housekeeping()` runs.
 pub(crate) const HOUSEKEEPING_PERIOD: i64 = 24 * 60 * 60;

+pub(crate) const BROADCAST_INCOMPATIBILITY_MSG: &str = r#"The up to now "experimental channels feature" is about to become an officially supported one. By that, privacy will be improved, it will become faster, and less traffic will be consumed.
+
+As we do not guarantee feature-stability for such experiments, this means, that you will need to create the channel again. 
+
+Here is what to do:
+ • Create a new channel
+ • Tap on the channel name
+ • Tap on "QR Invite Code"
+ • Have all recipients scan the QR code, or send them the link
+
+If you have any questions, please send an email to delta@merlinux.eu or ask at https://support.delta.chat/."#;
+
 #[cfg(test)]
 mod tests {
    use num_traits::FromPrimitive;
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -31,7 +31,7 @@ use crate::key::{
    DcKey, Fingerprint, SignedPublicKey, load_self_public_key, self_fingerprint,
    self_fingerprint_opt,
 };
-use crate::log::{LogExt, info, warn};
+use crate::log::{LogExt, warn};
 use crate::message::MessageState;
 use crate::mimeparser::AvatarAction;
 use crate::param::{Param, Params};
@@ -130,35 +130,37 @@ impl ContactId {
                            Ok((addr, fingerprint))
                        },
                    )?;
-                    context.emit_event(EventType::ContactsChanged(Some(self)));
                    Ok(Some((addr, fingerprint)))
                } else {
                    Ok(None)
                }
            })
            .await?;
+        if row.is_some() {
+            context.emit_event(EventType::ContactsChanged(Some(self)));
+        }

-        if sync.into() {
-            if let Some((addr, fingerprint)) = row {
-                if fingerprint.is_empty() {
-                    chat::sync(
-                        context,
-                        chat::SyncId::ContactAddr(addr),
-                        chat::SyncAction::Rename(name.to_string()),
-                    )
-                    .await
-                    .log_err(context)
-                    .ok();
-                } else {
-                    chat::sync(
-                        context,
-                        chat::SyncId::ContactFingerprint(fingerprint),
-                        chat::SyncAction::Rename(name.to_string()),
-                    )
-                    .await
-                    .log_err(context)
-                    .ok();
-                }
+        if sync.into()
+            && let Some((addr, fingerprint)) = row
+        {
+            if fingerprint.is_empty() {
+                chat::sync(
+                    context,
+                    chat::SyncId::ContactAddr(addr),
+                    chat::SyncAction::Rename(name.to_string()),
+                )
+                .await
+                .log_err(context)
+                .ok();
+            } else {
+                chat::sync(
+                    context,
+                    chat::SyncId::ContactFingerprint(fingerprint),
+                    chat::SyncAction::Rename(name.to_string()),
+                )
+                .await
+                .log_err(context)
+                .ok();
            }
        }
        Ok(())
@@ -369,38 +371,33 @@ async fn import_vcard_contact(context: &Context, contact: &VcardContact) -> Resu
        return Ok(id);
    }
    let path = match &contact.profile_image {
-        Some(image) => match BlobObject::store_from_base64(context, image) {
-            Err(e) => {
+        Some(image) => match BlobObject::store_from_base64(context, image)? {
+            None => {
                warn!(
                    context,
-                    "import_vcard_contact: Could not decode and save avatar for {}: {e:#}.",
-                    contact.addr
+                    "import_vcard_contact: Could not decode avatar for {}.", contact.addr
                );
                None
            }
-            Ok(path) => Some(path),
+            Some(path) => Some(path),
        },
        None => None,
    };
-    if let Some(path) = path {
-        // Currently this value doesn't matter as we don't import the contact of self.
-        let was_encrypted = false;
-        if let Err(e) =
-            set_profile_image(context, id, &AvatarAction::Change(path), was_encrypted).await
-        {
-            warn!(
-                context,
-                "import_vcard_contact: Could not set avatar for {}: {e:#}.", contact.addr
-            );
-        }
+    if let Some(path) = path
+        && let Err(e) = set_profile_image(context, id, &AvatarAction::Change(path)).await
+    {
+        warn!(
+            context,
+            "import_vcard_contact: Could not set avatar for {}: {e:#}.", contact.addr
+        );
    }
-    if let Some(biography) = &contact.biography {
-        if let Err(e) = set_status(context, id, biography.to_owned(), false, false).await {
-            warn!(
-                context,
-                "import_vcard_contact: Could not set biography for {}: {e:#}.", contact.addr
-            );
-        }
+    if let Some(biography) = &contact.biography
+        && let Err(e) = set_status(context, id, biography.to_owned()).await
+    {
+        warn!(
+            context,
+            "import_vcard_contact: Could not set biography for {}: {e:#}.", contact.addr
+        );
    }
    Ok(id)
 }
@@ -1282,14 +1279,13 @@ impl Contact {

        let list = context
            .sql
-            .query_map(
+            .query_map_vec(
                "SELECT id FROM contacts WHERE id>? AND blocked!=0 ORDER BY last_seen DESC, id DESC;",
                (ContactId::LAST_SPECIAL,),
-                |row| row.get::<_, ContactId>(0),
-                |ids| {
-                    ids.collect::<std::result::Result<Vec<_>, _>>()
-                        .map_err(Into::into)
-                },
+                |row| {
+                    let contact_id: ContactId = row.get(0)?;
+                    Ok(contact_id)
+                }
            )
            .await?;
        Ok(list)
@@ -1509,18 +1505,6 @@ impl Contact {
        &self.addr
    }

