feat: Don't mark MDNs as IMAP-seen

Marking MDNs as seen is useless, they shouldn't be displayed by any MUA.
fix: Avoid auto-marking DSNs as seen; the user may want to see them in another MUA
2026-04-07 08:02:11 +03:00 · 2025-09-16 03:55:31 -03:00 · 2025-09-16 03:54:08 -03:00 · 2025-09-16 03:51:07 -03:00 · 2025-09-16 03:49:11 -03:00 · 2025-09-15 15:28:41 +00:00
118 changed files with 4380 additions and 1522 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ permissions: {}

 env:
  RUSTFLAGS: -Dwarnings
-  RUST_VERSION: 1.88.0
+  RUST_VERSION: 1.89.0

  # Minimum Supported Rust Version
  MSRV: 1.85.0
@@ -30,7 +30,7 @@ jobs:
    name: Lint Rust
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -53,7 +53,7 @@ jobs:
    name: cargo deny
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -67,7 +67,7 @@ jobs:
    name: Check provider database
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -80,7 +80,7 @@ jobs:
    env:
      RUSTDOCFLAGS: -Dwarnings
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -115,7 +115,7 @@ jobs:
        shell: bash
        if: matrix.rust == 'latest'

-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -154,7 +154,7 @@ jobs:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -179,7 +179,7 @@ jobs:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -201,7 +201,7 @@ jobs:
    name: Python lint
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -244,19 +244,19 @@ jobs:

    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

      - name: Download libdeltachat.a
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: ${{ matrix.os }}-libdeltachat.a
          path: target/debug

      - name: Install python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python }}

@@ -297,13 +297,13 @@ jobs:

    runs-on: ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

      - name: Install python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python }}

@@ -311,7 +311,7 @@ jobs:
        run: pip install tox

      - name: Download deltachat-rpc-server
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: ${{ matrix.os }}-deltachat-rpc-server
          path: target/debug
--- a/.github/workflows/deltachat-rpc-server.yml
+++ b/.github/workflows/deltachat-rpc-server.yml
@@ -30,7 +30,7 @@ jobs:
        arch: [aarch64, armv7l, armv6l, i686, x86_64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -54,7 +54,7 @@ jobs:
        arch: [win32, win64]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -79,7 +79,7 @@ jobs:

    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -105,7 +105,7 @@ jobs:
        arch: [arm64-v8a, armeabi-v7a]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -132,74 +132,74 @@ jobs:
      contents: write
    runs-on: "ubuntu-latest"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
      - uses: DeterminateSystems/nix-installer-action@main

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

      - name: Download Win32 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

      - name: Download Win64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d
@@ -224,7 +224,7 @@ jobs:

      # Python 3.11 is needed for tomllib used in scripts/wheel-rpc-server.py
      - name: Install python 3.12
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
        with:
          python-version: 3.12

@@ -285,76 +285,76 @@ jobs:
      # Needed to publish the binaries to the release.
      contents: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
        with:
          python-version: "3.11"

      - name: Download Linux aarch64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-aarch64-linux
          path: deltachat-rpc-server-aarch64-linux.d

      - name: Download Linux armv7l binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armv7l-linux
          path: deltachat-rpc-server-armv7l-linux.d

      - name: Download Linux armv6l binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armv6l-linux
          path: deltachat-rpc-server-armv6l-linux.d

      - name: Download Linux i686 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-i686-linux
          path: deltachat-rpc-server-i686-linux.d

      - name: Download Linux x86_64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-x86_64-linux
          path: deltachat-rpc-server-x86_64-linux.d

      - name: Download Win32 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-win32
          path: deltachat-rpc-server-win32.d

      - name: Download Win64 binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-win64
          path: deltachat-rpc-server-win64.d

      - name: Download macOS binary for x86_64
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-x86_64-macos
          path: deltachat-rpc-server-x86_64-macos.d

      - name: Download macOS binary for aarch64
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-aarch64-macos
          path: deltachat-rpc-server-aarch64-macos.d

      - name: Download Android binary for arm64-v8a
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-arm64-v8a-android
          path: deltachat-rpc-server-arm64-v8a-android.d

      - name: Download Android binary for armeabi-v7a
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: deltachat-rpc-server-armeabi-v7a-android
          path: deltachat-rpc-server-armeabi-v7a-android.d
@@ -401,7 +401,7 @@ jobs:
            deltachat-rpc-server/npm-package/*.tgz

      # Configure Node.js for publishing.
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
        with:
          node-version: 20
          registry-url: "https://registry.npmjs.org"
--- a/.github/workflows/jsonrpc-client-npm-package.yml
+++ b/.github/workflows/jsonrpc-client-npm-package.yml
@@ -14,12 +14,12 @@ jobs:
      id-token: write
      contents: read
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false

-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
        with:
          node-version: 20
          registry-url: "https://registry.npmjs.org"
--- a/.github/workflows/jsonrpc.yml
+++ b/.github/workflows/jsonrpc.yml
@@ -16,12 +16,12 @@ jobs:
  build_and_test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
      - name: Use Node.js 18.x
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
        with:
          node-version: 18.x
      - name: Add Rust cache
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -19,7 +19,7 @@ jobs:
    name: check flake formatting
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -81,7 +81,7 @@ jobs:
          #- deltachat-rpc-server-x86_64-android
          #- deltachat-rpc-server-x86-android
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -101,7 +101,7 @@ jobs:
          # - deltachat-rpc-server-aarch64-darwin
          # - deltachat-rpc-server-x86_64-darwin
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/publish-deltachat-rpc-client-pypi.yml
+++ b/.github/workflows/publish-deltachat-rpc-client-pypi.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -42,7 +42,7 @@ jobs:

    steps:
      - name: Download all the dists
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
        with:
          name: python-package-distributions
          path: dist/
--- a/.github/workflows/repl.yml
+++ b/.github/workflows/repl.yml
@@ -14,7 +14,7 @@ jobs:
    name: Build REPL example
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/upload-docs.yml
+++ b/.github/workflows/upload-docs.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -31,7 +31,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -50,7 +50,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
@@ -72,13 +72,13 @@ jobs:
        working-directory: ./deltachat-jsonrpc/typescript

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
          fetch-depth: 0 # Fetch history to calculate VCS version number.
      - name: Use Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
        with:
          node-version: '18'
      - name: npm install
--- a/.github/workflows/upload-ffi-docs.yml
+++ b/.github/workflows/upload-ffi-docs.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          show-progress: false
          persist-credentials: false
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -14,7 +14,7 @@ jobs:
      security-events: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          persist-credentials: false

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,257 @@
 # Changelog

+## [2.15.0] - 2025-09-15
+
+### API-Changes
+
+- Add JSON-RPC API for calls ([#7194](https://github.com/chatmail/core/pull/7194)).
+
+### Build system
+
+- Remove unused `quoted_printable` dependency.
+
+## [2.14.0] - 2025-09-12
+
+### API-Changes
+
+- Put the chattype into the SecurejoinInviterProgress event ([#7181](https://github.com/chatmail/core/pull/7181)).
+
+### Fixes
+
+- param: Split params only on \n.
+- B-encode SDP offer and answer sent in headers.
+
+### Refactor
+
+- Use recv_msg_trash() instead of recv_msg_opt().
+- Prepare_msg_raw(): don't return MsgId.
+
+### Tests
+
+- Message is OutFailed if all keys are missing ([#6849](https://github.com/chatmail/core/pull/6849)).
+- Test sending SDP offer and answer with newlines.
+
+## [2.13.0] - 2025-09-09
+
+### API-Changes
+
+- [**breaking**] Remove `is_profile_verified` APIs.
+- [**breaking**] Remove deprecated `is_protection_broken`.
+- [**breaking**] Remove `e2ee_enabled` preference.
+
+### Features / Changes
+
+- Add call ringing API ([#6650](https://github.com/chatmail/core/pull/6650), [#7174](https://github.com/chatmail/core/pull/7174), [#7175](https://github.com/chatmail/core/pull/7175), [#7179](https://github.com/chatmail/core/pull/7179))
+- Warn for outdated versions after 6 months instead of 1 year ([#7144](https://github.com/chatmail/core/pull/7144)).
+- Do not set "unknown sender for this chat" error.
+- Do not replace messages with an error on verification failure.
+- Support receiving Autocrypt-Gossip with `_verified` attribute.
+- Withdraw all QR codes when one is withdrawn.
+
+### Fixes
+
+- Don't reverify contacts by SELF on receipt of a message from another device.
+- Don't verify contacts by others having an unknown verifier.
+- Update verifier_id if it's "unknown" and new verifier has known verifier.
+- Mark message as failed if it can't be sent ([#7143](https://github.com/chatmail/core/pull/7143)).
+- Add "Messages are end-to-end encrypted." to non-protected groups.
+
+### Documentation
+
+- Fix for SecurejoinInviterProgress with progress == 600.
+- STYLE.md: Prefer BTreeMap and BTreeSet over hash variants.
+
+### Miscellaneous Tasks
+
+- Update provider database.
+- Update dependencies.
+
+### Refactor
+
+- Check that verifier is verified in turn.
+- Remove unused `EncryptPreference::Reset`.
+- Remove `Aheader::new`.
+
+### Tests
+
+- Add another TimeShiftFalsePositiveNote ([#7142](https://github.com/chatmail/core/pull/7142)).
+- Add TestContext.create_chat_id.
+
+## [2.12.0] - 2025-08-26
+
+### API-Changes
+
+- api!(python): remove remaining broken API for reactions
+
+### Features / Changes
+
+- Use Group ID for chat color generation instead of the name for encrypted groups.
+- Use key fingerprints instead of addresses for key-contacts color generation.
+- Replace HSLuv colors with OKLCh.
+- `wal_checkpoint()`: Do `wal_checkpoint(PASSIVE)` and `wal_checkpoint(FULL)` before `wal_checkpoint(TRUNCATE)`.
+- Assign messages to key-contacts based on Issuer Fingerprint.
+- Create_group_ex(): Log and replace invalid chat name with "…".
+
+### Fixes
+
+- Do not create a group if the sender includes self in the `To` field.
+- Do not reverify already verified contacts via gossip.
+- `get_connectivity()`: Get rid of locking SchedulerState::inner ([#7124](https://github.com/chatmail/core/pull/7124)).
+- Make reaction message hidden only if there are no other parts.
+
+### Refactor
+
+- Do not return `Result` from `valid_signature_fingerprints()`.
+- Make `ConnectivityStore` use a non-async lock ([#7129](https://github.com/chatmail/core/pull/7129)).
+
+### Documentation
+
+- Remove broken link from documentation comments.
+- Remove the comment about Color Vision Deficiency correction.
+
+## [2.11.0] - 2025-08-13
+
+### Features / Changes
+
+- Contact::lookup_id_by_addr_ex: Prefer returning key-contact.
+- Contact::lookup_id_by_addr_ex: Prefer returning accepted contacts.
+- Better string when using disappearing messages of one year (365..367 days, so it can be tweaked later).
+- Do not require resent messages to be from the same chat.
+- `lookup_key_contact_by_address()`: Allow looking up ContactId::SELF without chat id.
+- `get_securejoin_qr()`: Log error if group doesn't have grpid.
+- `receive_imf::add_parts()`: Get rid of extra `Chat::load_from_db()` calls.
+
+### Fixes
+
+- Ignore case when trying to detect 'invalid unencrypted mail' and add an info-message.
+- Run wal_checkpoint during housekeeping ([#6089](https://github.com/chatmail/core/pull/6089)).
+- Allow receiving empty files.
+- Set correct sent_timestamp for saved outgoing messages.
+- Do not remove query parameters from URLs.
+- Log and set imex progress error ([#7091](https://github.com/chatmail/core/pull/7091)).
+- Do not add key-contacts to unencrypted groups.
+- Do not reset `GuaranteeE2ee` in the database when resending messages.
+- Assign messages to a group if there is a `Chat-Group-Name`.
+- Take `Chat-Group-Name` into account when matching ad hoc groups.
+- Don't break long group names with non-ASCII characters.
+- Add messages that can't be verified as `DownloadState::Available` ([#7059](https://github.com/chatmail/core/pull/7059)).
+
+### Tests
+
+- Log the number of the test account if there are multiple alices ([#7087](https://github.com/chatmail/core/pull/7087)).
+
+### CI
+
+- Update Rust to 1.89.0.
+
+### Refactor
+
+- Rename icon-address-contact to icon-unencrypted.
+- Skip loading the contact of 1:1 unencrypted chat to show the avatar.
+- Chat::is_encrypted(): Make one query instead of two for 1:1 chats.
+
+### Miscellaneous Tasks
+
+- cargo: Bump toml from 0.8.23 to 0.9.4.
+- cargo: Bump human-panic from 2.0.2 to 2.0.3.
+- deny.toml: Add exception for duplicate toml_datetime 0.6.11 dependency.
+- deps: Bump actions/checkout from 4 to 5.
+- deps: Bump actions/download-artifact from 4 to 5.
+
+## [2.10.0] - 2025-08-04
+
+### Features / Changes
+
+- Also lookup key contacts in lookup_id_by_addr() ([#7073](https://github.com/chatmail/core/pull/7073)).
+
+### Miscellaneous Tasks
+
+- cargo: Bump serde_json from 1.0.140 to 1.0.142.
+- cargo: Bump bolero from 0.13.3 to 0.13.4.
+- cargo: Bump async-channel from 2.3.1 to 2.5.0.
+- cargo: Bump hyper-util from 0.1.14 to 0.1.16.
+- cargo: Bump criterion from 0.6.0 to 0.7.0.
+- cargo: Bump strum from 0.27.1 to 0.27.2.
+- cargo: Bump strum_macros from 0.27.1 to 0.27.2.
+- Upgrade async-imap to 0.11.1.
+
+## [2.9.0] - 2025-07-31
+
+### Features / Changes
+
+- repl: Add import-vcard and make-vcard commands ([#7048](https://github.com/chatmail/core/pull/7048)).
+
+### Fixes
+
+- Display correct timer value for ephemeral timer changes.
+- Get_chat_msgs_ex(): Report local midnight in ChatItem::DayMarker.
+
+### Refactor
+
+- Rename add_or_lookup_key_contacts_by_address_list() to add_or_lookup_key_contacts().
+- Don't call add_or_lookup_key_contacts() in advance.
+
+## [2.8.0] - 2025-07-28
+
+### Features / Changes
+
+- Remove ProtectionBroken, make such  chats Unprotected ([#7041](https://github.com/chatmail/core/pull/7041)).
+
+### Fixes
+
+- Lookup self by address if there is no fingerprint or gossip.
+
+## [2.7.0] - 2025-07-26
+
+### Features / Changes
+
+- Mimefactory: Order message recipients by time of addition ([#6872](https://github.com/chatmail/core/pull/6872)).
+- Put the debug/release build version into the info ([#7034](https://github.com/chatmail/core/pull/7034)).
+
+### Fixes
+
+- Realtime late join ([#6869](https://github.com/chatmail/core/pull/6869)).
+- Do not fail to upgrade if the verifier of a contact doesn't exist anymore ([#7044](https://github.com/chatmail/core/pull/7044)).
+
+### Tests
+
+- Add regression test for verification-gossiping crash ([#7033](https://github.com/chatmail/core/pull/7033)).
+
+## [2.6.0] - 2025-07-23
+
+### Fixes
+
+- Fix crash when receiving a verification-gossiping message which a contact also sends to itself ([#7032](https://github.com/chatmail/core/pull/7032)).
+
+## [2.5.0] - 2025-07-22
+
+### Fixes
+
+- Correctly migrate "verified by me".
+- Mark all email chats as unprotected in the migration ([#7026](https://github.com/chatmail/core/pull/7026)).
+- Do not ignore errors in add_flag_finalized_with_set.
+
+### Documentation
+
+- Deprecate protection-broken and related stuff ([#7018](https://github.com/chatmail/core/pull/7018)).
+- Clarify the meaning of is_verified() vs verifier_id() ([#7027](https://github.com/chatmail/core/pull/7027)).
+- STYLE.md: Prefer `try_next()` over `next()`.
+
+## [2.4.0] - 2025-07-21
+
+### Fixes
+
+- Do not ignore errors when draining FETCH responses. This avoids IMAP loop getting stuck in an infinite loop retrying reading from the connection.
+- Update `tokio-io-timeout` to 1.2.1. This release includes a fix to reset timeout after every error, so timeout error is returned at most once a minute if read is attempted after a timeout.
+
+### Miscellaneous Tasks
+
+- Update async-imap to 0.11.0.
+
+### Refactor
+
+- Use `try_next()` when processing FETCH responses.
+
 ## [2.3.0] - 2025-07-19