-    /// Get authorized name or address.
-    ///
-    /// This string is suitable for sending over email
-    /// as it does not leak the locally set name.
-    pub(crate) fn get_authname_or_addr(&self) -> String {
-        if !self.authname.is_empty() {
-            (&self.authname).into()
-        } else {
-            (&self.addr).into()
-        }
-    }
-
    /// Get a summary of name and address.
    ///
    /// The returned string is either "Name (email@domain.com)" or just
@@ -1566,20 +1550,33 @@ impl Contact {
        if show_fallback_icon && !self.id.is_special() && !self.is_key_contact() {
            return Ok(Some(chat::get_unencrypted_icon(context).await?));
        }
-        if let Some(image_rel) = self.param.get(Param::ProfileImage) {
-            if !image_rel.is_empty() {
-                return Ok(Some(get_abs_path(context, Path::new(image_rel))));
-            }
+        if let Some(image_rel) = self.param.get(Param::ProfileImage)
+            && !image_rel.is_empty()
+        {
+            return Ok(Some(get_abs_path(context, Path::new(image_rel))));
        }
        Ok(None)
    }

    /// Returns a color for the contact.
-    /// See [`self::get_color`].
+    /// For self-contact this returns gray if own keypair doesn't exist yet.
+    /// See also [`self::get_color`].
    pub fn get_color(&self) -> u32 {
        get_color(self.id == ContactId::SELF, &self.addr, &self.fingerprint())
    }

+    /// Returns a color for the contact.
+    /// Ensures that the color isn't gray. For self-contact this generates own keypair if it doesn't
+    /// exist yet.
+    /// See also [`self::get_color`].
+    pub async fn get_or_gen_color(&self, context: &Context) -> Result<u32> {
+        let mut fpr = self.fingerprint();
+        if fpr.is_none() && self.id == ContactId::SELF {
+            fpr = Some(load_self_public_key(context).await?.dc_fingerprint());
+        }
+        Ok(get_color(self.id == ContactId::SELF, &self.addr, &fpr))
+    }
+
    /// Gets the contact's status.
    ///
    /// Status is the last signature received in a message from this contact.
@@ -1789,12 +1786,11 @@ WHERE type=? AND id IN (

        // also unblock mailinglist
        // if the contact is a mailinglist address explicitly created to allow unblocking
-        if !new_blocking && contact.origin == Origin::MailinglistAddress {
-            if let Some((chat_id, _, _)) =
-                chat::get_chat_id_by_grpid(context, &contact.addr).await?
-            {
-                chat_id.unblock_ex(context, Nosync).await?;
-            }
+        if !new_blocking
+            && contact.origin == Origin::MailinglistAddress
+            && let Some((chat_id, ..)) = chat::get_chat_id_by_grpid(context, &contact.addr).await?
+        {
+            chat_id.unblock_ex(context, Nosync).await?;
        }

        if sync.into() {
@@ -1824,25 +1820,19 @@ WHERE type=? AND id IN (
 /// The given profile image is expected to be already in the blob directory
 /// as profile images can be set only by receiving messages, this should be always the case, however.
 ///
-/// For contact SELF, the image is not saved in the contact-database but as Config::Selfavatar;
-/// this typically happens if we see message with our own profile image.
+/// For contact SELF, the image is not saved in the contact-database but as Config::Selfavatar.
 pub(crate) async fn set_profile_image(
    context: &Context,
    contact_id: ContactId,
    profile_image: &AvatarAction,
-    was_encrypted: bool,
 ) -> Result<()> {
    let mut contact = Contact::get_by_id(context, contact_id).await?;
    let changed = match profile_image {
        AvatarAction::Change(profile_image) => {
            if contact_id == ContactId::SELF {
-                if was_encrypted {
-                    context
-                        .set_config_ex(Nosync, Config::Selfavatar, Some(profile_image))
-                        .await?;
-                } else {
-                    info!(context, "Do not use unencrypted selfavatar.");
-                }
+                context
+                    .set_config_ex(Nosync, Config::Selfavatar, Some(profile_image))
+                    .await?;
            } else {
                contact.param.set(Param::ProfileImage, profile_image);
            }
@@ -1850,13 +1840,9 @@ pub(crate) async fn set_profile_image(
        }
        AvatarAction::Delete => {
            if contact_id == ContactId::SELF {
-                if was_encrypted {
-                    context
-                        .set_config_ex(Nosync, Config::Selfavatar, None)
-                        .await?;
-                } else {
-                    info!(context, "Do not use unencrypted selfavatar deletion.");
-                }
+                context
+                    .set_config_ex(Nosync, Config::Selfavatar, None)
+                    .await?;
            } else {
                contact.param.remove(Param::ProfileImage);
            }
@@ -1873,22 +1859,16 @@ pub(crate) async fn set_profile_image(

 /// Sets contact status.
 ///
-/// For contact SELF, the status is not saved in the contact table, but as Config::Selfstatus.  This
-/// is only done if message is sent from Delta Chat and it is encrypted, to synchronize signature
-/// between Delta Chat devices.
+/// For contact SELF, the status is not saved in the contact table, but as Config::Selfstatus.
 pub(crate) async fn set_status(
    context: &Context,
    contact_id: ContactId,
    status: String,
-    encrypted: bool,
-    has_chat_version: bool,
 ) -> Result<()> {
    if contact_id == ContactId::SELF {
-        if encrypted && has_chat_version {
-            context
-                .set_config_ex(Nosync, Config::Selfstatus, Some(&status))
-                .await?;
-        }
+        context
+            .set_config_ex(Nosync, Config::Selfstatus, Some(&status))
+            .await?;
    } else {
        let mut contact = Contact::get_by_id(context, contact_id).await?;