 ### Features / Changes
@@ -6495,3 +6747,15 @@ https://github.com/chatmail/core/pulls?q=is%3Apr+is%3Aclosed
 [2.1.0]: https://github.com/chatmail/core/compare/v2.0.0..v2.1.0
 [2.2.0]: https://github.com/chatmail/core/compare/v2.1.0..v2.2.0
 [2.3.0]: https://github.com/chatmail/core/compare/v2.2.0..v2.3.0
+[2.4.0]: https://github.com/chatmail/core/compare/v2.3.0..v2.4.0
+[2.5.0]: https://github.com/chatmail/core/compare/v2.4.0..v2.5.0
+[2.6.0]: https://github.com/chatmail/core/compare/v2.5.0..v2.6.0
+[2.7.0]: https://github.com/chatmail/core/compare/v2.6.0..v2.7.0
+[2.8.0]: https://github.com/chatmail/core/compare/v2.7.0..v2.8.0
+[2.9.0]: https://github.com/chatmail/core/compare/v2.8.0..v2.9.0
+[2.10.0]: https://github.com/chatmail/core/compare/v2.9.0..v2.10.0
+[2.11.0]: https://github.com/chatmail/core/compare/v2.10.0..v2.11.0
+[2.12.0]: https://github.com/chatmail/core/compare/v2.11.0..v2.12.0
+[2.13.0]: https://github.com/chatmail/core/compare/v2.12.0..v2.13.0
+[2.14.0]: https://github.com/chatmail/core/compare/v2.13.0..v2.14.0
+[2.15.0]: https://github.com/chatmail/core/compare/v2.14.0..v2.15.0
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "2.3.0"
+version = "2.15.0"
 edition = "2024"
 license = "MPL-2.0"
 rust-version = "1.85"
@@ -44,14 +44,16 @@ ratelimit = { path = "./deltachat-ratelimit" }
 anyhow = { workspace = true }
 async-broadcast = "0.7.2"
 async-channel = { workspace = true }
-async-imap = { version = "0.10.4", default-features = false, features = ["runtime-tokio", "compress"] }
+async-imap = { version = "0.11.1", default-features = false, features = ["runtime-tokio", "compress"] }
 async-native-tls = { version = "0.5", default-features = false, features = ["runtime-tokio"] }
 async-smtp = { version = "0.10.2", default-features = false, features = ["runtime-tokio"] }
 async_zip = { version = "0.0.17", default-features = false, features = ["deflate", "tokio-fs"] }
 base64 = { workspace = true }
+blake3 = "1.8.2"
 brotli = { version = "8", default-features=false, features = ["std"] }
 bytes = "1"
 chrono = { workspace = true, features = ["alloc", "clock", "std"] }
+colorutils-rs = { version = "0.7.5", default-features = false }
 data-encoding = "2.9.0"
 escaper = "0.1"
 fast-socks5 = "0.10"
@@ -63,13 +65,13 @@ hickory-resolver = "0.25.2"
 http-body-util = "0.1.3"
 humansize = "2"
 hyper = "1"
-hyper-util = "0.1.14"
+hyper-util = "0.1.16"
 image = { version = "0.25.6", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
 iroh-gossip = { version = "0.35", default-features = false, features = ["net"] }
 iroh = { version = "0.35", default-features = false }
 kamadak-exif = "0.6.1"
 libc = { workspace = true }
-mail-builder = { version = "0.4.3", default-features = false }
+mail-builder = { version = "0.4.4", default-features = false }
 mailparse = { workspace = true }
 mime = "0.3.17"
 num_cpus = "1.17"
@@ -81,11 +83,9 @@ pgp = { version = "0.16.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
 quick-xml = "0.37"
-quoted_printable = "0.5"
 rand = { workspace = true }
 regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
-rust-hsluv = "0.1"
 rustls-pki-types = "1.12.0"
 rustls = { version = "0.23.22", default-features = false }
 sanitize-filename = { workspace = true }
@@ -101,22 +101,21 @@ strum_macros = "0.27"
 tagger = "4.3.4"
 textwrap = "0.16.2"
 thiserror = { workspace = true }
-tokio-io-timeout = "1.2.0"
+tokio-io-timeout = "1.2.1"
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
 tokio-tar = { version = "0.3" } # TODO: integrate tokio into async-tar
 tokio-util = { workspace = true }
 tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
-toml = "0.8"
+toml = "0.9"
 tracing = "0.1.41"
 url = "2"
 uuid = { version = "1", features = ["serde", "v4"] }
 webpki-roots = "0.26.8"
-blake3 = "1.8.2"

 [dev-dependencies]
 anyhow = { workspace = true, features = ["backtrace"] } # Enable `backtrace` feature in tests.
-criterion = { version = "0.6.0", features = ["async_tokio"] }
+criterion = { version = "0.7.0", features = ["async_tokio"] }
 futures-lite = { workspace = true }
 log = { workspace = true }
 nu-ansi-term = { workspace = true }
@@ -175,18 +174,18 @@ harness = false

 [workspace.dependencies]
 anyhow = "1"
-async-channel = "2.3.1"
+async-channel = "2.5.0"
 base64 = "0.22"
 chrono = { version = "0.4.41", default-features = false }
 deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
 futures = "0.3.31"
-futures-lite = "2.6.0"
+futures-lite = "2.6.1"
 libc = "0.2"
 log = "0.4"
 mailparse = "0.16.1"
-nu-ansi-term = "0.46"
+nu-ansi-term = "0.50"
 num-traits = "0.2"
 rand = "0.8"
 regex = "1.10"
@@ -194,10 +193,10 @@ rusqlite = "0.36"
 sanitize-filename = "0.5"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.20.0"
+tempfile = "3.21.0"
 thiserror = "2"
 tokio = "1"
-tokio-util = "0.7.14"
+tokio-util = "0.7.16"
 tracing-subscriber = "0.3"
 yerpc = "0.6.4"

--- a/README.md
+++ b/README.md
@@ -80,18 +80,26 @@ Connect to your mail server (if already configured):
 > connect
 ```

-Create a contact:
+Export your public key to a vCard file:
+
+```
+> make-vcard my.vcard 1
+```
+
+Create contacts by address or vCard file:

 ```
 > addcontact yourfriends@email.org
+> import-vcard key-contact.vcard
 ```

 List contacts:

 ```
 > listcontacts
+Contact#Contact#11: key-contact@email.org <key-contact@email.org>
 Contact#Contact#Self: Me √ <your@email.org>
-1 key contacts.
+2 key contacts.
 Contact#Contact#10: yourfriends@email.org <yourfriends@email.org>
 1 address contacts.
 ```
--- a/STYLE.md
+++ b/STYLE.md
@@ -78,6 +78,27 @@ All errors should be handled in one of these ways:
 - With `.log_err().ok()`.
 - Bubbled up with `?`.

+When working with [async streams](https://docs.rs/futures/0.3.31/futures/stream/index.html),
+prefer [`try_next`](https://docs.rs/futures/0.3.31/futures/stream/trait.TryStreamExt.html#method.try_next) over `next()`, e.g. do
+```
+while let Some(event) = stream.try_next().await? {
+    todo!();
+}
+```
+instead of
+```
+while let Some(event_res) = stream.next().await {
+    todo!();
+}
+```
+as it allows bubbling up the error early with `?`
+with no way to accidentally skip error processing
+with early `continue` or `break`.
+Some streams reading from a connection
+return infinite number of `Some(Err(_))`
+items when connection breaks and not processing
+errors may result in infinite loop.
+
 `backtrace` feature is enabled for `anyhow` crate
 and `debug = 1` option is set in the test profile.
 This allows to run `RUST_BACKTRACE=1 cargo test`
@@ -91,6 +112,18 @@ Follow
 <https://doc.rust-lang.org/core/error/index.html#common-message-styles>
 for `.expect` message style.

+## BTreeMap vs HashMap
+
+Prefer [BTreeMap](https://doc.rust-lang.org/std/collections/struct.BTreeMap.html)
+over [HashMap](https://doc.rust-lang.org/std/collections/struct.HashMap.html)
+and [BTreeSet](https://doc.rust-lang.org/std/collections/struct.BTreeSet.html)
+over [HashSet](https://doc.rust-lang.org/std/collections/struct.HashSet.html)
+as iterating over these structures returns items in deterministic order.
+
+Non-deterministic code may result in difficult to reproduce bugs,
+flaky tests, regression tests that miss bugs
+or different behavior on different devices when processing the same messages.
+
 ## Logging

 For logging, use `info!`, `warn!` and `error!` macros.
--- a/assets/icon-address-contact.png
+++ b/assets/icon-address-contact.png
--- a/assets/icon-address-contact.svg
+++ b/assets/icon-address-contact.svg
--- a/deltachat-ffi/Cargo.toml
+++ b/deltachat-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.3.0"
+version = "2.15.0"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -415,7 +415,6 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 *                    As for `displayname` and `selfstatus`, also the avatar is sent to the recipients.
 *                    To save traffic, however, the avatar is attached only as needed
 *                    and also recoded to a reasonable size.
- * - `e2ee_enabled` = 0=no end-to-end-encryption, 1=prefer end-to-end-encryption (default)
 * - `mdns_enabled` = 0=do not send or request read receipts,
 *                    1=send and request read receipts
 *                    default=send and request read receipts, only send but not request if `bot` is set
@@ -503,13 +502,6 @@ char*           dc_get_blobdir               (const dc_context_t* context);
 * - `gossip_period` = How often to gossip Autocrypt keys in chats with multiple recipients, in
 *                    seconds. 2 days by default.
 *                    This is not supposed to be changed by UIs and only used for testing.
- * - `verified_one_on_one_chats` = Feature flag for verified 1:1 chats; the UI should set it
- *                    to 1 if it supports verified 1:1 chats.
- *                    Regardless of this setting, `dc_chat_is_protected()` returns true while the key is verified,
- *                    and when the key changes, an info message is posted into the chat.
- *                    0=Nothing else happens when the key changes.
- *                    1=After the key changed, `dc_chat_can_send()` returns false and `dc_chat_is_protection_broken()` returns true
- *                    until `dc_accept_chat()` is called.
 * - `is_chatmail` = 1 if the the server is a chatmail server, 0 otherwise.
 * - `is_muted`     = Whether a context is muted by the user.
 *                    Muted contexts should not sound, vibrate or show notifications.
@@ -1222,6 +1214,103 @@ void             dc_set_webxdc_integration (dc_context_t* context, const char* f
 uint32_t        dc_init_webxdc_integration    (dc_context_t* context, uint32_t chat_id);


+/**
+ * Start an outgoing call.
+ * This sends a message of type #DC_MSG_CALL with all relevant information to the callee,
+ * who will get informed by an #DC_EVENT_INCOMING_CALL event and rings.
+ *
+ * Possible actions during ringing:
+ *
+ * - caller cancels the call using dc_end_call():
+ *   callee receives #DC_EVENT_CALL_ENDED and has a "Missed Call"
+ *
+ * - callee accepts using dc_accept_incoming_call():
+ *   caller receives #DC_EVENT_OUTGOING_CALL_ACCEPTED.
+ *   callee's devices receive #DC_EVENT_INCOMING_CALL_ACCEPTED, call starts
+ *
+ * - callee declines using dc_end_call():
+ *   caller receives #DC_EVENT_CALL_ENDED and has a "Declinced Call".
+ *   callee's other devices receive #DC_EVENT_CALL_ENDED and have a "Cancelled Call",
+ *
+ * - callee is already in a call:
+ *   in this case, UI may decide to show a notification instead of ringing.
+ *   otherwise, this is same as timeout
+ *
+ * - timeout:
+ *   after 1 minute without action,
+ *   caller and callee receive #DC_EVENT_CALL_ENDED
+ *   to prevent endless ringing of callee
+ *   in case caller got offline without being able to send cancellation message.
+ *   for caller, this is a "Cancelled Call";
+ *   for callee, this is a "Missed Call"
+ *
+ * Actions during the call:
+ *
+ * - caller ends the call using dc_end_call():
+ *   callee receives #DC_EVENT_CALL_ENDED
+ *
+ * - callee ends the call using dc_end_call():
+ *   caller receives #DC_EVENT_CALL_ENDED
+ *
+ * Note, that the events are for updating the call screen,
+ * possible status messages are added and updated as usual, including the known events.
+ * In the UI, the sorted chatlist is used as an overview about calls as well as messages.
+ * To place a call with a contact that has no chat yet, use dc_create_chat_by_contact_id() first.
+ *
+ * UI will usually allow only one call at the same time,
+ * this has to be tracked by UI across profile, the core does not track this.
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @param chat_id The chat to place a call for.
+ *     This needs to be a one-to-one chat.
+ * @param place_call_info any data that other devices receive
+ *     in #DC_EVENT_INCOMING_CALL.
+ * @return ID of the system message announcing the call.
+ */
+uint32_t        dc_place_outgoing_call       (dc_context_t* context, uint32_t chat_id, const char* place_call_info);
+
+
+/**
+ * Accept incoming call.
+ *
+ * This implicitly accepts the contact request, if not yet done.
+ * All affected devices will receive
+ * either #DC_EVENT_OUTGOING_CALL_ACCEPTED or #DC_EVENT_INCOMING_CALL_ACCEPTED.
+ *
+ * If the call is already accepted or ended, nothing happens.
+ *
+ * @memberof dc_context_t
+ * @param context The context object.
+ * @param msg_id The ID of the call to accept.
+ *     This is the ID reported by #DC_EVENT_INCOMING_CALL
+ *     and equals to the ID of the corresponding info message.
+ * @param accept_call_info any data that other devices receive
+ *     in #DC_EVENT_OUTGOING_CALL_ACCEPTED.
+ * @return 1=success, 0=error
+ */
+ int            dc_accept_incoming_call      (dc_context_t* context, uint32_t msg_id, const char* accept_call_info);
+
+
+ /**
+  * End incoming or outgoing call.
+  *
+  * For unaccepted calls ended by the caller, this is a "cancellation".
+  * Unaccepted calls ended by the callee are a "decline".
+  * If the call was accepted, this is a "hangup".
+  *
+  * All participant devices get informed about the ended call via #DC_EVENT_CALL_ENDED.
+  *
+  * If the call is already ended, nothing happens.
+  *
+  * @memberof dc_context_t
+  * @param context The context object.
+  * @param msg_id the ID of the call.
+  * @return 1=success, 0=error
+  */
+ int            dc_end_call                  (dc_context_t* context, uint32_t msg_id);
+
+
 /**
 * Save a draft for a chat in the database.
 *
@@ -1339,12 +1428,14 @@ dc_msg_t*       dc_get_draft                 (dc_context_t* context, uint32_t ch
 * Optionally, some special markers added to the ID array may help to
 * implement virtual lists.
 *
+ * To get the concrete time of the message, use dc_array_get_timestamp().
+ *
 * @memberof dc_context_t
 * @param context The context object as returned from dc_context_new().
 * @param chat_id The chat ID of which the messages IDs should be queried.
 * @param flags If set to DC_GCM_ADDDAYMARKER, the marker DC_MSG_ID_DAYMARKER will
 *     be added before each day (regarding the local timezone). Set this to 0 if you do not want this behaviour.
- *     To get the concrete time of the marker, use dc_array_get_timestamp().
+ *     The day marker timestamp is the midnight one for the corresponding (following) day in the local timezone.
 *     If set to DC_GCM_INFO_ONLY, only system messages will be returned, can be combined with DC_GCM_ADDDAYMARKER.
 * @param marker1before Deprecated, set this to 0.
 * @return Array of message IDs, must be dc_array_unref()'d when no longer used.
@@ -2094,9 +2185,19 @@ int             dc_may_be_valid_addr         (const char* addr);


 /**
- * Check if an e-mail address belongs to a known and unblocked contact.
+ * Looks up a known and unblocked contact with a given e-mail address.
 * To get a list of all known and unblocked contacts, use dc_get_contacts().
 *
+ * **POTENTIAL SECURITY ISSUE**: If there are multiple contacts with this address
+ * (e.g. an address-contact and a key-contact),
+ * this looks up the most recently seen contact,
+ * i.e. which contact is returned depends on which contact last sent a message.
+ * If the user just clicked on a mailto: link, then this is the best thing you can do.
+ * But **DO NOT** internally represent contacts by their email address
+ * and do not use this function to look them up;
+ * otherwise this function will sometimes look up the wrong contact.
+ * Instead, you should internally represent contacts by their ids.
+ *
 * To validate an e-mail address independently of the contact database
 * use dc_may_be_valid_addr().
 *
@@ -2118,6 +2219,13 @@ uint32_t        dc_lookup_contact_id_by_addr (dc_context_t* context, const char*
 * To add a number of contacts, see dc_add_address_book() which is much faster for adding
 * a bunch of addresses.
 *
+ * This will always create or look up an address-contact,
+ * i.e. a contact identified by an email address,
+ * with all messages sent to and from this contact being unencrypted.
+ * If the user just clicked on an email address,
+ * you should first check `lookup_contact_id_by_addr`,
+ * and only if there is no contact yet, call this function here.
+ *
 * May result in a #DC_EVENT_CONTACTS_CHANGED event.
 *
 * @memberof dc_context_t
@@ -3818,21 +3926,12 @@ int             dc_chat_can_send              (const dc_chat_t* chat);
 /**
 * Check if a chat is protected.
 *
- * End-to-end encryption is guaranteed in protected chats
- * and only verified contacts
+ * Only verified contacts
 * as determined by dc_contact_is_verified()
 * can be added to protected chats.
 *
 * Protected chats are created using dc_create_group_chat()
 * by setting the 'protect' parameter to 1.
- * 1:1 chats become protected or unprotected automatically
- * if `verified_one_on_one_chats` setting is enabled.
- *
- * UI should display a green checkmark
- * in the chat title,
- * in the chatlist item
- * and in the chat profile
- * if chat protection is enabled.
 *
 * @memberof dc_chat_t
 * @param chat The chat object.
@@ -3856,26 +3955,6 @@ int             dc_chat_is_protected         (const dc_chat_t* chat);
 int             dc_chat_is_encrypted         (const dc_chat_t *chat);


-/**
- * Checks if the chat was protected, and then an incoming message broke this protection.
- *
- * This function is only useful if the UI enabled the `verified_one_on_one_chats` feature flag,
- * otherwise it will return false for all chats.
- *
- * 1:1 chats are automatically set as protected when a contact is verified.
- * When a message comes in that is not encrypted / signed correctly,
- * the chat is automatically set as unprotected again.
- * dc_chat_is_protection_broken() will return true until dc_accept_chat() is called.
- *
- * The UI should let the user confirm that this is OK with a message like
- * `Bob sent a message from another device. Tap to learn more` and then call dc_accept_chat().
- * @memberof dc_chat_t
- * @param chat The chat object.
- * @return 1=chat protection broken, 0=otherwise.
- */
-int             dc_chat_is_protection_broken (const dc_chat_t* chat);
-
-
 /**
 * Check if locations are sent to the chat
 * at the time the object was created using dc_get_chat().
@@ -5267,20 +5346,14 @@ int             dc_contact_is_blocked        (const dc_contact_t* contact);

 /**
 * Check if the contact
- * can be added to verified chats,
- * i.e. has a verified key
- * and Autocrypt key matches the verified key.
+ * can be added to protected chats.
 *
- * If contact is verified
- * UI should display green checkmark after the contact name
- * in contact list items,
- * in chat member list items
- * and in profiles if no chat with the contact exist (otherwise, use dc_chat_is_protected()).
+ * See dc_contact_get_verifier_id() for a guidance how to display these information.
 *
 * @memberof dc_contact_t
 * @param contact The contact object.
 * @return 0: contact is not verified.
- *    2: SELF and contact have verified their fingerprints in both directions; in the UI typically checkmarks are shown.
+ *    2: SELF and contact have verified their fingerprints in both directions.
 */
 int             dc_contact_is_verified       (dc_contact_t* contact);

@@ -5311,16 +5384,22 @@ int             dc_contact_is_key_contact    (dc_contact_t* contact);
 /**
 * Return the contact ID that verified a contact.
 *
- * If the function returns non-zero result,
- * display green checkmark in the profile and "Introduced by ..." line
- * with the name and address of the contact
- * formatted by dc_contact_get_name_n_addr.
+ * As verifier may be unknown,
+ * use dc_contact_is_verified() to check if a contact can be added to a protected chat.
 *
- * If this function returns a verifier,
- * this does not necessarily mean
- * you can add the contact to verified chats.
- * Use dc_contact_is_verified() to check
- * if a contact can be added to a verified chat instead.
+ * UI should display the information in the contact's profile as follows:
+ *
+ * - If dc_contact_get_verifier_id() != 0,
+ *   display text "Introduced by ..."
+ *   with the name and address of the contact
+ *   formatted by dc_contact_get_name_n_addr().
+ *   Prefix the text by a green checkmark.
+ *
+ * - If dc_contact_get_verifier_id() == 0 and dc_contact_is_verified() != 0,
+ *   display "Introduced" prefixed by a green checkmark.
+ *
+ * - if dc_contact_get_verifier_id() == 0 and dc_contact_is_verified() == 0,
+ *   display nothing
 *
 * @memberof dc_contact_t
 * @param contact The contact object.
@@ -5633,6 +5712,12 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
 #define DC_MSG_VIDEOCHAT_INVITATION 70


+/**
+ * Message indicating an incoming or outgoing call.
+ */
+#define DC_MSG_CALL 71
+
+
 /**
 * The message is a webxdc instance.
 *
@@ -6386,7 +6471,6 @@ void dc_event_unref(dc_event_t* event);

 /**
 * Chat changed. The name or the image of a chat group was changed or members were added or removed.
- * Or the verify state of a chat has changed.
 * See dc_set_chat_name(), dc_set_chat_profile_image(), dc_add_contact_to_chat()
 * and dc_remove_contact_from_chat().
 *
@@ -6478,7 +6562,7 @@ void dc_event_unref(dc_event_t* event);
 * @param data1 (int) The ID of the contact that wants to join.
 * @param data2 (int) The progress as:
 *     300=vg-/vc-request received, typically shown as "bob@addr joins".
- *     600=vg-/vc-request-with-auth received, vg-member-added/vc-contact-confirm sent, typically shown as "bob@addr verified".
+ *     600=vg-/vc-request-with-auth received and verified, typically shown as "bob@addr verified".
 *     800=contact added to chat, shown as "bob@addr securely joined GROUP". Only for the verified-group-protocol.
 *     1000=Protocol finished for this contact.
 */
@@ -6632,6 +6716,61 @@ void dc_event_unref(dc_event_t* event);
 */
 #define DC_EVENT_CHANNEL_OVERFLOW              2400

+
+
+/**
+ * Incoming call.
+ * UI will usually start ringing,
+ * or show a notification if there is already a call in some profile.
+ *
+ * Together with this event,
+ * a message of type #DC_MSG_CALL is added to the corresponding chat;
+ * this message is announced and updated by the usual even as #DC_EVENT_MSGS_CHANGED.
+ *
+ * If user takes action, dc_accept_incoming_call() or dc_end_call() should be called.
+ *
+ * Otherwise, ringing should end on #DC_EVENT_CALL_ENDED
+ * or #DC_EVENT_INCOMING_CALL_ACCEPTED
+ *
+ * @param data1 (int) msg_id ID of the message referring to the call.
+ * @param data2 (char*) place_call_info, text passed to dc_place_outgoing_call()
+ */
+#define DC_EVENT_INCOMING_CALL                            2550
+
+/**
+ * The callee accepted an incoming call on this or another device using dc_accept_incoming_call().
+ * The caller gets the event #DC_EVENT_OUTGOING_CALL_ACCEPTED at the same time.
+ *
+ * The event is sent unconditionally when the corresponding message is received.
+ * UI should only take action in case call UI was opened before, otherwise the event should be ignored.
+ *
+ * @param data1 (int) msg_id ID of the message referring to the call
+ */
+ #define DC_EVENT_INCOMING_CALL_ACCEPTED                  2560
+
+/**
+ * A call placed using dc_place_outgoing_call() was accepted by the callee using dc_accept_incoming_call().
+ *
+ * The event is sent unconditionally when the corresponding message is received.
+ * UI should only take action in case call UI was opened before, otherwise the event should be ignored.
+ *
+ * @param data1 (int) msg_id ID of the message referring to the call
+ * @param data2 (char*) accept_call_info, text passed to dc_accept_incoming_call()
+ */
+#define DC_EVENT_OUTGOING_CALL_ACCEPTED                   2570
+
+/**
+ * An incoming or outgoing call was ended using dc_end_call().
+ * Moreover, the event is sent when the call was not accepted within 1 minute timeout.
+ *
+ * The event is sent unconditionally when the corresponding message is received.
+ * UI should only take action in case call UI was opened before, otherwise the event should be ignored.
+ *
+ * @param data1 (int) msg_id ID of the message referring to the call
+ */
+#define DC_EVENT_CALL_ENDED                               2580
+
+
 /**
 * @}
 */
@@ -7052,6 +7191,8 @@ void dc_event_unref(dc_event_t* event);
 /// "Unknown sender for this chat. See 'info' for more details."
 ///
 /// Use as message text if assigning the message to a chat is not totally correct.
+///
+/// @deprecated 2025-08-18
 #define DC_STR_UNKNOWN_SENDER_FOR_CHAT    72

 /// "Message from %1$s"
@@ -7594,6 +7735,18 @@ void dc_event_unref(dc_event_t* event);
 /// `%2$s` will be replaced by name and address of the contact.
 #define DC_STR_EPHEMERAL_TIMER_WEEKS_BY_OTHER 157

+/// "You set message deletion timer to 1 year."
+///
+/// Used in status messages.
+#define DC_STR_EPHEMERAL_TIMER_1_YEAR_BY_YOU 158
+
+/// "Message deletion timer is set to 1 year by %1$s."
+///
+/// `%1$s` will be replaced by name and address of the contact.
+///
+/// Used in status messages.
+#define DC_STR_EPHEMERAL_TIMER_1_YEAR_BY_OTHER 159
+
 /// "Scan to set up second device for %1$s"
 ///
 /// `%1$s` will be replaced by name and address of the account.
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -375,7 +375,7 @@ pub unsafe extern "C" fn dc_get_connectivity(context: *const dc_context_t) -> li
        return 0;
    }
    let ctx = &*context;
-    block_on(ctx.get_connectivity()) as u32 as libc::c_int
+    ctx.get_connectivity() as u32 as libc::c_int
 }

 #[no_mangle]
@@ -556,6 +556,10 @@ pub unsafe extern "C" fn dc_event_get_id(event: *mut dc_event_t) -> libc::c_int
        EventType::AccountsChanged => 2302,
        EventType::AccountsItemChanged => 2303,
        EventType::EventChannelOverflow { .. } => 2400,
+        EventType::IncomingCall { .. } => 2550,
+        EventType::IncomingCallAccepted { .. } => 2560,
+        EventType::OutgoingCallAccepted { .. } => 2570,
+        EventType::CallEnded { .. } => 2580,
        #[allow(unreachable_patterns)]
        #[cfg(test)]
        _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
@@ -619,7 +623,11 @@ pub unsafe extern "C" fn dc_event_get_data1_int(event: *mut dc_event_t) -> libc:
        EventType::WebxdcRealtimeData { msg_id, .. }
        | EventType::WebxdcStatusUpdate { msg_id, .. }