@@ -2050,7 +2030,7 @@ impl RecentlySeenLoop {
        // become unseen in the future.
        let mut unseen_queue: BinaryHeap<MyHeapElem> = context
            .sql
-            .query_map(
+            .query_map_collect(
                "SELECT id, last_seen FROM contacts
                 WHERE last_seen > ?",
                (now_ts - SEEN_RECENTLY_SECONDS,),
@@ -2059,10 +2039,6 @@ impl RecentlySeenLoop {
                    let last_seen: i64 = row.get("last_seen")?;
                    Ok((Reverse(last_seen + SEEN_RECENTLY_SECONDS), contact_id))
                },
-                |rows| {
-                    rows.collect::<std::result::Result<BinaryHeap<MyHeapElem>, _>>()
-                        .map_err(Into::into)
-                },
            )
            .await
            .unwrap_or_default();
--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -1,11 +1,10 @@
 use deltachat_contact_tools::{addr_cmp, may_be_valid_addr};

 use super::*;
-use crate::chat::{Chat, ProtectionStatus, get_chat_contacts, send_text_msg};
+use crate::chat::{Chat, get_chat_contacts, send_text_msg};
 use crate::chatlist::Chatlist;
 use crate::receive_imf::receive_imf;
-use crate::securejoin::get_securejoin_qr;
-use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote};
+use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote, sync};

 #[test]
 fn test_contact_id_values() {
@@ -775,16 +774,21 @@ async fn test_contact_get_color() -> Result<()> {
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_self_color_vs_key() -> Result<()> {
+async fn test_self_color() -> Result<()> {
    let mut tcm = TestContextManager::new();
    let t = &tcm.unconfigured().await;
    t.configure_addr("alice@example.org").await;
    assert!(t.is_configured().await?);
-    let color = Contact::get_by_id(t, ContactId::SELF).await?.get_color();
+    let self_contact = Contact::get_by_id(t, ContactId::SELF).await?;
+    let color = self_contact.get_color();
    assert_eq!(color, 0x808080);
-    get_securejoin_qr(t, None).await?;
-    let color1 = Contact::get_by_id(t, ContactId::SELF).await?.get_color();
-    assert_ne!(color1, color);
+    let color = self_contact.get_or_gen_color(t).await?;
+    assert_ne!(color, 0x808080);
+    let color1 = self_contact.get_or_gen_color(t).await?;
+    assert_eq!(color1, color);
+
+    let bob = &tcm.bob().await;
+    assert_eq!(bob.add_or_lookup_contact(t).await.get_color(), color);
    Ok(())
 }

@@ -846,8 +850,7 @@ CCCB 5AA9 F6E1 141C 9431
    Ok(())
 }

-/// Tests that status is synchronized when sending encrypted BCC-self messages and not
-/// synchronized when the message is not encrypted.
+/// Tests that self-status is not synchronized from outgoing messages.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_synchronize_status() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -866,21 +869,12 @@ async fn test_synchronize_status() -> Result<()> {
        .await?;
    let chat = alice1.create_email_chat(bob).await;

-    // Alice sends a message to Bob from the first device.
+    // Alice sends an unencrypted message to Bob from the first device.
    send_text_msg(alice1, chat.id, "Hello".to_string()).await?;
    let sent_msg = alice1.pop_sent_msg().await;

-    // Message is not encrypted.
-    let message = sent_msg.load_from_db().await;
-    assert!(!message.get_showpadlock());
-
    // Alice's second devices receives a copy of outgoing message.
    alice2.recv_msg(&sent_msg).await;
-
-    // Bob receives message.
-    bob.recv_msg(&sent_msg).await;
-
-    // Message was not encrypted, so status is not copied.
    assert_eq!(alice2.get_config(Config::Selfstatus).await?, default_status);

    // Alice sends encrypted message.
@@ -888,17 +882,9 @@ async fn test_synchronize_status() -> Result<()> {
    send_text_msg(alice1, chat.id, "Hello".to_string()).await?;
    let sent_msg = alice1.pop_sent_msg().await;

-    // Second message is encrypted.
-    let message = sent_msg.load_from_db().await;
-    assert!(message.get_showpadlock());
-
    // Alice's second devices receives a copy of second outgoing message.
    alice2.recv_msg(&sent_msg).await;
-
-    assert_eq!(
-        alice2.get_config(Config::Selfstatus).await?,
-        Some("New status".to_string())
-    );
+    assert_eq!(alice2.get_config(Config::Selfstatus).await?, default_status);

    Ok(())
 }
@@ -911,9 +897,9 @@ async fn test_selfavatar_changed_event() -> Result<()> {
    // Alice has two devices.
    let alice1 = &tcm.alice().await;
    let alice2 = &tcm.alice().await;
-
-    // Bob has one device.
-    let bob = &tcm.bob().await;
+    for a in [alice1, alice2] {
+        a.set_config_bool(Config::SyncMsgs, true).await?;
+    }

    assert_eq!(alice1.get_config(Config::Selfavatar).await?, None);

@@ -929,17 +915,7 @@ async fn test_selfavatar_changed_event() -> Result<()> {
        .get_matching(|e| matches!(e, EventType::SelfavatarChanged))
        .await;