        | EventType::WebxdcRealtimeAdvertisementReceived { msg_id }
-        | EventType::WebxdcInstanceDeleted { msg_id, .. } => msg_id.to_u32() as libc::c_int,
+        | EventType::WebxdcInstanceDeleted { msg_id, .. }
+        | EventType::IncomingCall { msg_id, .. }
+        | EventType::IncomingCallAccepted { msg_id, .. }
+        | EventType::OutgoingCallAccepted { msg_id, .. }
+        | EventType::CallEnded { msg_id, .. } => msg_id.to_u32() as libc::c_int,
        EventType::ChatlistItemChanged { chat_id } => {
            chat_id.unwrap_or_default().to_u32() as libc::c_int
        }
@@ -671,6 +679,10 @@ pub unsafe extern "C" fn dc_event_get_data2_int(event: *mut dc_event_t) -> libc:
        | EventType::ChatModified(_)
        | EventType::ChatDeleted { .. }
        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
+        | EventType::IncomingCall { .. }
+        | EventType::IncomingCallAccepted { .. }
+        | EventType::OutgoingCallAccepted { .. }
+        | EventType::CallEnded { .. }
        | EventType::EventChannelOverflow { .. } => 0,
        EventType::MsgsChanged { msg_id, .. }
        | EventType::ReactionsChanged { msg_id, .. }
@@ -767,8 +779,21 @@ pub unsafe extern "C" fn dc_event_get_data2_str(event: *mut dc_event_t) -> *mut
        | EventType::ChatlistChanged
        | EventType::AccountsChanged
        | EventType::AccountsItemChanged
-        | EventType::WebxdcRealtimeAdvertisementReceived { .. }
-        | EventType::EventChannelOverflow { .. } => ptr::null_mut(),
+        | EventType::IncomingCallAccepted { .. }
+        | EventType::WebxdcRealtimeAdvertisementReceived { .. } => ptr::null_mut(),
+        EventType::IncomingCall {
+            place_call_info, ..
+        } => {
+            let data2 = place_call_info.to_c_string().unwrap_or_default();
+            data2.into_raw()
+        }
+        EventType::OutgoingCallAccepted {
+            accept_call_info, ..
+        } => {
+            let data2 = accept_call_info.to_c_string().unwrap_or_default();
+            data2.into_raw()
+        }
+        EventType::CallEnded { .. } | EventType::EventChannelOverflow { .. } => ptr::null_mut(),
        EventType::ConfigureProgress { comment, .. } => {
            if let Some(comment) = comment {
                comment.to_c_string().unwrap_or_default().into_raw()
@@ -1167,6 +1192,61 @@ pub unsafe extern "C" fn dc_init_webxdc_integration(
        .unwrap_or(0)
 }

+#[no_mangle]
+pub unsafe extern "C" fn dc_place_outgoing_call(
+    context: *mut dc_context_t,
+    chat_id: u32,
+    place_call_info: *const libc::c_char,
+) -> u32 {
+    if context.is_null() || chat_id == 0 {
+        eprintln!("ignoring careless call to dc_place_outgoing_call()");
+        return 0;
+    }
+    let ctx = &*context;
+    let chat_id = ChatId::new(chat_id);
+    let place_call_info = to_string_lossy(place_call_info);
+
+    block_on(ctx.place_outgoing_call(chat_id, place_call_info))
+        .context("Failed to place call")
+        .log_err(ctx)
+        .map(|msg_id| msg_id.to_u32())
+        .unwrap_or_log_default(ctx, "Failed to place call")
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_accept_incoming_call(
+    context: *mut dc_context_t,
+    msg_id: u32,
+    accept_call_info: *const libc::c_char,
+) -> libc::c_int {
+    if context.is_null() || msg_id == 0 {
+        eprintln!("ignoring careless call to dc_accept_incoming_call()");
+        return 0;
+    }
+    let ctx = &*context;
+    let msg_id = MsgId::new(msg_id);
+    let accept_call_info = to_string_lossy(accept_call_info);
+
+    block_on(ctx.accept_incoming_call(msg_id, accept_call_info))
+        .context("Failed to accept call")
+        .is_ok() as libc::c_int
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn dc_end_call(context: *mut dc_context_t, msg_id: u32) -> libc::c_int {
+    if context.is_null() || msg_id == 0 {
+        eprintln!("ignoring careless call to dc_end_call()");
+        return 0;
+    }
+    let ctx = &*context;
+    let msg_id = MsgId::new(msg_id);
+
+    block_on(ctx.end_call(msg_id))
+        .context("Failed to end call")
+        .log_err(ctx)
+        .is_ok() as libc::c_int
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn dc_set_draft(
    context: *mut dc_context_t,
@@ -3165,16 +3245,6 @@ pub unsafe extern "C" fn dc_chat_is_encrypted(chat: *mut dc_chat_t) -> libc::c_i
        .unwrap_or_log_default(&ffi_chat.context, "Failed dc_chat_is_encrypted") as libc::c_int
 }

-#[no_mangle]
-pub unsafe extern "C" fn dc_chat_is_protection_broken(chat: *mut dc_chat_t) -> libc::c_int {
-    if chat.is_null() {
-        eprintln!("ignoring careless call to dc_chat_is_protection_broken()");
-        return 0;
-    }
-    let ffi_chat = &*chat;
-    ffi_chat.chat.is_protection_broken() as libc::c_int
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn dc_chat_is_sending_locations(chat: *mut dc_chat_t) -> libc::c_int {
    if chat.is_null() {
--- a/deltachat-jsonrpc/Cargo.toml
+++ b/deltachat-jsonrpc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.3.0"
+version = "2.15.0"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"
--- a/deltachat-jsonrpc/src/api.rs
+++ b/deltachat-jsonrpc/src/api.rs
@@ -1227,8 +1227,10 @@ impl CommandApi {
    }

    /// Returns all messages of a particular chat.
-    /// If `add_daymarker` is `true`, it will return them as
-    /// `DC_MSG_ID_DAYMARKER`, e.g. [1234, 1237, 9, 1239].
+    ///
+    /// * `add_daymarker` - If `true`, add day markers as `DC_MSG_ID_DAYMARKER` to the result,
+    ///   e.g. [1234, 1237, 9, 1239]. The day marker timestamp is the midnight one for the
+    ///   corresponding (following) day in the local timezone.
    async fn get_message_ids(
        &self,
        account_id: u32,
@@ -1471,7 +1473,14 @@ impl CommandApi {

    /// Add a single contact as a result of an explicit user action.
    ///
-    /// Returns contact id of the created or existing contact
+    /// This will always create or look up an address-contact,
+    /// i.e. a contact identified by an email address,
+    /// with all messages sent to and from this contact being unencrypted.
+    /// If the user just clicked on an email address,
+    /// you should first check [`Self::lookup_contact_id_by_addr`]/`lookupContactIdByAddr.`,
+    /// and only if there is no contact yet, call this function here.
+    ///
+    /// Returns contact id of the created or existing contact.
    async fn create_contact(
        &self,
        account_id: u32,
@@ -1621,9 +1630,19 @@ impl CommandApi {
        Contact::get_encrinfo(&ctx, ContactId::new(contact_id)).await
    }

-    /// Check if an e-mail address belongs to a known and unblocked contact.
+    /// Looks up a known and unblocked contact with a given e-mail address.
    /// To get a list of all known and unblocked contacts, use contacts_get_contacts().
    ///
+    /// **POTENTIAL SECURITY ISSUE**: If there are multiple contacts with this address
+    /// (e.g. an address-contact and a key-contact),
+    /// this looks up the most recently seen contact,
+    /// i.e. which contact is returned depends on which contact last sent a message.
+    /// If the user just clicked on a mailto: link, then this is the best thing you can do.
+    /// But **DO NOT** internally represent contacts by their email address
+    /// and do not use this function to look them up;
+    /// otherwise this function will sometimes look up the wrong contact.
+    /// Instead, you should internally represent contacts by their ids.
+    ///
    /// To validate an e-mail address independently of the contact database
    /// use check_email_validity().
    async fn lookup_contact_id_by_addr(
@@ -1889,7 +1908,7 @@ impl CommandApi {
    /// If the connectivity changes, a #DC_EVENT_CONNECTIVITY_CHANGED will be emitted.
    async fn get_connectivity(&self, account_id: u32) -> Result<u32> {
        let ctx = self.get_context(account_id).await?;
-        Ok(ctx.get_connectivity().await as u32)
+        Ok(ctx.get_connectivity() as u32)
    }

    /// Get an overview of the current connectivity, and possibly more statistics.
@@ -2049,6 +2068,40 @@ impl CommandApi {
            .map(|msg_id| msg_id.to_u32()))
    }

+    /// Starts an outgoing call.
+    async fn place_outgoing_call(
+        &self,
+        account_id: u32,
+        chat_id: u32,
+        place_call_info: String,
+    ) -> Result<u32> {
+        let ctx = self.get_context(account_id).await?;
+        let msg_id = ctx
+            .place_outgoing_call(ChatId::new(chat_id), place_call_info)
+            .await?;
+        Ok(msg_id.to_u32())
+    }
+
+    /// Accepts an incoming call.
+    async fn accept_incoming_call(
+        &self,
+        account_id: u32,
+        msg_id: u32,
+        accept_call_info: String,
+    ) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        ctx.accept_incoming_call(MsgId::new(msg_id), accept_call_info)
+            .await?;
+        Ok(())
+    }
+
+    /// Ends incoming or outgoing call.
+    async fn end_call(&self, account_id: u32, msg_id: u32) -> Result<()> {
+        let ctx = self.get_context(account_id).await?;
+        ctx.end_call(MsgId::new(msg_id)).await?;
+        Ok(())
+    }
+
    /// Makes an HTTP GET request and returns a response.
    ///
    /// `url` is the HTTP or HTTPS URL.
--- a/deltachat-jsonrpc/src/api/types/chat.rs
+++ b/deltachat-jsonrpc/src/api/types/chat.rs
@@ -21,15 +21,16 @@ pub struct FullChat {

    /// True if the chat is protected.
    ///
-    /// UI should display a green checkmark
-    /// in the chat title,
-    /// in the chat profile title and
-    /// in the chatlist item
-    /// if chat protection is enabled.
-    /// UI should also display a green checkmark
-    /// in the contact profile
-    /// if 1:1 chat with this contact exists and is protected.
+    /// Only verified contacts
+    /// as determined by [`ContactObject::is_verified`] / `Contact.isVerified`
+    /// can be added to protected chats.
+    ///
+    /// Protected chats are created using [`create_group_chat`] / `createGroupChat()`
+    /// by setting the 'protect' parameter to true.
+    ///
+    /// [`create_group_chat`]: crate::api::CommandApi::create_group_chat
    is_protected: bool,
+
    /// True if the chat is encrypted.
    /// This means that all messages in the chat are encrypted,
    /// and all contacts in the chat are "key-contacts",
@@ -70,7 +71,7 @@ pub struct FullChat {
    fresh_message_counter: usize,
    // is_group - please check over chat.type in frontend instead
    is_contact_request: bool,
-    is_protection_broken: bool,
+
    is_device_chat: bool,
    self_in_group: bool,
    is_muted: bool,
@@ -144,7 +145,6 @@ impl FullChat {
            color,
            fresh_message_counter,
            is_contact_request: chat.is_contact_request(),
-            is_protection_broken: chat.is_protection_broken(),
            is_device_chat: chat.is_device_talk(),
            self_in_group: contact_ids.contains(&ContactId::SELF),
            is_muted: chat.is_muted(),
@@ -215,7 +215,7 @@ pub struct BasicChat {
    is_self_talk: bool,
    color: String,
    is_contact_request: bool,
-    is_protection_broken: bool,
+
    is_device_chat: bool,
    is_muted: bool,
 }
@@ -244,7 +244,6 @@ impl BasicChat {
            is_self_talk: chat.is_self_talk(),
            color,
            is_contact_request: chat.is_contact_request(),
-            is_protection_broken: chat.is_protection_broken(),
            is_device_chat: chat.is_device_talk(),
            is_muted: chat.is_muted(),
        })
--- a/deltachat-jsonrpc/src/api/types/contact.rs
+++ b/deltachat-jsonrpc/src/api/types/contact.rs
@@ -31,27 +31,36 @@ pub struct ContactObject {
    /// e.g. if we just scanned the fingerprint from a QR code.
    e2ee_avail: bool,

-    /// True if the contact can be added to verified groups.
+    /// True if the contact
+    /// can be added to protected chats
+    /// because SELF and contact have verified their fingerprints in both directions.
    ///
-    /// If this is true
-    /// UI should display green checkmark after the contact name
-    /// in contact list items,
-    /// in chat member list items
-    /// and in profiles if no chat with the contact exist.
+    /// See [`Self::verifier_id`]/`Contact.verifierId` for a guidance how to display these information.
    is_verified: bool,

-    /// True if the contact profile title should have a green checkmark.
+    /// The contact ID that verified a contact.
    ///
-    /// This indicates whether 1:1 chat has a green checkmark
-    /// or will have a green checkmark if created.
-    is_profile_verified: bool,
-
-    /// The ID of the contact that verified this contact.
+    /// As verifier may be unknown,
+    /// use [`Self::is_verified`]/`Contact.isVerified` to check if a contact can be added to a protected chat.
    ///
-    /// If this is present,
-    /// display a green checkmark and "Introduced by ..."
-    /// string followed by the verifier contact name and address
-    /// in the contact profile.
+    /// UI should display the information in the contact's profile as follows:
+    ///
+    /// - If `verifierId` != 0,
+    ///   display text "Introduced by ..."
+    ///   with the name and address of the contact
+    ///   formatted by `name_and_addr`/`nameAndAddr`.
+    ///   Prefix the text by a green checkmark.
+    ///
+    /// - If `verifierId` == 0 and `isVerified` != 0,
+    ///   display "Introduced" prefixed by a green checkmark.
+    ///
+    /// - if `verifierId` == 0 and `isVerified` == 0,
+    ///   display nothing
+    ///
+    /// This contains the contact ID of the verifier.
+    /// If it is `DC_CONTACT_ID_SELF`, we verified the contact ourself.
+    /// If it is None/Null, we don't have verifier information or
+    /// the contact is not verified.
    verifier_id: Option<u32>,

    /// the contact's last seen timestamp
@@ -72,7 +81,6 @@ impl ContactObject {
            None => None,
        };
        let is_verified = contact.is_verified(context).await?;
-        let is_profile_verified = contact.is_profile_verified(context).await?;

        let verifier_id = contact
            .get_verifier_id(context)
@@ -94,7 +102,6 @@ impl ContactObject {
            is_key_contact: contact.is_key_contact(),
            e2ee_avail: contact.e2ee_avail(context).await?,
            is_verified,
-            is_profile_verified,
            verifier_id,
            last_seen: contact.last_seen(),
            was_seen_recently: contact.was_seen_recently(),
--- a/deltachat-jsonrpc/src/api/types/events.rs
+++ b/deltachat-jsonrpc/src/api/types/events.rs
@@ -1,4 +1,5 @@
 use deltachat::{Event as CoreEvent, EventType as CoreEventType};
+use num_traits::ToPrimitive;
 use serde::Serialize;
 use typescript_type_def::TypeDef;

@@ -224,7 +225,6 @@ pub enum EventType {
    },

    /// Chat changed.  The name or the image of a chat group was changed or members were added or removed.
-    /// Or the verify state of a chat has changed.
    /// See setChatName(), setChatProfileImage(), addContactToChat()
    /// and removeContactFromChat().
    ///
@@ -304,9 +304,14 @@ pub enum EventType {
        /// ID of the contact that wants to join.
        contact_id: u32,

+        /// The type of the joined chat.
+        /// This can take the same values
+        /// as `BasicChat.chatType` ([`crate::api::types::chat::BasicChat::chat_type`]).
+        chat_type: u32,
+
        /// Progress as:
        /// 300=vg-/vc-request received, typically shown as "bob@addr joins".
-        /// 600=vg-/vc-request-with-auth received, vg-member-added/vc-contact-confirm sent, typically shown as "bob@addr verified".
+        /// 600=vg-/vc-request-with-auth received and verified, typically shown as "bob@addr verified".
        /// 800=contact added to chat, shown as "bob@addr securely joined GROUP". Only for the verified-group-protocol.
        /// 1000=Protocol finished for this contact.
        progress: usize,
@@ -417,6 +422,35 @@ pub enum EventType {
        /// Number of events skipped.
        n: u64,
    },
+
+    /// Incoming call.
+    IncomingCall {
+        /// ID of the info message referring to the call.
+        msg_id: u32,
+        /// User-defined info as passed to place_outgoing_call()
+        place_call_info: String,
+    },
+
+    /// Incoming call accepted.
+    /// This is esp. interesting to stop ringing on other devices.
+    IncomingCallAccepted {
+        /// ID of the info message referring to the call.
+        msg_id: u32,
+    },
+
+    /// Outgoing call accepted.
+    OutgoingCallAccepted {
+        /// ID of the info message referring to the call.
+        msg_id: u32,
+        /// User-defined info passed to dc_accept_incoming_call(
+        accept_call_info: String,
+    },
+
+    /// Call ended.
+    CallEnded {
+        /// ID of the info message referring to the call.
+        msg_id: u32,
+    },
 }

 impl From<CoreEventType> for EventType {
@@ -523,9 +557,11 @@ impl From<CoreEventType> for EventType {
            },
            CoreEventType::SecurejoinInviterProgress {
                contact_id,
+                chat_type,
                progress,
            } => SecurejoinInviterProgress {
                contact_id: contact_id.to_u32(),
+                chat_type: chat_type.to_u32().unwrap_or(0),
                progress,
            },
            CoreEventType::SecurejoinJoinerProgress {
@@ -567,6 +603,26 @@ impl From<CoreEventType> for EventType {
            CoreEventType::EventChannelOverflow { n } => EventChannelOverflow { n },
            CoreEventType::AccountsChanged => AccountsChanged,
            CoreEventType::AccountsItemChanged => AccountsItemChanged,
+            CoreEventType::IncomingCall {
+                msg_id,
+                place_call_info,
+            } => IncomingCall {
+                msg_id: msg_id.to_u32(),
+                place_call_info,
+            },
+            CoreEventType::IncomingCallAccepted { msg_id } => IncomingCallAccepted {
+                msg_id: msg_id.to_u32(),
+            },
+            CoreEventType::OutgoingCallAccepted {
+                msg_id,
+                accept_call_info,
+            } => OutgoingCallAccepted {
+                msg_id: msg_id.to_u32(),
+                accept_call_info,
+            },
+            CoreEventType::CallEnded { msg_id } => CallEnded {
+                msg_id: msg_id.to_u32(),
+            },
            #[allow(unreachable_patterns)]
            #[cfg(test)]
            _ => unreachable!("This is just to silence a rust_analyzer false-positive"),
--- a/deltachat-jsonrpc/src/api/types/message.rs
+++ b/deltachat-jsonrpc/src/api/types/message.rs
@@ -324,6 +324,9 @@ pub enum MessageViewtype {
    /// Message is an invitation to a videochat.
    VideochatInvitation,

+    /// Message is a call.
+    Call,
+
    /// Message is an webxdc instance.
    Webxdc,

@@ -346,6 +349,7 @@ impl From<Viewtype> for MessageViewtype {
            Viewtype::Video => MessageViewtype::Video,
            Viewtype::File => MessageViewtype::File,
            Viewtype::VideochatInvitation => MessageViewtype::VideochatInvitation,
+            Viewtype::Call => MessageViewtype::Call,
            Viewtype::Webxdc => MessageViewtype::Webxdc,
            Viewtype::Vcard => MessageViewtype::Vcard,
        }
@@ -365,6 +369,7 @@ impl From<MessageViewtype> for Viewtype {
            MessageViewtype::Video => Viewtype::Video,
            MessageViewtype::File => Viewtype::File,
            MessageViewtype::VideochatInvitation => Viewtype::VideochatInvitation,
+            MessageViewtype::Call => Viewtype::Call,
            MessageViewtype::Webxdc => Viewtype::Webxdc,
            MessageViewtype::Vcard => Viewtype::Vcard,
        }
@@ -437,6 +442,9 @@ pub enum SystemMessageType {

    /// This message contains a users iroh node address.
    IrohNodeAddr,
+
+    CallAccepted,
+    CallEnded,
 }

 impl From<deltachat::mimeparser::SystemMessage> for SystemMessageType {
@@ -463,6 +471,8 @@ impl From<deltachat::mimeparser::SystemMessage> for SystemMessageType {
            SystemMessage::IrohNodeAddr => SystemMessageType::IrohNodeAddr,
            SystemMessage::SecurejoinWait => SystemMessageType::SecurejoinWait,
            SystemMessage::SecurejoinWaitTimeout => SystemMessageType::SecurejoinWaitTimeout,
+            SystemMessage::CallAccepted => SystemMessageType::CallAccepted,
+            SystemMessage::CallEnded => SystemMessageType::CallEnded,
        }
    }
 }
--- a/deltachat-jsonrpc/typescript/package.json
+++ b/deltachat-jsonrpc/typescript/package.json
@@ -54,5 +54,5 @@
  },
  "type": "module",
  "types": "dist/deltachat.d.ts",
-  "version": "2.3.0"
+  "version": "2.15.0"
 }
--- a/deltachat-repl/Cargo.toml
+++ b/deltachat-repl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.3.0"
+version = "2.15.0"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"
--- a/deltachat-repl/src/cmdline.rs
+++ b/deltachat-repl/src/cmdline.rs