-    // Alice sends a message.
-    let alice1_chat_id = alice1.create_chat(bob).await.id;
-    send_text_msg(alice1, alice1_chat_id, "Hello".to_string()).await?;
-    let sent_msg = alice1.pop_sent_msg().await;
-
-    // The message is encrypted.
-    let message = sent_msg.load_from_db().await;
-    assert!(message.get_showpadlock());
-
-    // Alice's second device receives a copy of the outgoing message.
-    alice2.recv_msg(&sent_msg).await;
+    sync(alice1, alice2).await;

    // Alice's second device applies the selfavatar.
    assert!(alice2.get_config(Config::Selfavatar).await?.is_some());
@@ -1320,9 +1296,6 @@ async fn test_self_is_verified() -> Result<()> {
    assert!(contact.get_verifier_id(&alice).await?.is_none());
    assert!(contact.is_key_contact());

-    let chat_id = ChatId::get_for_contact(&alice, ContactId::SELF).await?;
-    assert!(chat_id.is_protected(&alice).await.unwrap() == ProtectionStatus::Protected);
-
    Ok(())
 }

--- a/src/context.rs
+++ b/src/context.rs
@@ -4,34 +4,28 @@ use std::collections::{BTreeMap, HashMap};
 use std::ffi::OsString;
 use std::ops::Deref;
 use std::path::{Path, PathBuf};
-use std::sync::atomic::{AtomicBool, Ordering};
-use std::sync::{Arc, OnceLock};
+use std::sync::atomic::AtomicBool;
+use std::sync::{Arc, OnceLock, Weak};
 use std::time::Duration;

 use anyhow::{Context as _, Result, bail, ensure};
 use async_channel::{self as channel, Receiver, Sender};
-use pgp::types::PublicKeyTrait;
 use ratelimit::Ratelimit;
 use tokio::sync::{Mutex, Notify, RwLock};

-use crate::chat::{ChatId, ProtectionStatus, get_chat_cnt};
-use crate::chatlist_events;
+use crate::chat::{ChatId, get_chat_cnt};
 use crate::config::Config;
-use crate::constants::{
-    self, DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT, DC_CHAT_ID_TRASH, DC_VERSION_STR,
-};
-use crate::contact::{Contact, ContactId, import_vcard, mark_contact_id_as_verified};
+use crate::constants::{self, DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT, DC_VERSION_STR};
+use crate::contact::{Contact, ContactId};
 use crate::debug_logging::DebugLogging;
-use crate::download::DownloadState;
 use crate::events::{Event, EventEmitter, EventType, Events};
 use crate::imap::{FolderMeaning, Imap, ServerMetadata};
-use crate::key::{load_self_secret_key, self_fingerprint};
-use crate::log::{info, warn};
+use crate::key::self_fingerprint;
+use crate::log::warn;
 use crate::logged_debug_assert;
-use crate::login_param::{ConfiguredLoginParam, EnteredLoginParam};
-use crate::message::{self, Message, MessageState, MsgId};
+use crate::login_param::EnteredLoginParam;
+use crate::message::{self, MessageState, MsgId};
 use crate::net::tls::TlsSessionStore;
-use crate::param::{Param, Params};
 use crate::peer_channels::Iroh;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
@@ -39,7 +33,9 @@ use crate::scheduler::{ConnectivityStore, SchedulerState, convert_folder_meaning
 use crate::sql::Sql;
 use crate::stock_str::StockStrings;
 use crate::timesmearing::SmearedTimestamp;
-use crate::tools::{self, create_id, duration_to_str, time, time_elapsed};
+use crate::tools::{self, duration_to_str, time, time_elapsed};
+use crate::transport::ConfiguredLoginParam;
+use crate::{chatlist_events, stats};

 /// Builder for the [`Context`].
 ///
@@ -50,7 +46,7 @@ use crate::tools::{self, create_id, duration_to_str, time, time_elapsed};
 ///
 /// # Examples
 ///
-/// Creating a new unencrypted database:
+/// Creating a new database:
 ///
 /// ```
 /// # let rt = tokio::runtime::Runtime::new().unwrap();
@@ -65,24 +61,6 @@ use crate::tools::{self, create_id, duration_to_str, time, time_elapsed};
 /// drop(context);
 /// # });
 /// ```
-///
-/// To use an encrypted database provide a password.  If the database does not yet exist it
-/// will be created:
-///
-/// ```
-/// # let rt = tokio::runtime::Runtime::new().unwrap();
-/// # rt.block_on(async move {
-/// use deltachat::context::ContextBuilder;
-///
-/// let dir = tempfile::tempdir().unwrap();
-/// let context = ContextBuilder::new(dir.path().join("db"))
-///      .with_password("secret".into())
-///      .open()
-///      .await
-///      .unwrap();
-/// drop(context);
-/// # });
-/// ```
 #[derive(Clone, Debug)]
 pub struct ContextBuilder {
    dbfile: PathBuf,
@@ -142,7 +120,7 @@ impl ContextBuilder {
    ///
    /// This is useful in order to share the same translation strings in all [`Context`]s.
    /// The mapping may be empty when set, it will be populated by
-    /// [`Context::set_stock-translation`] or [`Accounts::set_stock_translation`] calls.
+    /// [`Context::set_stock_translation`] or [`Accounts::set_stock_translation`] calls.
    ///
    /// Note that the [account manager](crate::accounts::Accounts) is designed to handle the
    /// common case for using multiple [`Context`] instances.
@@ -154,9 +132,13 @@ impl ContextBuilder {
    }