@@ -403,6 +403,8 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
                 block <contact-id>\n\
                 unblock <contact-id>\n\
                 listblocked\n\
+                 import-vcard <file>\n\
+                 make-vcard <file> <contact-id> [contact-id ...]\n\
                 ======================================Misc.==\n\
                 getqr [<chat-id>]\n\
                 getqrsvg [<chat-id>]\n\
@@ -1218,6 +1220,24 @@ pub async fn cmdline(context: Context, line: &str, chat_id: &mut ChatId) -> Resu
            log_contactlist(&context, &contacts).await?;
            println!("{} blocked contacts.", contacts.len());
        }
+        "import-vcard" => {
+            ensure!(!arg1.is_empty(), "Argument <file> missing.");
+            let vcard_content = fs::read_to_string(&arg1.to_string()).await?;
+            let contacts = import_vcard(&context, &vcard_content).await?;
+            println!("vCard contacts imported:");
+            log_contactlist(&context, &contacts).await?;
+        }
+        "make-vcard" => {
+            ensure!(!arg1.is_empty(), "Argument <file> missing.");
+            ensure!(!arg2.is_empty(), "Argument <contact-id> missing.");
+            let mut contact_ids = vec![];
+            for x in arg2.split_whitespace() {
+                contact_ids.push(ContactId::new(x.parse()?))
+            }
+            let vcard_content = make_vcard(&context, &contact_ids).await?;
+            fs::write(&arg1.to_string(), vcard_content).await?;
+            println!("vCard written to: {arg1}");
+        }
        "checkqr" => {
            ensure!(!arg1.is_empty(), "Argument <qr-content> missing.");
            let qr = check_qr(&context, arg1).await?;
--- a/deltachat-repl/src/main.rs
+++ b/deltachat-repl/src/main.rs
@@ -232,7 +232,7 @@ const MESSAGE_COMMANDS: [&str; 10] = [
    "delmsg",
    "react",
 ];
-const CONTACT_COMMANDS: [&str; 7] = [
+const CONTACT_COMMANDS: [&str; 9] = [
    "listcontacts",
    "addcontact",
    "contactinfo",
@@ -240,6 +240,8 @@ const CONTACT_COMMANDS: [&str; 7] = [
    "block",
    "unblock",
    "listblocked",
+    "import-vcard",
+    "make-vcard",
 ];
 const MISC_COMMANDS: [&str; 14] = [
    "getqr",
--- a/deltachat-rpc-client/pyproject.toml
+++ b/deltachat-rpc-client/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat-rpc-client"
-version = "2.3.0"
+version = "2.15.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
    "Development Status :: 5 - Production/Stable",
--- a/deltachat-rpc-client/src/deltachat_rpc_client/account.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/account.py
@@ -185,7 +185,21 @@ class Account:
        return Contact(self, contact_id)

    def get_contact_by_addr(self, address: str) -> Optional[Contact]:
-        """Check if an e-mail address belongs to a known and unblocked contact."""
+        """Looks up a known and unblocked contact with a given e-mail address.
+        To get a list of all known and unblocked contacts, use contacts_get_contacts().
+
+        **POTENTIAL SECURITY ISSUE**: If there are multiple contacts with this address
+        (e.g. an address-contact and a key-contact),
+        this looks up the most recently seen contact,
+        i.e. which contact is returned depends on which contact last sent a message.
+        If the user just clicked on a mailto: link, then this is the best thing you can do.
+        But **DO NOT** internally represent contacts by their email address
+        and do not use this function to look them up;
+        otherwise this function will sometimes look up the wrong contact.
+        Instead, you should internally represent contacts by their ids.
+
+        To validate an e-mail address independently of the contact database
+        use check_email_validity()."""
        contact_id = self._rpc.lookup_contact_id_by_addr(self.id, address)
        return contact_id and Contact(self, contact_id)

--- a/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/chat.py
@@ -289,3 +289,8 @@ class Chat:
            f.write(vcard.encode())
            f.flush()
            self._rpc.send_msg(self.account.id, self.id, {"viewtype": ViewType.VCARD, "file": f.name})
+
+    def place_outgoing_call(self, place_call_info: str) -> Message:
+        """Starts an outgoing call."""
+        msg_id = self._rpc.place_outgoing_call(self.account.id, self.id, place_call_info)
+        return Message(self.account, msg_id)
--- a/deltachat-rpc-client/src/deltachat_rpc_client/const.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/const.py
@@ -73,6 +73,10 @@ class EventType(str, Enum):
    CHATLIST_ITEM_CHANGED = "ChatlistItemChanged"
    ACCOUNTS_CHANGED = "AccountsChanged"
    ACCOUNTS_ITEM_CHANGED = "AccountsItemChanged"
+    INCOMING_CALL = "IncomingCall"
+    INCOMING_CALL_ACCEPTED = "IncomingCallAccepted"
+    OUTGOING_CALL_ACCEPTED = "OutgoingCallAccepted"
+    CALL_ENDED = "CallEnded"
    CONFIG_SYNCED = "ConfigSynced"
    WEBXDC_REALTIME_DATA = "WebxdcRealtimeData"
    WEBXDC_REALTIME_ADVERTISEMENT_RECEIVED = "WebxdcRealtimeAdvertisementReceived"
--- a/deltachat-rpc-client/src/deltachat_rpc_client/message.py
+++ b/deltachat-rpc-client/src/deltachat_rpc_client/message.py
@@ -102,3 +102,11 @@ class Message:
    def send_webxdc_realtime_data(self, data) -> None:
        """Send data to the realtime channel."""
        yield self._rpc.send_webxdc_realtime_data.future(self.account.id, self.id, list(data))
+
+    def accept_incoming_call(self, accept_call_info):
+        """Accepts an incoming call."""
+        self._rpc.accept_incoming_call(self.account.id, self.id, accept_call_info)
+
+    def end_call(self):
+        """Ends incoming or outgoing call."""
+        self._rpc.end_call(self.account.id, self.id)
--- a/deltachat-rpc-client/tests/test_calls.py
+++ b/deltachat-rpc-client/tests/test_calls.py
@@ -0,0 +1,25 @@
+from deltachat_rpc_client import EventType, Message
+
+
+def test_calls(acfactory) -> None:
+    alice, bob = acfactory.get_online_accounts(2)
+
+    place_call_info = "offer"
+    accept_call_info = "answer"
+
+    alice_contact_bob = alice.create_contact(bob, "Bob")
+    alice_chat_bob = alice_contact_bob.create_chat()
+    outgoing_call_message = alice_chat_bob.place_outgoing_call(place_call_info)
+
+    incoming_call_event = bob.wait_for_event(EventType.INCOMING_CALL)
+    assert incoming_call_event.place_call_info == place_call_info
+    incoming_call_message = Message(bob, incoming_call_event.msg_id)
+
+    incoming_call_message.accept_incoming_call(accept_call_info)
+    outgoing_call_accepted_event = alice.wait_for_event(EventType.OUTGOING_CALL_ACCEPTED)
+    assert outgoing_call_accepted_event.accept_call_info == accept_call_info
+
+    outgoing_call_message.end_call()
+
+    end_call_event = bob.wait_for_event(EventType.CALL_ENDED)
+    assert end_call_event.msg_id == outgoing_call_message.id
--- a/deltachat-rpc-client/tests/test_multidevice.py
+++ b/deltachat-rpc-client/tests/test_multidevice.py
@@ -44,7 +44,6 @@ def test_one_account_send_bcc_setting(acfactory, log, direct_imap):

    # now make sure we are sending message to ourselves too
    assert self_addr in ev.msg
-    assert self_addr in ev.msg

    # BCC-self messages are marked as seen by the sender device.
    while True:
--- a/deltachat-rpc-client/tests/test_something.py
+++ b/deltachat-rpc-client/tests/test_something.py
@@ -171,7 +171,10 @@ def test_account(acfactory) -> None:
    assert alice.get_size()
    assert alice.is_configured()
    assert not alice.get_avatar()
-    assert alice.get_contact_by_addr(bob_addr) is None  # There is no address-contact, only key-contact
+    # get_contact_by_addr() can lookup a key contact by address:
+    bob_contact = alice.get_contact_by_addr(bob_addr).get_snapshot()
+    assert bob_contact.display_name == "Bob"
+    assert bob_contact.is_key_contact
    assert alice.get_contacts()
    assert alice.get_contacts(snapshot=True)
    assert alice.self_contact
--- a/deltachat-rpc-server/Cargo.toml
+++ b/deltachat-rpc-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.3.0"
+version = "2.15.0"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"
--- a/deltachat-rpc-server/npm-package/package.json
+++ b/deltachat-rpc-server/npm-package/package.json
@@ -15,5 +15,5 @@
  },
  "type": "module",
  "types": "index.d.ts",
-  "version": "2.3.0"
+  "version": "2.15.0"
 }
--- a/deny.toml
+++ b/deny.toml
@@ -33,14 +33,11 @@ skip = [
     { name = "lru", version = "0.12.3" },
     { name = "netlink-packet-route", version = "0.17.1" },
     { name = "nom", version = "7.1.3" },
-     { name = "proc-macro-crate", version = "2.0.0" },
     { name = "rand_chacha", version = "0.3.1" },
     { name = "rand_core", version = "0.6.4" },
     { name = "rand", version = "0.8.5" },
     { name = "redox_syscall", version = "0.3.5" },
     { name = "redox_syscall", version = "0.4.1" },
-     { name = "regex-automata", version = "0.1.10" },
-     { name = "regex-syntax", version = "0.6.29" },
     { name = "rustix", version = "0.38.44" },
     { name = "serdect", version = "0.2.0" },
     { name = "spin", version = "0.9.8" },
@@ -49,7 +46,7 @@ skip = [
     { name = "syn", version = "1.0.109" },
     { name = "thiserror-impl", version = "1.0.69" },
     { name = "thiserror", version = "1.0.69" },
-     { name = "toml_edit", version = "0.20.7" },
+     { name = "toml_datetime", version = "0.6.11" },
     { name = "wasi", version = "0.11.0+wasi-snapshot-preview1" },
     { name = "windows" },
     { name = "windows_aarch64_gnullvm" },
@@ -67,7 +64,6 @@ skip = [
     { name = "windows_x86_64_gnu" },
     { name = "windows_x86_64_gnullvm" },
     { name = "windows_x86_64_msvc" },
-     { name = "winnow", version = "0.5.40" },
     { name = "zerocopy", version = "0.7.32" },
 ]

--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 license = "MPL-2.0"

 [dev-dependencies]
-bolero = "0.13.3"
+bolero = "0.13.4"

 [dependencies]
 mailparse = { workspace = true }
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "deltachat"
-version = "2.3.0"
+version = "2.15.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
 requires-python = ">=3.8"
--- a/python/src/deltachat/account.py
+++ b/python/src/deltachat/account.py
@@ -330,7 +330,21 @@ class Account:
        return bool(lib.dc_delete_contact(self._dc_context, contact_id))

    def get_contact_by_addr(self, email: str) -> Optional[Contact]:
-        """get a contact for the email address or None if it's blocked or doesn't exist."""
+        """Looks up a known and unblocked contact with a given e-mail address.
+        To get a list of all known and unblocked contacts, use contacts_get_contacts().
+
+        **POTENTIAL SECURITY ISSUE**: If there are multiple contacts with this address
+        (e.g. an address-contact and a key-contact),
+        this looks up the most recently seen contact,
+        i.e. which contact is returned depends on which contact last sent a message.
+        If the user just clicked on a mailto: link, then this is the best thing you can do.
+        But **DO NOT** internally represent contacts by their email address
+        and do not use this function to look them up;
+        otherwise this function will sometimes look up the wrong contact.
+        Instead, you should internally represent contacts by their ids.
+
+        To validate an e-mail address independently of the contact database
+        use check_email_validity()."""
        _, addr = parseaddr(email)
        addr = as_dc_charpointer(addr)
        contact_id = lib.dc_lookup_contact_id_by_addr(self._dc_context, addr)
--- a/python/src/deltachat/message.py
+++ b/python/src/deltachat/message.py
@@ -8,7 +8,6 @@ from typing import Optional, Union
 from . import const, props
 from .capi import ffi, lib
 from .cutil import as_dc_charpointer, from_dc_charpointer, from_optional_dc_charpointer
-from .reactions import Reactions


 class Message:
@@ -164,17 +163,6 @@ class Message:
            ),
        )

-    def send_reaction(self, reaction: str):
-        """Send a reaction to message and return the resulting Message instance."""
-        msg_id = lib.dc_send_reaction(self.account._dc_context, self.id, as_dc_charpointer(reaction))
-        if msg_id == 0:
-            raise ValueError("reaction could not be send")
-        return Message.from_db(self.account, msg_id)
-
-    def get_reactions(self) -> Reactions:
-        """Get :class:`deltachat.reactions.Reactions` to the message."""
-        return Reactions.from_msg(self)
-
    def is_system_message(self):
        """return True if this message is a system/info message."""
        return bool(lib.dc_msg_is_info(self._dc_msg))
--- a/python/src/deltachat/reactions.py
+++ b/python/src/deltachat/reactions.py
@@ -1,43 +0,0 @@
-"""The Reactions object."""
-
-from .capi import ffi, lib
-from .cutil import from_dc_charpointer, iter_array
-
-
-class Reactions:
-    """Reactions object.
-
-    You obtain instances of it through :class:`deltachat.message.Message`.
-    """
-
-    def __init__(self, account, dc_reactions) -> None:
-        assert isinstance(account._dc_context, ffi.CData)
-        assert isinstance(dc_reactions, ffi.CData)
-        assert dc_reactions != ffi.NULL
-        self.account = account
-        self._dc_reactions = dc_reactions
-
-    def __repr__(self) -> str:
-        return f"<Reactions dc_reactions={self._dc_reactions}>"
-
-    @classmethod
-    def from_msg(cls, msg):
-        assert msg.id > 0
-        return cls(
-            msg.account,
-            ffi.gc(lib.dc_get_msg_reactions(msg.account._dc_context, msg.id), lib.dc_reactions_unref),
-        )
-
-    def get_contacts(self) -> list:
-        """Get list of contacts reacted to the message.
-
-        :returns: list of :class:`deltachat.contact.Contact` objects for this reaction.
-        """
-        from .contact import Contact
-
-        dc_array = ffi.gc(lib.dc_reactions_get_contacts(self._dc_reactions), lib.dc_array_unref)
-        return list(iter_array(dc_array, lambda x: Contact(self.account, x)))
-
-    def get_by_contact(self, contact) -> str:
-        """Get a string containing space-separated reactions of a single :class:`deltachat.contact.Contact`."""
-        return from_dc_charpointer(lib.dc_reactions_get_by_contact_id(self._dc_reactions, contact.id))
--- a/python/tests/test_1_online.py
+++ b/python/tests/test_1_online.py
@@ -160,34 +160,9 @@ def test_html_message(acfactory, lp):
    assert html_text in msg2.html


-def test_videochat_invitation_message(acfactory, lp):
-    ac1, ac2 = acfactory.get_online_accounts(2)
-    chat = acfactory.get_accepted_chat(ac1, ac2)
-    text = "You are invited to a video chat, click https://meet.jit.si/WxEGad0gGzX to join."
-
-    lp.sec("ac1: prepare and send text message to ac2")
-    msg1 = chat.send_text("message0")
-    assert not msg1.is_videochat_invitation()
-
-    lp.sec("wait for ac2 to receive message")
-    msg2 = ac2._evtracker.wait_next_incoming_message()
-    assert msg2.text == "message0"
-    assert not msg2.is_videochat_invitation()
-
-    lp.sec("ac1: prepare and send videochat invitation to ac2")
-    msg1 = Message.new_empty(ac1, "videochat")
-    msg1.set_text(text)
-    msg1 = chat.send_msg(msg1)
-    assert msg1.is_videochat_invitation()
-
-    lp.sec("wait for ac2 to receive message")
-    msg2 = ac2._evtracker.wait_next_incoming_message()
-    assert msg2.text == text
-    assert msg2.is_videochat_invitation()
-
-
 def test_webxdc_message(acfactory, data, lp):
    ac1, ac2 = acfactory.get_online_accounts(2)
+    ac2.set_config("bcc_self", "1")
    chat = acfactory.get_accepted_chat(ac1, ac2)

    lp.sec("ac1: prepare and send text message to ac2")
@@ -432,7 +407,7 @@ def test_forward_messages(acfactory, lp):
    lp.sec("ac2: check new chat has a forwarded message")
    assert chat3.is_promoted()
    messages = chat3.get_messages()
-    assert len(messages) == 2
+    assert len(messages) == 3
    msg = messages[-1]
    assert msg.is_forwarded()
    ac2.delete_messages(messages)
@@ -538,6 +513,8 @@ def test_send_and_receive_message_markseen(acfactory, lp):
    # make DC's life harder wrt to encodings
    ac1.set_config("displayname", "ä name")

+    ac2.set_config("bcc_self", "1")
+
    # clear any fresh device messages
    ac1.get_device_chat().mark_noticed()
    ac2.get_device_chat().mark_noticed()
@@ -595,9 +572,6 @@ def test_send_and_receive_message_markseen(acfactory, lp):
        assert ev.data2 > dc.const.DC_MSG_ID_LAST_SPECIAL
    lp.step("2")

-    # Check that ac1 marks the read receipt as read.
-    ac1._evtracker.get_info_contains("Marked messages .* in folder INBOX as seen.")
-
    assert msg1.is_out_mdn_received()
    assert msg3.is_out_mdn_received()

@@ -613,7 +587,7 @@ def test_send_and_receive_message_markseen(acfactory, lp):
 def test_moved_markseen(acfactory):
    """Test that message already moved to DeltaChat folder is marked as seen."""
    ac1 = acfactory.new_online_configuring_account()
-    ac2 = acfactory.new_online_configuring_account(mvbox_move=True)
+    ac2 = acfactory.new_online_configuring_account(mvbox_move=True, bcc_self=True)
    acfactory.bring_accounts_online()

    ac2.stop_io()
@@ -678,31 +652,35 @@ def test_message_override_sender_name(acfactory, lp):


@pytest.mark.parametrize("mvbox_move", [True, False])
-def test_markseen_message_and_mdn(acfactory, mvbox_move):
+def test_markseen_message(acfactory, mvbox_move):
    # Please only change this test if you are very sure that it will still catch the issues it catches now.
    # We had so many problems with markseen, if in doubt, rather create another test, it can't harm.
    ac1 = acfactory.new_online_configuring_account(mvbox_move=mvbox_move)
    ac2 = acfactory.new_online_configuring_account(mvbox_move=mvbox_move)
    acfactory.bring_accounts_online()
-    # Do not send BCC to self, we only want to test MDN on ac1.
-    ac1.set_config("bcc_self", "0")
+    ac2.set_config("bcc_self", "1")
+    ac2.stop_io()

    acfactory.get_accepted_chat(ac1, ac2).send_text("hi")
+    # We only want to test MDN on ac1, so set "bcc_self" after sending.
+    ac1.set_config("bcc_self", "1")
+
+    ac2.start_io()
    msg = ac2._evtracker.wait_next_incoming_message()

    ac2.mark_seen_messages([msg])

    folder = "mvbox" if mvbox_move else "inbox"
-    for ac in [ac1, ac2]:
-        if mvbox_move:
-            ac._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")
-        else:
-            ac._evtracker.get_info_contains("Marked messages [0-9]+ in folder INBOX as seen.")
+    if mvbox_move:
+        ac2._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")
+    else:
+        ac2._evtracker.get_info_contains("Marked messages [0-9]+ in folder INBOX as seen.")
+    ac1._evtracker.get_matching("DC_EVENT_MSG_READ")
    ac1.direct_imap.select_config_folder(folder)
    ac2.direct_imap.select_config_folder(folder)

-    # Check that the mdn is marked as seen
-    assert len(list(ac1.direct_imap.conn.fetch(AND(seen=True)))) == 1
+    # Check that the mdn isn't marked as seen
+    assert len(list(ac1.direct_imap.conn.fetch(AND(seen=True)))) == 0
    # Check original message is marked as seen
    assert len(list(ac2.direct_imap.conn.fetch(AND(seen=True)))) == 1

@@ -741,15 +719,17 @@ def test_mdn_asymmetric(acfactory, lp):
    chat = ac1.create_chat(ac2)
    ac2.create_chat(ac1)

-    # make sure mdns are enabled (usually enabled by default already)
-    ac1.set_config("mdns_enabled", "1")
-    ac2.set_config("mdns_enabled", "1")
+    ac1.set_config("bcc_self", "1")
+    ac2.set_config("bcc_self", "1")

    lp.sec("sending text message from ac1 to ac2")
    msg_out = chat.send_text("message1")

    assert len(chat.get_messages()) == 1 + E2EE_INFO_MSGS

+    # Wait for the message to be marked as seen on IMAP.
+    ac1._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")
+
    lp.sec("disable ac1 MDNs")
    ac1.set_config("mdns_enabled", "0")

@@ -761,16 +741,17 @@ def test_mdn_asymmetric(acfactory, lp):
    lp.sec("ac2: mark incoming message as seen")
    ac2.mark_seen_messages([msg])

+    # Wait for the message to be marked as seen on IMAP.
+    ac2._evtracker.get_info_contains("Marked messages [0-9]+ in folder INBOX as seen.")
+
    lp.sec("ac1: waiting for incoming activity")
    # MDN should be moved even though MDNs are already disabled
    ac1._evtracker.get_matching("DC_EVENT_IMAP_MESSAGE_MOVED")

    assert len(chat.get_messages()) == 1 + E2EE_INFO_MSGS

-    # Wait for the message to be marked as seen on IMAP.
-    ac1._evtracker.get_info_contains("Marked messages [0-9]+ in folder DeltaChat as seen.")
-
    # MDN is received even though MDNs are already disabled
+    ac1._evtracker.get_matching("DC_EVENT_MSG_READ")
    assert msg_out.is_out_mdn_received()

    ac1.direct_imap.select_config_folder("mvbox")
--- a/python/tests/test_3_offline.py
+++ b/python/tests/test_3_offline.py
@@ -663,4 +663,4 @@ class TestOfflineChat:

        lp.sec("check message count of only system messages (without daymarkers)")
        sysmessages = [x for x in chat.get_messages() if x.is_system_message()]
-        assert len(sysmessages) == 3
+        assert len(sysmessages) == 4
--- a/release-date.in
+++ b/release-date.in
@@ -1 +1 @@
-2025-07-19
+2025-09-15
--- a/scripts/coredeps/install-rust.sh
+++ b/scripts/coredeps/install-rust.sh
@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.88.0
+RUST_VERSION=1.89.0

 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu
--- a/scripts/update-provider-database.sh
+++ b/scripts/update-provider-database.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 export TZ=UTC

 # Provider database revision.
-REV=77cbf92a8565fdf1bcaba10fa93c1455c750a1e9
+REV=1cce91c1f1065b47e4f307d6fe2f4cca68c74d2e

 CORE_ROOT="$PWD"
 TMP="$(mktemp -d)"
--- a/src/aheader.rs
+++ b/src/aheader.rs
@@ -17,7 +17,6 @@ pub enum EncryptPreference {
    #[default]
    NoPreference = 0,
    Mutual = 1,
-    Reset = 20,
 }

 impl fmt::Display for EncryptPreference {
@@ -25,7 +24,6 @@ impl fmt::Display for EncryptPreference {
        match *self {
            EncryptPreference::Mutual => write!(fmt, "mutual"),
            EncryptPreference::NoPreference => write!(fmt, "nopreference"),
-            EncryptPreference::Reset => write!(fmt, "reset"),
        }
    }
 }
@@ -48,21 +46,13 @@ pub struct Aheader {
    pub addr: String,
    pub public_key: SignedPublicKey,
    pub prefer_encrypt: EncryptPreference,
-}

-impl Aheader {
-    /// Creates new autocrypt header
-    pub fn new(
-        addr: String,
-        public_key: SignedPublicKey,
-        prefer_encrypt: EncryptPreference,
-    ) -> Self {
-        Aheader {
-            addr,
-            public_key,
-            prefer_encrypt,
-        }
-    }
+    // Whether `_verified` attribute is present.
+    //
+    // `_verified` attribute is an extension to `Autocrypt-Gossip`
+    // header that is used to tell that the sender
+    // marked this key as verified.
+    pub verified: bool,
 }

 impl fmt::Display for Aheader {
@@ -71,6 +61,9 @@ impl fmt::Display for Aheader {
        if self.prefer_encrypt == EncryptPreference::Mutual {
            write!(fmt, " prefer-encrypt=mutual;")?;
        }
+        if self.verified {
+            write!(fmt, " _verified=1;")?;
+        }

        // adds a whitespace every 78 characters, this allows
        // email crate to wrap the lines according to RFC 5322
@@ -125,6 +118,8 @@ impl FromStr for Aheader {
            .and_then(|raw| raw.parse().ok())
            .unwrap_or_default();

+        let verified = attributes.remove("_verified").is_some();
+
        // Autocrypt-Level0: unknown attributes starting with an underscore can be safely ignored
        // Autocrypt-Level0: unknown attribute, treat the header as invalid
        if attributes.keys().any(|k| !k.starts_with('_')) {
@@ -135,6 +130,7 @@ impl FromStr for Aheader {
            addr,
            public_key,
            prefer_encrypt,
+            verified,
        })
    }
 }
@@ -152,10 +148,11 @@ mod tests {

        assert_eq!(h.addr, "me@mail.com");
        assert_eq!(h.prefer_encrypt, EncryptPreference::Mutual);
+        assert_eq!(h.verified, false);
        Ok(())
    }

-    // EncryptPreference::Reset is an internal value, parser should never return it
+    // Non-standard values of prefer-encrypt such as `reset` are treated as no preference.
    #[test]
    fn test_from_str_reset() -> Result<()> {
        let raw = format!("addr=reset@example.com; prefer-encrypt=reset; keydata={RAWKEY}");
@@ -245,11 +242,12 @@ mod tests {
        assert!(
            format!(
                "{}",
-                Aheader::new(
-                    "test@example.com".to_string(),
-                    SignedPublicKey::from_base64(RAWKEY).unwrap(),
-                    EncryptPreference::Mutual
-                )
+                Aheader {
+                    addr: "test@example.com".to_string(),
+                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
+                    prefer_encrypt: EncryptPreference::Mutual,
+                    verified: false
+                }
            )
            .contains("prefer-encrypt=mutual;")
        );
@@ -260,11 +258,12 @@ mod tests {
        assert!(
            !format!(
                "{}",
-                Aheader::new(
-                    "test@example.com".to_string(),
-                    SignedPublicKey::from_base64(RAWKEY).unwrap(),
-                    EncryptPreference::NoPreference
-                )
+                Aheader {
+                    addr: "test@example.com".to_string(),
+                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
+                    prefer_encrypt: EncryptPreference::NoPreference,
+                    verified: false
+                }
            )
            .contains("prefer-encrypt")
        );
@@ -273,13 +272,27 @@ mod tests {
        assert!(
            format!(
                "{}",
-                Aheader::new(
-                    "TeSt@eXaMpLe.cOm".to_string(),
-                    SignedPublicKey::from_base64(RAWKEY).unwrap(),
-                    EncryptPreference::Mutual
-                )
+                Aheader {
+                    addr: "TeSt@eXaMpLe.cOm".to_string(),
+                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
+                    prefer_encrypt: EncryptPreference::Mutual,
+                    verified: false
+                }
            )
            .contains("test@example.com")
        );
+
+        assert!(
+            format!(
+                "{}",
+                Aheader {
+                    addr: "test@example.com".to_string(),
+                    public_key: SignedPublicKey::from_base64(RAWKEY).unwrap(),
+                    prefer_encrypt: EncryptPreference::NoPreference,
+                    verified: true
+                }
+            )
+            .contains("_verified")
+        );
    }
 }
--- a/src/calls.rs
+++ b/src/calls.rs
@@ -0,0 +1,373 @@
+//! # Handle calls.
+//!
+//! Internally, calls are bound a user-visible message initializing the call.
+//! This means, the "Call ID" is a "Message ID" - similar to Webxdc IDs.
+use crate::chat::{Chat, ChatId, send_msg};
+use crate::constants::Chattype;
+use crate::contact::ContactId;
+use crate::context::Context;
+use crate::events::EventType;
+use crate::headerdef::HeaderDef;
+use crate::log::info;
+use crate::message::{self, Message, MsgId, Viewtype};
+use crate::mimeparser::{MimeMessage, SystemMessage};
+use crate::param::Param;
+use crate::tools::time;
+use anyhow::{Result, ensure};
+use std::time::Duration;
+use tokio::task;
+use tokio::time::sleep;
+
+/// How long callee's or caller's phone ring.
+///
+/// For the callee, this is to prevent endless ringing
+/// in case the initial "call" is received, but then the caller went offline.
+/// Moreover, this prevents outdated calls to ring
+/// in case the initial "call" message arrives delayed.
+///
+/// For the caller, this means they should also not wait longer,
+/// as the callee won't start the call afterwards.
+const RINGING_SECONDS: i64 = 60;
+
+/// For persisting parameters in the call, we use Param::Arg*
+const CALL_ACCEPTED_TIMESTAMP: Param = Param::Arg;
+const CALL_ENDED_TIMESTAMP: Param = Param::Arg4;
+
+/// Information about the status of a call.
+#[derive(Debug, Default)]
+pub struct CallInfo {
+    /// User-defined text as given to place_outgoing_call()
+    pub place_call_info: String,
+
+    /// User-defined text as given to accept_incoming_call()
+    pub accept_call_info: String,
+
+    /// Message referring to the call.
+    /// Data are persisted along with the message using Param::Arg*
+    pub msg: Message,
+}
+
+impl CallInfo {
+    fn is_incoming(&self) -> bool {
+        self.msg.from_id != ContactId::SELF
+    }
+
+    fn is_stale(&self) -> bool {
+        self.remaining_ring_seconds() <= 0
+    }
+
+    fn remaining_ring_seconds(&self) -> i64 {
+        let remaining_seconds = self.msg.timestamp_sent + RINGING_SECONDS - time();
+        remaining_seconds.clamp(0, RINGING_SECONDS)
+    }
+
+    async fn update_text(&self, context: &Context, text: &str) -> Result<()> {
+        context
+            .sql
+            .execute(
+                "UPDATE msgs SET txt=?, txt_normalized=? WHERE id=?",
+                (text, message::normalize_text(text), self.msg.id),
+            )
+            .await?;
+        Ok(())
+    }
+
+    async fn update_text_duration(&self, context: &Context) -> Result<()> {
+        let minutes = self.get_duration_seconds() / 60;
+        let duration = match minutes {
+            0 => "<1 minute".to_string(),
+            1 => "1 minute".to_string(),
+            n => format!("{} minutes", n),
+        };
+
+        if self.is_incoming() {
+            self.update_text(context, &format!("Incoming call\n{duration}"))
+                .await?;
+        } else {
+            self.update_text(context, &format!("Outgoing call\n{duration}"))
+                .await?;
+        }
+        Ok(())
+    }
+
+    /// Mark calls as accepted.
+    /// This is needed for all devices where a stale-timer runs, to prevent accepted calls being terminated as stale.
+    async fn mark_as_accepted(&mut self, context: &Context) -> Result<()> {
+        self.msg.param.set_i64(CALL_ACCEPTED_TIMESTAMP, time());
+        self.msg.update_param(context).await?;
+        Ok(())
+    }
+
+    fn is_accepted(&self) -> bool {
+        self.msg.param.exists(CALL_ACCEPTED_TIMESTAMP)
+    }
+
+    async fn mark_as_ended(&mut self, context: &Context) -> Result<()> {
+        self.msg.param.set_i64(CALL_ENDED_TIMESTAMP, time());
+        self.msg.update_param(context).await?;
+        Ok(())
+    }
+
+    fn is_ended(&self) -> bool {
+        self.msg.param.exists(CALL_ENDED_TIMESTAMP)
+    }
+
+    fn get_duration_seconds(&self) -> i64 {
+        if let (Some(start), Some(end)) = (
+            self.msg.param.get_i64(CALL_ACCEPTED_TIMESTAMP),
+            self.msg.param.get_i64(CALL_ENDED_TIMESTAMP),
+        ) {
+            let seconds = end - start;
+            if seconds <= 0 {
+                return 1;
+            }
+            return seconds;
+        }
+        0
+    }
+}
+
+impl Context {
+    /// Start an outgoing call.
+    pub async fn place_outgoing_call(
+        &self,
+        chat_id: ChatId,
+        place_call_info: String,
+    ) -> Result<MsgId> {
+        let chat = Chat::load_from_db(self, chat_id).await?;
+        ensure!(chat.typ == Chattype::Single && !chat.is_self_talk());
+
+        let mut call = Message {
+            viewtype: Viewtype::Call,
+            text: "Outgoing call".into(),
+            ..Default::default()
+        };
+        call.param.set(Param::WebrtcRoom, &place_call_info);
+        call.id = send_msg(self, chat_id, &mut call).await?;
+
+        let wait = RINGING_SECONDS;
+        task::spawn(Context::emit_end_call_if_unaccepted(
+            self.clone(),
+            wait.try_into()?,
+            call.id,
+        ));
+
+        Ok(call.id)
+    }
+
+    /// Accept an incoming call.
+    pub async fn accept_incoming_call(
+        &self,
+        call_id: MsgId,
+        accept_call_info: String,
+    ) -> Result<()> {
+        let mut call: CallInfo = self.load_call_by_id(call_id).await?;
+        ensure!(call.is_incoming());
+        if call.is_accepted() || call.is_ended() {
+            info!(self, "Call already accepted/ended");
+            return Ok(());
+        }
+
+        call.mark_as_accepted(self).await?;
+        let chat = Chat::load_from_db(self, call.msg.chat_id).await?;
+        if chat.is_contact_request() {
+            chat.id.accept(self).await?;
+        }
+
+        // send an acceptance message around: to the caller as well as to the other devices of the callee
+        let mut msg = Message {
+            viewtype: Viewtype::Text,
+            text: "[Call accepted]".into(),
+            ..Default::default()
+        };
+        msg.param.set_cmd(SystemMessage::CallAccepted);
+        msg.hidden = true;
+        msg.param
+            .set(Param::WebrtcAccepted, accept_call_info.to_string());
+        msg.set_quote(self, Some(&call.msg)).await?;
+        msg.id = send_msg(self, call.msg.chat_id, &mut msg).await?;
+        self.emit_event(EventType::IncomingCallAccepted {
+            msg_id: call.msg.id,
+        });
+        self.emit_msgs_changed(call.msg.chat_id, call_id);
+        Ok(())
+    }
+
+    /// Cancel, decline or hangup an incoming or outgoing call.
+    pub async fn end_call(&self, call_id: MsgId) -> Result<()> {
+        let mut call: CallInfo = self.load_call_by_id(call_id).await?;
+        if call.is_ended() {
+            info!(self, "Call already ended");
+            return Ok(());
+        }
+        call.mark_as_ended(self).await?;
+
+        if !call.is_accepted() {
+            if call.is_incoming() {
+                call.update_text(self, "Declined call").await?;
+            } else {
+                call.update_text(self, "Cancelled call").await?;
+            }
+        } else {
+            call.update_text_duration(self).await?;
+        }
+
+        let mut msg = Message {
+            viewtype: Viewtype::Text,
+            text: "[Call ended]".into(),
+            ..Default::default()
+        };
+        msg.param.set_cmd(SystemMessage::CallEnded);
+        msg.hidden = true;
+        msg.set_quote(self, Some(&call.msg)).await?;
+        msg.id = send_msg(self, call.msg.chat_id, &mut msg).await?;
+
+        self.emit_event(EventType::CallEnded {
+            msg_id: call.msg.id,
+        });
+        self.emit_msgs_changed(call.msg.chat_id, call_id);
+        Ok(())
+    }
+
+    async fn emit_end_call_if_unaccepted(
+        context: Context,
+        wait: u64,
+        call_id: MsgId,
+    ) -> Result<()> {
+        sleep(Duration::from_secs(wait)).await;
+        let mut call = context.load_call_by_id(call_id).await?;
+        if !call.is_accepted() && !call.is_ended() {
+            call.mark_as_ended(&context).await?;
+            if call.is_incoming() {
+                call.update_text(&context, "Missed call").await?;
+            } else {
+                call.update_text(&context, "Cancelled call").await?;
+            }
+            context.emit_msgs_changed(call.msg.chat_id, call_id);
+            context.emit_event(EventType::CallEnded {
+                msg_id: call.msg.id,
+            });
+        }
+        Ok(())
+    }
+
+    pub(crate) async fn handle_call_msg(
+        &self,
+        call_id: MsgId,
+        mime_message: &MimeMessage,
+        from_id: ContactId,
+    ) -> Result<()> {
+        if mime_message.is_call() {
+            let call = self.load_call_by_id(call_id).await?;
+            if call.is_incoming() {
+                if call.is_stale() {
+                    call.update_text(self, "Missed call").await?;
+                    self.emit_incoming_msg(call.msg.chat_id, call_id); // notify missed call
+                } else {
+                    call.update_text(self, "Incoming call").await?;
+                    self.emit_msgs_changed(call.msg.chat_id, call_id); // ringing calls are not additionally notified
+                    self.emit_event(EventType::IncomingCall {
+                        msg_id: call.msg.id,
+                        place_call_info: call.place_call_info.to_string(),
+                    });
+                    let wait = call.remaining_ring_seconds();
+                    task::spawn(Context::emit_end_call_if_unaccepted(
+                        self.clone(),
+                        wait.try_into()?,
+                        call.msg.id,
+                    ));
+                }
+            } else {
+                call.update_text(self, "Outgoing call").await?;
+                self.emit_msgs_changed(call.msg.chat_id, call_id);
+            }
+        } else {
+            match mime_message.is_system_message {
+                SystemMessage::CallAccepted => {
+                    let mut call = self.load_call_by_id(call_id).await?;
+                    if call.is_ended() || call.is_accepted() {
+                        info!(self, "CallAccepted received for accepted/ended call");
+                        return Ok(());
+                    }
+
+                    call.mark_as_accepted(self).await?;
+                    self.emit_msgs_changed(call.msg.chat_id, call_id);
+                    if call.is_incoming() {
+                        self.emit_event(EventType::IncomingCallAccepted {
+                            msg_id: call.msg.id,
+                        });
+                    } else {
+                        let accept_call_info = mime_message
+                            .get_header(HeaderDef::ChatWebrtcAccepted)
+                            .unwrap_or_default();
+                        self.emit_event(EventType::OutgoingCallAccepted {
+                            msg_id: call.msg.id,
+                            accept_call_info: accept_call_info.to_string(),
+                        });
+                    }
+                }
+                SystemMessage::CallEnded => {
+                    let mut call = self.load_call_by_id(call_id).await?;
+                    if call.is_ended() {
+                        // may happen eg. if a a message is missed
+                        info!(self, "CallEnded received for ended call");
+                        return Ok(());
+                    }
+
+                    call.mark_as_ended(self).await?;
+                    if !call.is_accepted() {
+                        if call.is_incoming() {
+                            if from_id == ContactId::SELF {
+                                call.update_text(self, "Declined call").await?;
+                            } else {
+                                call.update_text(self, "Missed call").await?;
+                            }
+                        } else {
+                            // outgoing
+                            if from_id == ContactId::SELF {
+                                call.update_text(self, "Cancelled call").await?;
+                            } else {
+                                call.update_text(self, "Declined call").await?;
+                            }
+                        }
+                    } else {
+                        call.update_text_duration(self).await?;
+                    }
+
+                    self.emit_msgs_changed(call.msg.chat_id, call_id);
+                    self.emit_event(EventType::CallEnded {
+                        msg_id: call.msg.id,
+                    });
+                }
+                _ => {}
+            }
+        }
+        Ok(())
+    }
+
+    async fn load_call_by_id(&self, call_id: MsgId) -> Result<CallInfo> {
+        let call = Message::load_from_db(self, call_id).await?;
+        self.load_call_by_message(call)
+    }
+
+    fn load_call_by_message(&self, call: Message) -> Result<CallInfo> {
+        ensure!(call.viewtype == Viewtype::Call);
+
+        Ok(CallInfo {
+            place_call_info: call
+                .param
+                .get(Param::WebrtcRoom)
+                .unwrap_or_default()
+                .to_string(),
+            accept_call_info: call
+                .param
+                .get(Param::WebrtcAccepted)
+                .unwrap_or_default()
+                .to_string(),
+            msg: call,
+        })
+    }
+}
+
+#[cfg(test)]
+mod calls_tests;
--- a/src/calls/calls_tests.rs
+++ b/src/calls/calls_tests.rs
@@ -0,0 +1,419 @@
+use super::*;
+use crate::config::Config;
+use crate::test_utils::{TestContext, TestContextManager};
+
+struct CallSetup {
+    pub alice: TestContext,
+    pub alice2: TestContext,
+    pub alice_call: Message,
+    pub alice2_call: Message,
+    pub bob: TestContext,
+    pub bob2: TestContext,
+    pub bob_call: Message,
+    pub bob2_call: Message,
+}
+
+async fn assert_text(t: &TestContext, call_id: MsgId, text: &str) -> Result<()> {
+    assert_eq!(Message::load_from_db(t, call_id).await?.text, text);
+    Ok(())
+}
+
+// Offer and answer examples from <https://www.rfc-editor.org/rfc/rfc3264>
+const PLACE_INFO: &str = "v=0\r\no=alice 2890844526 2890844526 IN IP4 host.anywhere.com\r\ns=\r\nc=IN IP4 host.anywhere.com\r\nt=0 0\r\nm=audio 62986 RTP/AVP 0 4 18\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:4 G723/8000\r\na=rtpmap:18 G729/8000\r\na=inactive\r\n";
+const ACCEPT_INFO: &str = "v=0\r\no=bob 2890844730 2890844731 IN IP4 host.example.com\r\ns=\r\nc=IN IP4 host.example.com\r\nt=0 0\r\nm=audio 54344 RTP/AVP 0 4\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:4 G723/8000\r\na=inactive\r\n";
+
+async fn setup_call() -> Result<CallSetup> {
+    let mut tcm = TestContextManager::new();
+    let alice = tcm.alice().await;
+    let alice2 = tcm.alice().await;
+    let bob = tcm.bob().await;
+    let bob2 = tcm.bob().await;
+    for t in [&alice, &alice2, &bob, &bob2] {
+        t.set_config_bool(Config::SyncMsgs, true).await?;