    /// Sets the password to unlock the database.
+    /// Deprecated 2025-11:
+    /// - Db encryption does nothing with blobs, so fs/disk encryption is recommended.
+    /// - Isolation from other apps is needed anyway.
    ///
    /// If an encrypted database is used it must be opened with a password.  Setting a
    /// password on a new database will enable encryption.
+    #[deprecated(since = "TBD")]
    pub fn with_password(mut self, password: String) -> Self {
        self.password = Some(password);
        self
@@ -184,7 +166,7 @@ impl ContextBuilder {

    /// Builds the [`Context`] and opens it.
    ///
-    /// Returns error if context cannot be opened with the given passphrase.
+    /// Returns error if context cannot be opened.
    pub async fn open(self) -> Result<Context> {
        let password = self.password.clone().unwrap_or_default();
        let context = self.build().await?;
@@ -219,6 +201,25 @@ impl Deref for Context {
    }
 }

+/// A weak reference to a [`Context`]
+///
+/// Can be used to obtain a [`Context`]. An existing weak reference does not prevent the corresponding [`Context`] from being dropped.
+#[derive(Clone, Debug)]
+pub(crate) struct WeakContext {
+    inner: Weak<InnerContext>,
+}
+
+impl WeakContext {
+    /// Returns the [`Context`] if it is still available.
+    pub(crate) fn upgrade(&self) -> Result<Context> {
+        let inner = self
+            .inner
+            .upgrade()
+            .ok_or_else(|| anyhow::anyhow!("Inner struct has been dropped"))?;
+        Ok(Context { inner })
+    }
+}
+
 /// Actual context, expensive to clone.
 #[derive(Debug)]
 pub struct InnerContext {
@@ -247,9 +248,6 @@ pub struct InnerContext {
    /// Set to `None` if quota was never tried to load.
    pub(crate) quota: RwLock<Option<QuotaInfo>>,

-    /// IMAP UID resync request.
-    pub(crate) resync_request: AtomicBool,
-
    /// Notify about new messages.
    ///
    /// This causes [`Context::wait_next_msgs`] to wake up.
@@ -263,8 +261,6 @@ pub struct InnerContext {
    /// IMAP METADATA.
    pub(crate) metadata: RwLock<Option<ServerMetadata>>,

-    pub(crate) last_full_folder_scan: Mutex<Option<tools::Time>>,
-
    /// ID for this `Context` in the current process.
    ///
    /// This allows for multiple `Context`s open in a single process where each context can
@@ -312,10 +308,21 @@ pub struct InnerContext {
    /// `Connectivity` values for mailboxes, unordered. Used to compute the aggregate connectivity,
    /// see [`Context::get_connectivity()`].
    pub(crate) connectivities: parking_lot::Mutex<Vec<ConnectivityStore>>,
+
+    #[expect(clippy::type_complexity)]
+    /// Transforms the root of the cryptographic payload before encryption.
+    pub(crate) pre_encrypt_mime_hook: parking_lot::Mutex<
+        Option<
+            for<'a> fn(
+                &Context,
+                mail_builder::mime::MimePart<'a>,
+            ) -> mail_builder::mime::MimePart<'a>,
+        >,
+    >,
 }

 /// The state of ongoing process.
-#[derive(Debug)]
+#[derive(Debug, Default)]
 enum RunningState {
    /// Ongoing process is allocated.
    Running { cancel_sender: Sender<()> },
@@ -324,15 +331,10 @@ enum RunningState {
    ShallStop { request: tools::Time },

    /// There is no ongoing process, a new one can be allocated.
+    #[default]
    Stopped,
 }

-impl Default for RunningState {
-    fn default() -> Self {
-        Self::Stopped
-    }
-}
-
 /// Return some info about deltachat-core
 ///
 /// This contains information mostly about the library itself, the
@@ -402,10 +404,20 @@ impl Context {
        Ok(context)
    }

+    /// Returns a weak reference to this [`Context`].
+    pub(crate) fn get_weak_context(&self) -> WeakContext {
+        WeakContext {
+            inner: Arc::downgrade(&self.inner),
+        }
+    }
+
    /// Opens the database with the given passphrase.
+    /// NB: Db encryption is deprecated, so `passphrase` should be empty normally. See
+    /// [`ContextBuilder::with_password()`] for reasoning.
    ///
    /// Returns true if passphrase is correct, false is passphrase is not correct. Fails on other
    /// errors.
+    #[deprecated(since = "TBD")]
    pub async fn open(&self, passphrase: String) -> Result<bool> {
        if self.sql.check_passphrase(passphrase.clone()).await? {
            self.sql.open(self, passphrase).await?;
@@ -416,6 +428,7 @@ impl Context {
    }

    /// Changes encrypted database passphrase.
+    /// Deprecated 2025-11, see [`ContextBuilder::with_password()`] for reasoning.
    pub async fn change_passphrase(&self, passphrase: String) -> Result<()> {
        self.sql.change_passphrase(passphrase).await?;
        Ok(())
@@ -466,14 +479,12 @@ impl Context {
            translated_stockstrings: stockstrings,
            events,
            scheduler: SchedulerState::new(),
-            ratelimit: RwLock::new(Ratelimit::new(Duration::new(60, 0), 6.0)), // Allow at least 1 message every 10 seconds + a burst of 6.
+            ratelimit: RwLock::new(Ratelimit::new(Duration::new(3, 0), 3.0)), // Allow at least 1 message every second + a burst of 3.
            quota: RwLock::new(None),
-            resync_request: AtomicBool::new(false),
            new_msgs_notify,
            server_id: RwLock::new(None),
            metadata: RwLock::new(None),
            creation_time: tools::Time::now(),
-            last_full_folder_scan: Mutex::new(None),
            last_error: parking_lot::RwLock::new("".to_string()),
            migration_error: parking_lot::RwLock::new(None),
            debug_logging: std::sync::RwLock::new(None),
@@ -483,6 +494,7 @@ impl Context {
            iroh: Arc::new(RwLock::new(None)),
            self_fingerprint: OnceLock::new(),
            connectivities: parking_lot::Mutex::new(Vec::new()),
+            pre_encrypt_mime_hook: None.into(),
        };

        let ctx = Context {
@@ -499,12 +511,6 @@ impl Context {
            return;
        }

-        if self.is_chatmail().await.unwrap_or_default() {
-            let mut lock = self.ratelimit.write().await;
-            // Allow at least 1 message every second + a burst of 3.
-            *lock = Ratelimit::new(Duration::new(3, 0), 3.0);
-        }
-
        // The next line is mainly for iOS:
        // iOS starts a separate process for receiving notifications and if the user concurrently
        // starts the app, the UI process opens the database but waits with calling start_io()
@@ -561,7 +567,7 @@ impl Context {
            .and_then(|provider| provider.opt.max_smtp_rcpt_to)
            .map_or_else(
                || match is_chatmail {
-                    true => usize::MAX,
+                    true => constants::DEFAULT_CHATMAIL_MAX_SMTP_RCPT_TO,
                    false => constants::DEFAULT_MAX_SMTP_RCPT_TO,
                },
                usize::from,
@@ -612,10 +618,9 @@ impl Context {
            if self
                .quota_needs_update(DC_BACKGROUND_FETCH_QUOTA_CHECK_RATELIMIT)
                .await
+                && let Err(err) = self.update_recent_quota(&mut session).await
            {
-                if let Err(err) = self.update_recent_quota(&mut session).await {
-                    warn!(self, "Failed to update quota: {err:#}.");
-                }
+                warn!(self, "Failed to update quota: {err:#}.");
            }
        }

@@ -628,12 +633,6 @@ impl Context {
        Ok(())
    }

-    pub(crate) async fn schedule_resync(&self) -> Result<()> {
-        self.resync_request.store(true, Ordering::Relaxed);
-        self.scheduler.interrupt_inbox().await;
-        Ok(())
-    }
-
    /// Returns a reference to the underlying SQL instance.
    ///
    /// Warning: this is only here for testing, not part of the public API.
@@ -818,15 +817,15 @@ impl Context {
    /// Returns information about the context as key-value pairs.
    pub async fn get_info(&self) -> Result<BTreeMap<&'static str, String>> {
        let l = EnteredLoginParam::load(self).await?;
-        let l2 = ConfiguredLoginParam::load(self)
-            .await?
-            .map_or_else(|| "Not configured".to_string(), |param| param.to_string());
+        let l2 = ConfiguredLoginParam::load(self).await?.map_or_else(
+            || "Not configured".to_string(),
+            |(_transport_id, param)| param.to_string(),
+        );
        let secondary_addrs = self.get_secondary_self_addrs().await?.join(", ");
        let chats = get_chat_cnt(self).await?;
        let unblocked_msgs = message::get_unblocked_msg_cnt(self).await;
        let request_msgs = message::get_request_msg_cnt(self).await;
        let contacts = Contact::get_real_cnt(self).await?;
-        let is_configured = self.get_config_int(Config::Configured).await?;
        let proxy_enabled = self.get_config_int(Config::ProxyEnabled).await?;
        let dbversion = self
            .sql
@@ -854,7 +853,6 @@ impl Context {
            Err(err) => format!("<key failure: {err}>"),
        };

-        let sentbox_watch = self.get_config_int(Config::SentboxWatch).await?;
        let mvbox_move = self.get_config_int(Config::MvboxMove).await?;
        let only_fetch_mvbox = self.get_config_int(Config::OnlyFetchMvbox).await?;
        let folders_configured = self
@@ -867,10 +865,6 @@ impl Context {
            .get_config(Config::ConfiguredInboxFolder)
            .await?
            .unwrap_or_else(|| "<unset>".to_string());
-        let configured_sentbox_folder = self
-            .get_config(Config::ConfiguredSentboxFolder)
-            .await?
-            .unwrap_or_else(|| "<unset>".to_string());
        let configured_mvbox_folder = self
            .get_config(Config::ConfiguredMvboxFolder)
            .await?
@@ -905,7 +899,6 @@ impl Context {
                .await?
                .unwrap_or_else(|| "<unset>".to_string()),
        );
-        res.insert("is_configured", is_configured.to_string());
        res.insert("proxy_enabled", proxy_enabled.to_string());
        res.insert("entered_account_settings", l.to_string());
        res.insert("used_account_settings", l2);
@@ -959,7 +952,6 @@ impl Context {
                .await?
                .to_string(),
        );
-        res.insert("sentbox_watch", sentbox_watch.to_string());
        res.insert("mvbox_move", mvbox_move.to_string());
        res.insert("only_fetch_mvbox", only_fetch_mvbox.to_string());
        res.insert(
@@ -967,7 +959,6 @@ impl Context {
            folders_configured.to_string(),
        );
        res.insert("configured_inbox_folder", configured_inbox_folder);
-        res.insert("configured_sentbox_folder", configured_sentbox_folder);
        res.insert("configured_mvbox_folder", configured_mvbox_folder);
        res.insert("configured_trash_folder", configured_trash_folder);
        res.insert("mdns_enabled", mdns_enabled.to_string());
@@ -1035,12 +1026,6 @@ impl Context {
                .await?
                .to_string(),
        );
-        res.insert(
-            "protect_autocrypt",
-            self.get_config_int(Config::ProtectAutocrypt)
-                .await?
-                .to_string(),
-        );
        res.insert(
            "debug_logging",
            self.get_config_int(Config::DebugLogging).await?.to_string(),
@@ -1072,6 +1057,29 @@ impl Context {
                .await?
                .unwrap_or_default(),
        );
+        res.insert(
+            "stats_id",
+            self.get_config(Config::StatsId)
+                .await?
+                .unwrap_or_else(|| "<unset>".to_string()),
+        );
+        res.insert(
+            "stats_sending",
+            stats::should_send_stats(self).await?.to_string(),
+        );
+        res.insert(
+            "stats_last_sent",
+            self.get_config_i64(Config::StatsLastSent)
+                .await?
+                .to_string(),
+        );
+        res.insert(
+            "test_hooks",
+            self.sql
+                .get_raw_config("test_hooks")
+                .await?
+                .unwrap_or_default(),
+        );
        res.insert(
            "fail_on_receiving_full_msg",
            self.sql
@@ -1079,6 +1087,13 @@ impl Context {
                .await?
                .unwrap_or_default(),
        );
+        res.insert(
+            "std_header_protection_composing",
+            self.sql
+                .get_raw_config("std_header_protection_composing")
+                .await?
+                .unwrap_or_default(),
+        );