+    }
+
+    // Alice creates a chat with Bob and places an outgoing call there.
+    // Alice's other device sees the same message as an outgoing call.
+    let alice_chat = alice.create_chat(&bob).await;
+    let test_msg_id = alice
+        .place_outgoing_call(alice_chat.id, PLACE_INFO.to_string())
+        .await?;
+    let sent1 = alice.pop_sent_msg().await;
+    assert_eq!(sent1.sender_msg_id, test_msg_id);
+    let alice_call = Message::load_from_db(&alice, sent1.sender_msg_id).await?;
+    let alice2_call = alice2.recv_msg(&sent1).await;
+    for (t, m) in [(&alice, &alice_call), (&alice2, &alice2_call)] {
+        assert!(!m.is_info());
+        assert_eq!(m.viewtype, Viewtype::Call);
+        let info = t.load_call_by_id(m.id).await?;
+        assert!(!info.is_incoming());
+        assert!(!info.is_accepted());
+        assert_eq!(info.place_call_info, PLACE_INFO);
+        assert_text(t, m.id, "Outgoing call").await?;
+    }
+
+    // Bob receives the message referring to the call on two devices;
+    // it is an incoming call from the view of Bob
+    let bob_call = bob.recv_msg(&sent1).await;
+    let bob2_call = bob2.recv_msg(&sent1).await;
+    for (t, m) in [(&bob, &bob_call), (&bob2, &bob2_call)] {
+        assert!(!m.is_info());
+        assert_eq!(m.viewtype, Viewtype::Call);
+        t.evtracker
+            .get_matching(|evt| matches!(evt, EventType::IncomingCall { .. }))
+            .await;
+        let info = t.load_call_by_id(m.id).await?;
+        assert!(info.is_incoming());
+        assert!(!info.is_accepted());
+        assert_eq!(info.place_call_info, PLACE_INFO);
+        assert_text(t, m.id, "Incoming call").await?;
+    }
+
+    Ok(CallSetup {
+        alice,
+        alice2,
+        alice_call,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+    })
+}
+
+async fn accept_call() -> Result<CallSetup> {
+    let CallSetup {
+        alice,
+        alice2,
+        alice_call,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+    } = setup_call().await?;
+
+    // Bob accepts the incoming call
+    bob.accept_incoming_call(bob_call.id, ACCEPT_INFO.to_string())
+        .await?;
+    assert_text(&bob, bob_call.id, "Incoming call").await?;
+    bob.evtracker
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
+        .await;
+    let sent2 = bob.pop_sent_msg().await;
+    let info = bob.load_call_by_id(bob_call.id).await?;
+    assert!(info.is_accepted());
+    assert_eq!(info.place_call_info, PLACE_INFO);
+
+    bob2.recv_msg_trash(&sent2).await;
+    assert_text(&bob, bob_call.id, "Incoming call").await?;
+    bob2.evtracker
+        .get_matching(|evt| matches!(evt, EventType::IncomingCallAccepted { .. }))
+        .await;
+    let info = bob2.load_call_by_id(bob2_call.id).await?;
+    assert!(info.is_accepted());
+
+    // Alice receives the acceptance message
+    alice.recv_msg_trash(&sent2).await;
+    assert_text(&alice, alice_call.id, "Outgoing call").await?;
+    let ev = alice
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::OutgoingCallAccepted { .. }))
+        .await;
+    assert_eq!(
+        ev,
+        EventType::OutgoingCallAccepted {
+            msg_id: alice2_call.id,
+            accept_call_info: ACCEPT_INFO.to_string()
+        }
+    );
+    let info = alice.load_call_by_id(alice_call.id).await?;
+    assert!(info.is_accepted());
+    assert_eq!(info.place_call_info, PLACE_INFO);
+
+    alice2.recv_msg_trash(&sent2).await;
+    assert_text(&alice2, alice2_call.id, "Outgoing call").await?;
+    alice2
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::OutgoingCallAccepted { .. }))
+        .await;
+
+    Ok(CallSetup {
+        alice,
+        alice2,
+        alice_call,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+    })
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_accept_call_callee_ends() -> Result<()> {
+    // Alice calls Bob, Bob accepts
+    let CallSetup {
+        alice,
+        alice_call,
+        alice2,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+        ..
+    } = accept_call().await?;
+
+    // Bob has accepted the call and also ends it
+    bob.end_call(bob_call.id).await?;
+    assert_text(&bob, bob_call.id, "Incoming call\n<1 minute").await?;
+    bob.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+    let sent3 = bob.pop_sent_msg().await;
+
+    bob2.recv_msg_trash(&sent3).await;
+    assert_text(&bob2, bob2_call.id, "Incoming call\n<1 minute").await?;
+    bob2.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    // Alice receives the ending message
+    alice.recv_msg_trash(&sent3).await;
+    assert_text(&alice, alice_call.id, "Outgoing call\n<1 minute").await?;
+    alice
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    alice2.recv_msg_trash(&sent3).await;
+    assert_text(&alice2, alice2_call.id, "Outgoing call\n<1 minute").await?;
+    alice2
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_accept_call_caller_ends() -> Result<()> {
+    // Alice calls Bob, Bob accepts
+    let CallSetup {
+        alice,
+        alice_call,
+        alice2,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+        ..
+    } = accept_call().await?;
+
+    // Bob has accepted the call but Alice ends it
+    alice.end_call(alice_call.id).await?;
+    assert_text(&alice, alice_call.id, "Outgoing call\n<1 minute").await?;
+    alice
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+    let sent3 = alice.pop_sent_msg().await;
+
+    alice2.recv_msg_trash(&sent3).await;
+    assert_text(&alice2, alice2_call.id, "Outgoing call\n<1 minute").await?;
+    alice2
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    // Bob receives the ending message
+    bob.recv_msg_trash(&sent3).await;
+    assert_text(&bob, bob_call.id, "Incoming call\n<1 minute").await?;
+    bob.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    bob2.recv_msg_trash(&sent3).await;
+    assert_text(&bob2, bob2_call.id, "Incoming call\n<1 minute").await?;
+    bob2.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_callee_rejects_call() -> Result<()> {
+    // Alice calls Bob
+    let CallSetup {
+        alice,
+        alice2,
+        alice_call,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+        ..
+    } = setup_call().await?;
+
+    // Bob has accepted Alice before, but does not want to talk with Alice
+    bob_call.chat_id.accept(&bob).await?;
+    bob.end_call(bob_call.id).await?;
+    assert_text(&bob, bob_call.id, "Declined call").await?;
+    bob.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+    let sent3 = bob.pop_sent_msg().await;
+
+    bob2.recv_msg_trash(&sent3).await;
+    assert_text(&bob2, bob2_call.id, "Declined call").await?;
+    bob2.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    // Alice receives decline message
+    alice.recv_msg_trash(&sent3).await;
+    assert_text(&alice, alice_call.id, "Declined call").await?;
+    alice
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    alice2.recv_msg_trash(&sent3).await;
+    assert_text(&alice2, alice2_call.id, "Declined call").await?;
+    alice2
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_caller_cancels_call() -> Result<()> {
+    // Alice calls Bob
+    let CallSetup {
+        alice,
+        alice2,
+        alice_call,
+        alice2_call,
+        bob,
+        bob2,
+        bob_call,
+        bob2_call,
+        ..
+    } = setup_call().await?;
+
+    // Alice changes their mind before Bob picks up
+    alice.end_call(alice_call.id).await?;
+    assert_text(&alice, alice_call.id, "Cancelled call").await?;
+    alice
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+    let sent3 = alice.pop_sent_msg().await;
+
+    alice2.recv_msg_trash(&sent3).await;
+    assert_text(&alice2, alice2_call.id, "Cancelled call").await?;
+    alice2
+        .evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    // Bob receives the ending message
+    bob.recv_msg_trash(&sent3).await;
+    assert_text(&bob, bob_call.id, "Missed call").await?;
+    bob.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    bob2.recv_msg_trash(&sent3).await;
+    assert_text(&bob2, bob2_call.id, "Missed call").await?;
+    bob2.evtracker
+        .get_matching(|evt| matches!(evt, EventType::CallEnded { .. }))
+        .await;
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_is_stale_call() -> Result<()> {
+    // a call started now is not stale
+    let call_info = CallInfo {
+        msg: Message {
+            timestamp_sent: time(),
+            ..Default::default()
+        },
+        ..Default::default()
+    };
+    assert!(!call_info.is_stale());
+    let remaining_seconds = call_info.remaining_ring_seconds();
+    assert!(remaining_seconds == RINGING_SECONDS || remaining_seconds == RINGING_SECONDS - 1);
+
+    // call started 5 seconds ago, this is not stale as well
+    let call_info = CallInfo {
+        msg: Message {
+            timestamp_sent: time() - 5,
+            ..Default::default()
+        },
+        ..Default::default()
+    };
+    assert!(!call_info.is_stale());
+    let remaining_seconds = call_info.remaining_ring_seconds();
+    assert!(remaining_seconds == RINGING_SECONDS - 5 || remaining_seconds == RINGING_SECONDS - 6);
+
+    // a call started one hour ago is clearly stale
+    let call_info = CallInfo {
+        msg: Message {
+            timestamp_sent: time() - 3600,
+            ..Default::default()
+        },
+        ..Default::default()
+    };
+    assert!(call_info.is_stale());
+    assert_eq!(call_info.remaining_ring_seconds(), 0);
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_mark_calls() -> Result<()> {
+    let CallSetup {
+        alice, alice_call, ..
+    } = setup_call().await?;
+
+    let mut call_info: CallInfo = alice.load_call_by_id(alice_call.id).await?;
+    assert!(!call_info.is_accepted());
+    assert!(!call_info.is_ended());
+    call_info.mark_as_accepted(&alice).await?;
+    assert!(call_info.is_accepted());
+    assert!(!call_info.is_ended());
+
+    let mut call_info: CallInfo = alice.load_call_by_id(alice_call.id).await?;
+    assert!(call_info.is_accepted());
+    assert!(!call_info.is_ended());
+
+    call_info.mark_as_ended(&alice).await?;
+    assert!(call_info.is_accepted());
+    assert!(call_info.is_ended());
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_udpate_call_text() -> Result<()> {
+    let CallSetup {
+        alice, alice_call, ..
+    } = setup_call().await?;
+
+    let call_info = alice.load_call_by_id(alice_call.id).await?;
+    call_info.update_text(&alice, "foo bar").await?;
+
+    let alice_call = Message::load_from_db(&alice, alice_call.id).await?;
+    assert_eq!(alice_call.get_text(), "foo bar");
+
+    Ok(())
+}
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -94,14 +94,12 @@ pub enum ProtectionStatus {
    ///
    /// All members of the chat must be verified.
    Protected = 1,
+    // `2` was never used as a value.

-    /// The chat was protected, but now a new message came in
-    /// which was not encrypted / signed correctly.
-    /// The user has to confirm that this is OK.
-    ///
-    /// We only do this in 1:1 chats; in group chats, the chat just
-    /// stays protected.
-    ProtectionBroken = 3, // `2` was never used as a value.
+    // Chats don't break in Core v2 anymore. Chats with broken protection existing before the
+    // key-contacts migration are treated as `Unprotected`.
+    //
+    // ProtectionBroken = 3,
 }

 /// The reason why messages cannot be sent to the chat.
@@ -118,10 +116,6 @@ pub(crate) enum CantSendReason {
    /// The chat is a contact request, it needs to be accepted before sending a message.
    ContactRequest,

-    /// The chat was protected, but now a new message came in
-    /// which was not encrypted / signed correctly.
-    ProtectionBroken,
-
    /// Mailing list without known List-Post header.
    ReadOnlyMailingList,

@@ -144,10 +138,6 @@ impl fmt::Display for CantSendReason {
                f,
                "contact request chat should be accepted before sending messages"
            ),
-            Self::ProtectionBroken => write!(
-                f,
-                "accept that the encryption isn't verified anymore before sending messages"
-            ),
            Self::ReadOnlyMailingList => {
                write!(f, "mailing list does not have a know post address")
            }
@@ -479,16 +469,6 @@ impl ChatId {
        let chat = Chat::load_from_db(context, self).await?;

        match chat.typ {
-            Chattype::Single
-                if chat.blocked == Blocked::Not
-                    && chat.protected == ProtectionStatus::ProtectionBroken =>
-            {
-                // The protection was broken, then the user clicked 'Accept'/'OK',
-                // so, now we want to set the status to Unprotected again:
-                chat.id
-                    .inner_set_protection(context, ProtectionStatus::Unprotected)
-                    .await?;
-            }
            Chattype::Single | Chattype::Group | Chattype::OutBroadcast | Chattype::InBroadcast => {
                // User has "created a chat" with all these contacts.
                //
@@ -545,7 +525,7 @@ impl ChatId {
                | Chattype::InBroadcast => {}
                Chattype::Mailinglist => bail!("Cannot protect mailing lists"),
            },
-            ProtectionStatus::Unprotected | ProtectionStatus::ProtectionBroken => {}
+            ProtectionStatus::Unprotected => {}
        };

        context
@@ -588,7 +568,6 @@ impl ChatId {
        let cmd = match protect {
            ProtectionStatus::Protected => SystemMessage::ChatProtectionEnabled,
            ProtectionStatus::Unprotected => SystemMessage::ChatProtectionDisabled,
-            ProtectionStatus::ProtectionBroken => SystemMessage::ChatProtectionDisabled,
        };
        add_info_msg_with_cmd(
            context,
@@ -1700,12 +1679,6 @@ impl Chat {
                return Ok(Some(reason));
            }
        }
-        if self.is_protection_broken() {
-            let reason = ProtectionBroken;
-            if !skip_fn(&reason) {
-                return Ok(Some(reason));
-            }
-        }
        if self.is_mailing_list() && self.get_mailinglist_addr().is_none_or_empty() {
            let reason = ReadOnlyMailingList;
            if !skip_fn(&reason) {
@@ -1798,6 +1771,12 @@ impl Chat {
            return Ok(Some(get_device_icon(context).await?));
        } else if self.is_self_talk() {
            return Ok(Some(get_saved_messages_icon(context).await?));
+        } else if !self.is_encrypted(context).await? {
+            // This is an unencrypted chat, show a special avatar that marks it as such.
+            return Ok(Some(get_abs_path(
+                context,
+                Path::new(&get_unencrypted_icon(context).await?),
+            )));
        } else if self.typ == Chattype::Single {
            // For 1:1 chats, we always use the same avatar as for the contact
            // This is before the `self.is_encrypted()` check, because that function
@@ -1807,12 +1786,6 @@ impl Chat {
                let contact = Contact::get_by_id(context, *contact_id).await?;
                return contact.get_profile_image(context).await;
            }
-        } else if !self.is_encrypted(context).await? {
-            // This is an address-contact chat, show a special avatar that marks it as such
-            return Ok(Some(get_abs_path(
-                context,
-                Path::new(&get_address_contact_icon(context).await?),
-            )));
        } else if let Some(image_rel) = self.param.get(Param::ProfileImage) {
            // Load the group avatar, or the device-chat / saved-messages icon
            if !image_rel.is_empty() {
@@ -1824,8 +1797,9 @@ impl Chat {

    /// Returns chat avatar color.
    ///
-    /// For 1:1 chats, the color is calculated from the contact's address.
-    /// For group chats the color is calculated from the chat name.
+    /// For 1:1 chats, the color is calculated from the contact's address
+    /// for address-contacts and from the OpenPGP key fingerprint for key-contacts.
+    /// For group chats the color is calculated from the grpid, if present, or the chat name.
    pub async fn get_color(&self, context: &Context) -> Result<u32> {
        let mut color = 0;

@@ -1836,6 +1810,8 @@ impl Chat {
                    color = contact.get_color();
                }
            }
+        } else if !self.grpid.is_empty() {
+            color = str_to_color(&self.grpid);
        } else {
            color = str_to_color(&self.name);
        }
@@ -1913,16 +1889,25 @@ impl Chat {
        let is_encrypted = self.is_protected()
            || match self.typ {
                Chattype::Single => {
-                    let chat_contact_ids = get_chat_contacts(context, self.id).await?;
-                    if let Some(contact_id) = chat_contact_ids.first() {
-                        if *contact_id == ContactId::DEVICE {
-                            true
-                        } else {
-                            let contact = Contact::get_by_id(context, *contact_id).await?;
-                            contact.is_key_contact()
-                        }
-                    } else {
-                        true
+                    match context
+                        .sql
+                        .query_row_optional(
+                            "SELECT cc.contact_id, c.fingerprint<>''
+                             FROM chats_contacts cc LEFT JOIN contacts c
+                                 ON c.id=cc.contact_id
+                             WHERE cc.chat_id=?
+                            ",
+                            (self.id,),
+                            |row| {
+                                let id: ContactId = row.get(0)?;
+                                let is_key: bool = row.get(1)?;
+                                Ok((id, is_key))
+                            },
+                        )
+                        .await?
+                    {
+                        Some((id, is_key)) => is_key || id == ContactId::DEVICE,
+                        None => true,
                    }
                }
                Chattype::Group => {
@@ -1935,27 +1920,6 @@ impl Chat {
        Ok(is_encrypted)
    }

-    /// Returns true if the chat was protected, and then an incoming message broke this protection.
-    ///
-    /// This function is only useful if the UI enabled the `verified_one_on_one_chats` feature flag,
-    /// otherwise it will return false for all chats.
-    ///
-    /// 1:1 chats are automatically set as protected when a contact is verified.
-    /// When a message comes in that is not encrypted / signed correctly,
-    /// the chat is automatically set as unprotected again.
-    /// `is_protection_broken()` will return true until `chat_id.accept()` is called.
-    ///
-    /// The UI should let the user confirm that this is OK with a message like
-    /// `Bob sent a message from another device. Tap to learn more`
-    /// and then call `chat_id.accept()`.
-    pub fn is_protection_broken(&self) -> bool {
-        match self.protected {
-            ProtectionStatus::Protected => false,
-            ProtectionStatus::Unprotected => false,
-            ProtectionStatus::ProtectionBroken => true,
-        }
-    }
-
    /// Returns true if location streaming is enabled in the chat.
    pub fn is_sending_locations(&self) -> bool {
        self.is_sending_locations
@@ -1993,7 +1957,7 @@ impl Chat {
    }

    /// Adds missing values to the msg object,
-    /// writes the record to the database and returns its msg_id.
+    /// writes the record to the database.
    ///
    /// If `update_msg_id` is set, that record is reused;
    /// if `update_msg_id` is None, a new record is created.
@@ -2002,7 +1966,7 @@ impl Chat {
        context: &Context,
        msg: &mut Message,
        update_msg_id: Option<MsgId>,
-    ) -> Result<MsgId> {
+    ) -> Result<()> {
        let mut to_id = 0;
        let mut location_id = 0;

@@ -2280,7 +2244,7 @@ impl Chat {
                .await?;
        }
        context.scheduler.interrupt_ephemeral_task().await;
-        Ok(msg.id)
+        Ok(())
    }

    /// Sends a `SyncAction` synchronising chat contacts to other devices.
@@ -2533,11 +2497,13 @@ pub(crate) async fn get_archive_icon(context: &Context) -> Result<PathBuf> {
    .await
 }

-pub(crate) async fn get_address_contact_icon(context: &Context) -> Result<PathBuf> {
+/// Returns path to the icon
+/// indicating unencrypted chats and address-contacts.
+pub(crate) async fn get_unencrypted_icon(context: &Context) -> Result<PathBuf> {
    get_asset_icon(
        context,
-        "icon-address-contact",
-        include_bytes!("../assets/icon-address-contact.png"),
+        "icon-unencrypted",
+        include_bytes!("../assets/icon-unencrypted.png"),
    )
    .await
 }
@@ -2725,7 +2691,10 @@ impl ChatIdBlocked {