        let elapsed = time_elapsed(&self.creation_time);
        res.insert("uptime", duration_to_str(elapsed));
@@ -1086,147 +1101,6 @@ impl Context {
        Ok(res)
    }

-    async fn get_self_report(&self) -> Result<String> {
-        #[derive(Default)]
-        struct ChatNumbers {
-            protected: u32,
-            opportunistic_dc: u32,
-            opportunistic_mua: u32,
-            unencrypted_dc: u32,
-            unencrypted_mua: u32,
-        }
-
-        let mut res = String::new();
-        res += &format!("core_version {}\n", get_version_str());
-
-        let num_msgs: u32 = self
-            .sql
-            .query_get_value(
-                "SELECT COUNT(*) FROM msgs WHERE hidden=0 AND chat_id!=?",
-                (DC_CHAT_ID_TRASH,),
-            )
-            .await?
-            .unwrap_or_default();
-        res += &format!("num_msgs {num_msgs}\n");
-
-        let num_chats: u32 = self
-            .sql
-            .query_get_value("SELECT COUNT(*) FROM chats WHERE id>9 AND blocked!=1", ())
-            .await?
-            .unwrap_or_default();
-        res += &format!("num_chats {num_chats}\n");
-
-        let db_size = tokio::fs::metadata(&self.sql.dbfile).await?.len();
-        res += &format!("db_size_bytes {db_size}\n");
-
-        let secret_key = &load_self_secret_key(self).await?.primary_key;
-        let key_created = secret_key.public_key().created_at().timestamp();
-        res += &format!("key_created {key_created}\n");
-
-        // how many of the chats active in the last months are:
-        // - protected
-        // - opportunistic-encrypted and the contact uses Delta Chat
-        // - opportunistic-encrypted and the contact uses a classical MUA
-        // - unencrypted and the contact uses Delta Chat
-        // - unencrypted and the contact uses a classical MUA
-        let three_months_ago = time().saturating_sub(3600 * 24 * 30 * 3);
-        let chats = self
-            .sql
-            .query_map(
-                "SELECT c.protected, m.param, m.msgrmsg
-                    FROM chats c
-                    JOIN msgs m
-                        ON c.id=m.chat_id
-                        AND m.id=(
-                                SELECT id
-                                FROM msgs
-                                WHERE chat_id=c.id
-                                AND hidden=0
-                                AND download_state=?
-                                AND to_id!=?
-                                ORDER BY timestamp DESC, id DESC LIMIT 1)
-                    WHERE c.id>9
-                    AND (c.blocked=0 OR c.blocked=2)
-                    AND IFNULL(m.timestamp,c.created_timestamp) > ?
-                    GROUP BY c.id",
-                (DownloadState::Done, ContactId::INFO, three_months_ago),
-                |row| {
-                    let protected: ProtectionStatus = row.get(0)?;
-                    let message_param: Params =
-                        row.get::<_, String>(1)?.parse().unwrap_or_default();
-                    let is_dc_message: bool = row.get(2)?;
-                    Ok((protected, message_param, is_dc_message))
-                },
-                |rows| {
-                    let mut chats = ChatNumbers::default();
-                    for row in rows {
-                        let (protected, message_param, is_dc_message) = row?;
-                        let encrypted = message_param
-                            .get_bool(Param::GuaranteeE2ee)
-                            .unwrap_or(false);
-
-                        if protected == ProtectionStatus::Protected {
-                            chats.protected += 1;
-                        } else if encrypted {
-                            if is_dc_message {
-                                chats.opportunistic_dc += 1;
-                            } else {
-                                chats.opportunistic_mua += 1;
-                            }
-                        } else if is_dc_message {
-                            chats.unencrypted_dc += 1;
-                        } else {
-                            chats.unencrypted_mua += 1;
-                        }
-                    }
-                    Ok(chats)
-                },
-            )
-            .await?;
-        res += &format!("chats_protected {}\n", chats.protected);
-        res += &format!("chats_opportunistic_dc {}\n", chats.opportunistic_dc);
-        res += &format!("chats_opportunistic_mua {}\n", chats.opportunistic_mua);
-        res += &format!("chats_unencrypted_dc {}\n", chats.unencrypted_dc);
-        res += &format!("chats_unencrypted_mua {}\n", chats.unencrypted_mua);
-
-        let self_reporting_id = match self.get_config(Config::SelfReportingId).await? {
-            Some(id) => id,
-            None => {
-                let id = create_id();
-                self.set_config(Config::SelfReportingId, Some(&id)).await?;
-                id
-            }
-        };
-        res += &format!("self_reporting_id {self_reporting_id}");
-
-        Ok(res)
-    }
-
-    /// Drafts a message with statistics about the usage of Delta Chat.
-    /// The user can inspect the message if they want, and then hit "Send".
-    ///
-    /// On the other end, a bot will receive the message and make it available
-    /// to Delta Chat's developers.
-    pub async fn draft_self_report(&self) -> Result<ChatId> {
-        const SELF_REPORTING_BOT_VCARD: &str = include_str!("../assets/self-reporting-bot.vcf");
-        let contact_id: ContactId = *import_vcard(self, SELF_REPORTING_BOT_VCARD)
-            .await?
-            .first()
-            .context("Self reporting bot vCard does not contain a contact")?;
-        mark_contact_id_as_verified(self, contact_id, Some(ContactId::SELF)).await?;
-
-        let chat_id = ChatId::create_for_contact(self, contact_id).await?;
-        chat_id
-            .set_protection(self, ProtectionStatus::Protected, time(), Some(contact_id))
-            .await?;
-
-        let mut msg = Message::new_text(self.get_self_report().await?);
-
-        chat_id.set_draft(self, Some(&mut msg)).await?;
-
-        Ok(chat_id)
-    }
-
    /// Get a list of fresh, unmuted messages in unblocked chats.
    ///
    /// The list starts with the most recent message
@@ -1236,7 +1110,7 @@ impl Context {
    pub async fn get_fresh_msgs(&self) -> Result<Vec<MsgId>> {
        let list = self
            .sql
-            .query_map(
+            .query_map_vec(
                concat!(
                    "SELECT m.id",
                    " FROM msgs m",
@@ -1253,13 +1127,9 @@ impl Context {
                    " ORDER BY m.timestamp DESC,m.id DESC;"
                ),
                (MessageState::InFresh, time()),
-                |row| row.get::<_, MsgId>(0),
-                |rows| {
-                    let mut list = Vec::new();
-                    for row in rows {
-                        list.push(row?);
-                    }
-                    Ok(list)
+                |row| {
+                    let msg_id: MsgId = row.get(0)?;
+                    Ok(msg_id)
                },
            )
            .await?;
@@ -1293,7 +1163,7 @@ impl Context {

        let list = self
            .sql
-            .query_map(
+            .query_map_vec(
                "SELECT m.id
                     FROM msgs m
                     LEFT JOIN contacts ct
@@ -1313,13 +1183,6 @@ impl Context {
                    let msg_id: MsgId = row.get(0)?;
                    Ok(msg_id)
                },
-                |rows| {
-                    let mut list = Vec::new();
-                    for row in rows {
-                        list.push(row?);
-                    }
-                    Ok(list)
-                },
            )
            .await?;
        Ok(list)
@@ -1360,7 +1223,7 @@ impl Context {

        let list = if let Some(chat_id) = chat_id {
            self.sql
-                .query_map(
+                .query_map_vec(
                    "SELECT m.id AS id
                 FROM msgs m
                 LEFT JOIN contacts ct
@@ -1371,13 +1234,9 @@ impl Context {
                   AND IFNULL(txt_normalized, txt) LIKE ?
                 ORDER BY m.timestamp,m.id;",
                    (chat_id, str_like_in_text),
-                    |row| row.get::<_, MsgId>("id"),
-                    |rows| {
-                        let mut ret = Vec::new();
-                        for id in rows {
-                            ret.push(id?);
-                        }
-                        Ok(ret)
+                    |row| {
+                        let msg_id: MsgId = row.get("id")?;
+                        Ok(msg_id)
                    },
                )
                .await?
@@ -1393,7 +1252,7 @@ impl Context {
            // According to some tests, this limit speeds up eg. 2 character searches by factor 10.
            // The limit is documented and UI may add a hint when getting 1000 results.
            self.sql
-                .query_map(
+                .query_map_vec(
                    "SELECT m.id AS id
                 FROM msgs m
                 LEFT JOIN contacts ct
@@ -1407,13 +1266,9 @@ impl Context {
                   AND IFNULL(txt_normalized, txt) LIKE ?
                 ORDER BY m.id DESC LIMIT 1000",
                    (str_like_in_text,),
-                    |row| row.get::<_, MsgId>("id"),
-                    |rows| {
-                        let mut ret = Vec::new();
-                        for id in rows {
-                            ret.push(id?);
-                        }
-                        Ok(ret)
+                    |row| {
+                        let msg_id: MsgId = row.get("id")?;
+                        Ok(msg_id)
                    },
                )
                .await?
@@ -1428,12 +1283,6 @@ impl Context {
        Ok(inbox.as_deref() == Some(folder_name))
    }

-    /// Returns true if given folder name is the name of the "sent" folder.
-    pub async fn is_sentbox(&self, folder_name: &str) -> Result<bool> {
-        let sentbox = self.get_config(Config::ConfiguredSentboxFolder).await?;
-        Ok(sentbox.as_deref() == Some(folder_name))
-    }
-
    /// Returns true if given folder name is the name of the "DeltaChat" folder.
    pub async fn is_mvbox(&self, folder_name: &str) -> Result<bool> {
        let mvbox = self.get_config(Config::ConfiguredMvboxFolder).await?;
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 -10-16
 -12-04