 }

 async fn prepare_msg_blob(context: &Context, msg: &mut Message) -> Result<()> {
-    if msg.viewtype == Viewtype::Text || msg.viewtype == Viewtype::VideochatInvitation {
+    if msg.viewtype == Viewtype::Text
+        || msg.viewtype == Viewtype::VideochatInvitation
+        || msg.viewtype == Viewtype::Call
+    {
        // the caller should check if the message text is empty
    } else if msg.viewtype.has_file() {
        let viewtype_orig = msg.viewtype;
@@ -2947,7 +2916,7 @@ async fn prepare_send_msg(
    let mut chat = Chat::load_from_db(context, chat_id).await?;

    let skip_fn = |reason: &CantSendReason| match reason {
-        CantSendReason::ProtectionBroken | CantSendReason::ContactRequest => {
+        CantSendReason::ContactRequest => {
            // Allow securejoin messages, they are supposed to repair the verification.
            // If the chat is a contact request, let the user accept it later.
            msg.param.get_cmd() == SystemMessage::SecurejoinMessage
@@ -3003,8 +2972,7 @@ async fn prepare_send_msg(
    if !msg.hidden {
        chat_id.unarchive_if_not_muted(context, msg.state).await?;
    }
-    msg.id = chat.prepare_msg_raw(context, msg, update_msg_id).await?;
-    msg.chat_id = chat_id;
+    chat.prepare_msg_raw(context, msg, update_msg_id).await?;

    let row_ids = create_send_msg_jobs(context, msg)
        .await
@@ -3017,6 +2985,10 @@ async fn prepare_send_msg(

 /// Constructs jobs for sending a message and inserts them into the appropriate table.
 ///
+/// Updates the message `GuaranteeE2ee` parameter and persists it
+/// in the database depending on whether the message
+/// is added to the outgoing queue as encrypted or not.
+///
 /// Returns row ids if `smtp` table jobs were created or an empty `Vec` otherwise.
 ///
 /// The caller has to interrupt SMTP loop or otherwise process new rows.
@@ -3028,7 +3000,16 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
    }

    let needs_encryption = msg.param.get_bool(Param::GuaranteeE2ee).unwrap_or_default();
-    let mimefactory = MimeFactory::from_msg(context, msg.clone()).await?;
+    let mimefactory = match MimeFactory::from_msg(context, msg.clone()).await {
+        Ok(mf) => mf,
+        Err(err) => {
+            // Mark message as failed
+            message::set_msg_failed(context, msg, &err.to_string())
+                .await
+                .ok();
+            return Err(err);
+        }
+    };
    let attach_selfavatar = mimefactory.attach_selfavatar;
    let mut recipients = mimefactory.recipients();

@@ -3110,13 +3091,20 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
        }
    }

-    if rendered_msg.is_encrypted && !needs_encryption {
+    if rendered_msg.is_encrypted {
        msg.param.set_int(Param::GuaranteeE2ee, 1);
-        msg.update_param(context).await?;
+    } else {
+        msg.param.remove(Param::GuaranteeE2ee);
    }
-
    msg.subject.clone_from(&rendered_msg.subject);
-    msg.update_subject(context).await?;
+    context
+        .sql
+        .execute(
+            "UPDATE msgs SET subject=?, param=? WHERE id=?",
+            (&msg.subject, msg.param.to_string(), msg.id),
+        )
+        .await?;
+
    let chunk_size = context.get_max_smtp_rcpt_to().await?;
    let trans_fn = |t: &mut rusqlite::Transaction| {
        let mut row_ids = Vec::<i64>::new();
@@ -3181,6 +3169,7 @@ pub async fn send_edit_request(context: &Context, msg_id: MsgId, new_text: Strin
        original_msg.viewtype != Viewtype::VideochatInvitation,
        "Cannot edit videochat invitations"
    );
+    ensure!(original_msg.viewtype != Viewtype::Call, "Cannot edit calls");
    ensure!(
        !original_msg.text.is_empty(), // avoid complexity in UI element changes. focus is typos and rewordings
        "Cannot add text"
@@ -3366,10 +3355,11 @@ pub async fn get_chat_msgs_ex(
        for (ts, curr_id) in sorted_rows {
            if add_daymarker {
                let curr_local_timestamp = ts + cnv_to_local;
-                let curr_day = curr_local_timestamp / 86400;
+                let secs_in_day = 86400;
+                let curr_day = curr_local_timestamp / secs_in_day;
                if curr_day != last_day {
                    ret.push(ChatItem::DayMarker {
-                        timestamp: curr_day * 86400, // Convert day back to Unix timestamp
+                        timestamp: curr_day * secs_in_day - cnv_to_local,
                    });
                    last_day = curr_day;
                }
@@ -3717,8 +3707,13 @@ pub async fn create_group_ex(
    encryption: Option<ProtectionStatus>,
    name: &str,
 ) -> Result<ChatId> {
-    let chat_name = sanitize_single_line(name);
-    ensure!(!chat_name.is_empty(), "Invalid chat name");
+    let mut chat_name = sanitize_single_line(name);
+    if chat_name.is_empty() {
+        // We can't just fail because the user would lose the work already done in the UI like
+        // selecting members.
+        error!(context, "Invalid chat name: {name}.");
+        chat_name = "…".to_string();
+    }

    let grpid = match encryption {
        Some(_) => create_id(),
@@ -3743,11 +3738,19 @@ pub async fn create_group_ex(
    chatlist_events::emit_chatlist_changed(context);
    chatlist_events::emit_chatlist_item_changed(context, chat_id);

-    if encryption == Some(ProtectionStatus::Protected) {
-        let protect = ProtectionStatus::Protected;
-        chat_id
-            .set_protection_for_timestamp_sort(context, protect, timestamp, None)
-            .await?;
+    match encryption {
+        Some(ProtectionStatus::Protected) => {
+            let protect = ProtectionStatus::Protected;
+            chat_id
+                .set_protection_for_timestamp_sort(context, protect, timestamp, None)
+                .await?;
+        }
+        Some(ProtectionStatus::Unprotected) => {
+            // Add "Messages are end-to-end encrypted." message
+            // even to unprotected chats.
+            chat_id.maybe_add_encrypted_msg(context, timestamp).await?;
+        }
+        None => {}
    }

    if !context.get_config_bool(Config::Bot).await?
@@ -4460,13 +4463,13 @@ pub async fn forward_msgs(context: &Context, msg_ids: &[MsgId], chat_id: ChatId)
        msg.state = MessageState::OutPending;
        msg.rfc724_mid = create_outgoing_rfc724_mid();
        msg.timestamp_sort = curr_timestamp;
-        let new_msg_id = chat.prepare_msg_raw(context, &mut msg, None).await?;
+        chat.prepare_msg_raw(context, &mut msg, None).await?;

        curr_timestamp += 1;
        if !create_send_msg_jobs(context, &mut msg).await?.is_empty() {
            context.scheduler.interrupt_smtp().await;
        }
-        created_msgs.push(new_msg_id);
+        created_msgs.push(msg.id);
    }
    for msg_id in created_msgs {
        context.emit_msgs_changed(chat_id, msg_id);
@@ -4523,15 +4526,24 @@ pub(crate) async fn save_copy_in_self_talk(
        bail!("message already saved.");
    }

-    let copy_fields = "from_id, to_id, timestamp_sent, timestamp_rcvd, type, txt, \
-                             mime_modified, mime_headers, mime_compressed, mime_in_reply_to, subject, msgrmsg";
+    let copy_fields = "from_id, to_id, timestamp_rcvd, type, txt,
+                       mime_modified, mime_headers, mime_compressed, mime_in_reply_to, subject, msgrmsg";
    let row_id = context
        .sql
        .insert(
            &format!(
-                "INSERT INTO msgs ({copy_fields}, chat_id, rfc724_mid, state, timestamp, param, starred) \
-                            SELECT {copy_fields}, ?, ?, ?, ?, ?, ? \
-                            FROM msgs WHERE id=?;"
+                "INSERT INTO msgs ({copy_fields},
+                                   timestamp_sent,
+                                   chat_id, rfc724_mid, state, timestamp, param, starred)
+                 SELECT            {copy_fields},
+                                   -- Outgoing messages on originating device
+                                   -- have timestamp_sent == 0.
+                                   -- We copy sort timestamp instead
+                                   -- so UIs display the same timestamp
+                                   -- for saved and original message.
+                                   IIF(timestamp_sent == 0, timestamp, timestamp_sent),
+                                   ?, ?, ?, ?, ?, ?
+                 FROM msgs WHERE id=?;"
            ),
            (
                dest_chat_id,
@@ -4562,18 +4574,9 @@ pub(crate) async fn save_copy_in_self_talk(
 ///
 /// This is primarily intended to make existing webxdcs available to new chat members.
 pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
-    let mut chat_id = None;
    let mut msgs: Vec<Message> = Vec::new();
    for msg_id in msg_ids {
        let msg = Message::load_from_db(context, *msg_id).await?;
-        if let Some(chat_id) = chat_id {
-            ensure!(
-                chat_id == msg.chat_id,
-                "messages to resend needs to be in the same chat"
-            );
-        } else {
-            chat_id = Some(msg.chat_id);
-        }
        ensure!(
            msg.from_id == ContactId::SELF,
            "can resend only own messages"
@@ -4582,16 +4585,7 @@ pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
        msgs.push(msg)
    }

-    let Some(chat_id) = chat_id else {
-        return Ok(());
-    };
-
-    let chat = Chat::load_from_db(context, chat_id).await?;
    for mut msg in msgs {
-        if msg.get_showpadlock() && !chat.is_protected() {
-            msg.param.remove(Param::GuaranteeE2ee);
-            msg.update_param(context).await?;
-        }
        match msg.get_state() {
            // `get_state()` may return an outdated `OutPending`, so update anyway.
            MessageState::OutPending
@@ -4602,16 +4596,21 @@ pub async fn resend_msgs(context: &Context, msg_ids: &[MsgId]) -> Result<()> {
            }
            msg_state => bail!("Unexpected message state {msg_state}"),
        }
+        msg.timestamp_sort = create_smeared_timestamp(context);
+        if create_send_msg_jobs(context, &mut msg).await?.is_empty() {
+            continue;
+        }
+
+        // Emit the event only after `create_send_msg_jobs`
+        // because `create_send_msg_jobs` may change the message
+        // encryption status and call `msg.update_param`.
        context.emit_event(EventType::MsgsChanged {
            chat_id: msg.chat_id,
            msg_id: msg.id,
        });
-        msg.timestamp_sort = create_smeared_timestamp(context);
        // note(treefit): only matters if it is the last message in chat (but probably to expensive to check, debounce also solves it)
        chatlist_events::emit_chatlist_item_changed(context, msg.chat_id);
-        if create_send_msg_jobs(context, &mut msg).await?.is_empty() {
-            continue;
-        }
+
        if msg.viewtype == Viewtype::Webxdc {
            let conn_fn = |conn: &mut rusqlite::Connection| {
                let range = conn.query_row(
--- a/src/chat/chat_tests.rs
+++ b/src/chat/chat_tests.rs
@@ -11,7 +11,9 @@ use crate::test_utils::{
    AVATAR_64x64_BYTES, AVATAR_64x64_DEDUPLICATED, E2EE_INFO_MSGS, TestContext, TestContextManager,
    TimeShiftFalsePositiveNote, sync,
 };
+use crate::tools::SystemTime;
 use pretty_assertions::assert_eq;
+use std::time::Duration;
 use strum::IntoEnumIterator;
 use tokio::fs;

@@ -32,7 +34,7 @@ async fn test_chat_info() {
  "archived": false,
  "param": "",
  "is_sending_locations": false,
-  "color": 35391,
+  "color": 29377,
  "profile_image": {},
  "draft": "",
  "is_muted": false,
@@ -1644,7 +1646,7 @@ async fn test_set_mute_duration() {
 async fn test_add_info_msg() -> Result<()> {
    let t = TestContext::new().await;
    let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "foo").await?;
-    add_info_msg(&t, chat_id, "foo info", 200000).await?;
+    add_info_msg(&t, chat_id, "foo info", time()).await?;

    let msg = t.get_last_msg_in(chat_id).await;
    assert_eq!(msg.get_chat_id(), chat_id);
@@ -1666,7 +1668,7 @@ async fn test_add_info_msg_with_cmd() -> Result<()> {
        chat_id,
        "foo bar info",
        SystemMessage::EphemeralTimerChanged,
-        10000,
+        time(),
        None,
        None,
        None,
@@ -1929,19 +1931,31 @@ async fn test_classic_email_chat() -> Result<()> {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_chat_get_color() -> Result<()> {
    let t = TestContext::new().await;
-    let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "a chat").await?;
+    let chat_id = create_group_ex(&t, None, "a chat").await?;
    let color1 = Chat::load_from_db(&t, chat_id).await?.get_color(&t).await?;
-    assert_eq!(color1, 0x008772);
+    assert_eq!(color1, 0x613dd7);

    // upper-/lowercase makes a difference for the colors, these are different groups
    // (in contrast to email addresses, where upper-/lowercase is ignored in practise)
    let t = TestContext::new().await;
-    let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "A CHAT").await?;
+    let chat_id = create_group_ex(&t, None, "A CHAT").await?;
    let color2 = Chat::load_from_db(&t, chat_id).await?.get_color(&t).await?;
    assert_ne!(color2, color1);
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_chat_get_color_encrypted() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let t = &tcm.alice().await;
+    let chat_id = create_group_ex(t, Some(ProtectionStatus::Unprotected), "a chat").await?;
+    let color1 = Chat::load_from_db(t, chat_id).await?.get_color(t).await?;
+    set_chat_name(t, chat_id, "A CHAT").await?;
+    let color2 = Chat::load_from_db(t, chat_id).await?.get_color(t).await?;
+    assert_eq!(color2, color1);
+    Ok(())
+}
+
 async fn test_sticker(
    filename: &str,
    bytes: &[u8],
@@ -2280,14 +2294,19 @@ async fn test_only_minimal_data_are_forwarded() -> Result<()> {

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_save_msgs() -> Result<()> {
-    let alice = TestContext::new_alice().await;
-    let bob = TestContext::new_bob().await;
+    let mut tcm = TestContextManager::new();
+    let alice = tcm.alice().await;
+    let bob = tcm.bob().await;
    let alice_chat = alice.create_chat(&bob).await;

    let sent = alice.send_text(alice_chat.get_id(), "hi, bob").await;
    let sent_msg = Message::load_from_db(&alice, sent.sender_msg_id).await?;
    assert!(sent_msg.get_saved_msg_id(&alice).await?.is_none());
    assert!(sent_msg.get_original_msg_id(&alice).await?.is_none());
+    let sent_timestamp = sent_msg.get_timestamp();
+    assert!(sent_timestamp > 0);
+
+    SystemTime::shift(Duration::from_secs(60));

    let self_chat = alice.get_self_chat().await;
    save_msgs(&alice, &[sent.sender_msg_id]).await?;
@@ -2305,6 +2324,8 @@ async fn test_save_msgs() -> Result<()> {
    assert_eq!(saved_msg.get_from_id(), ContactId::SELF);
    assert_eq!(saved_msg.get_state(), MessageState::OutDelivered);
    assert_ne!(saved_msg.rfc724_mid(), sent_msg.rfc724_mid());
+    let saved_timestamp = saved_msg.get_timestamp();
+    assert_eq!(saved_timestamp, sent_timestamp);

    let sent_msg = Message::load_from_db(&alice, sent.sender_msg_id).await?;
    assert_eq!(
@@ -3152,6 +3173,30 @@ async fn test_chat_get_encryption_info() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_out_failed_on_all_keys_missing() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    let bob_chat_id = bob
+        .create_group_with_members(ProtectionStatus::Unprotected, "", &[alice, fiona])
+        .await;
+    bob.send_text(bob_chat_id, "Gossiping Fiona's key").await;
+    alice
+        .recv_msg(&bob.send_text(bob_chat_id, "No key gossip").await)
+        .await;
+    SystemTime::shift(Duration::from_secs(60));
+    remove_contact_from_chat(bob, bob_chat_id, ContactId::SELF).await?;
+    let alice_chat_id = alice.recv_msg(&bob.pop_sent_msg().await).await.chat_id;
+    alice_chat_id.accept(alice).await?;
+    let mut msg = Message::new_text("Hi".to_string());
+    send_msg(alice, alice_chat_id, &mut msg).await.ok();
+    assert_eq!(msg.id.get_state(alice).await?, MessageState::OutFailed);
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_get_chat_media() -> Result<()> {
    let t = TestContext::new_alice().await;
@@ -4742,6 +4787,16 @@ async fn test_create_unencrypted_group_chat() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_create_group_invalid_name() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let chat_id = create_group_ex(alice, None, " ").await?;
+    let chat = Chat::load_from_db(alice, chat_id).await?;
+    assert_eq!(chat.get_name(), "…");
+    Ok(())
+}
+
 /// Tests that avatar cannot be set in ad hoc groups.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_no_avatar_in_adhoc_chats() -> Result<()> {
@@ -4772,3 +4827,25 @@ async fn test_no_avatar_in_adhoc_chats() -> Result<()> {

    Ok(())
 }
+
+/// Tests that long group name with non-ASCII characters is correctly received
+/// by other members.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_long_group_name() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    let group_name = "δδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδδ";
+    let alice_chat_id = create_group_chat(alice, ProtectionStatus::Unprotected, group_name).await?;
+    let alice_bob_contact_id = alice.add_or_lookup_contact_id(bob).await;
+    add_contact_to_chat(alice, alice_chat_id, alice_bob_contact_id).await?;
+    let sent = alice
+        .send_text(alice_chat_id, "Hi! I created a group.")
+        .await;
+    let bob_chat_id = bob.recv_msg(&sent).await.chat_id;
+    let bob_chat = Chat::load_from_db(bob, bob_chat_id).await?;
+    assert_eq!(bob_chat.name, group_name);
+
+    Ok(())
+}
--- a/src/chatlist.rs
+++ b/src/chatlist.rs
@@ -245,9 +245,6 @@ impl Chatlist {
                    .collect::<std::result::Result<Vec<_>, _>>()
                    .map_err(Into::into)
                };
-                // Return ProtectionBroken chats also, as that may happen to a verified chat at any
-                // time. It may be confusing if a chat that is normally in the list disappears
-                // suddenly. The UI need to deal with that case anyway.
                context.sql.query_map(
                    "SELECT c.id, c.type, c.param, m.id
                     FROM chats c
@@ -491,6 +488,8 @@ mod tests {
    use crate::stock_str::StockMessage;
    use crate::test_utils::TestContext;
    use crate::test_utils::TestContextManager;
+    use crate::tools::SystemTime;
+    use std::time::Duration;

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_try_load() {
@@ -513,6 +512,8 @@ mod tests {
        assert_eq!(chats.get_chat_id(1).unwrap(), chat_id2);
        assert_eq!(chats.get_chat_id(2).unwrap(), chat_id1);

+        SystemTime::shift(Duration::from_secs(5));
+
        // New drafts are sorted to the top
        // We have to set a draft on the other two messages, too, as
        // chat timestamps are only exact to the second and sorting by timestamp
--- a/src/color.rs
+++ b/src/color.rs
@@ -1,38 +1,39 @@
-//! Implementation of Consistent Color Generation.
+//! Color generation.
 //!
-//! Consistent Color Generation is defined in XEP-0392.
-//!
-//! Color Vision Deficiency correction is not implemented as Delta Chat does not offer
-//! corresponding settings.
-use hsluv::hsluv_to_rgb;
+//! This is similar to Consistent Color Generation defined in XEP-0392,
+//! but uses OKLCh colorspace instead of HSLuv
+//! to ensure that colors have the same lightness.
+use colorutils_rs::{Oklch, Rgb, TransferFunction};
 use sha1::{Digest, Sha1};

 /// Converts an identifier to Hue angle.
-fn str_to_angle(s: &str) -> f64 {
+fn str_to_angle(s: &str) -> f32 {
    let bytes = s.as_bytes();
    let result = Sha1::digest(bytes);
    let checksum: u16 = result.first().map_or(0, |&x| u16::from(x))
        + 256 * result.get(1).map_or(0, |&x| u16::from(x));
-    f64::from(checksum) / 65536.0 * 360.0
+    f32::from(checksum) / 65536.0 * 360.0
 }

 /// Converts RGB tuple to a 24-bit number.
 ///
 /// Returns a 24-bit number with 8 least significant bits corresponding to the blue color and 8
 /// most significant bits corresponding to the red color.
-fn rgb_to_u32((r, g, b): (f64, f64, f64)) -> u32 {
-    let r = ((r * 256.0) as u32).min(255);
-    let g = ((g * 256.0) as u32).min(255);
-    let b = ((b * 256.0) as u32).min(255);
-    65536 * r + 256 * g + b
+fn rgb_to_u32(rgb: Rgb<u8>) -> u32 {
+    65536 * u32::from(rgb.r) + 256 * u32::from(rgb.g) + u32::from(rgb.b)
 }

 /// Converts an identifier to RGB color.
 ///
-/// Saturation is set to maximum (100.0) to make colors distinguishable, and lightness is set to
-/// half (50.0) to make colors suitable both for light and dark theme.
+/// Lightness is set to half (0.5) to make colors suitable both for light and dark theme.
 pub fn str_to_color(s: &str) -> u32 {
-    rgb_to_u32(hsluv_to_rgb((str_to_angle(s), 100.0, 50.0)))
+    let lightness = 0.5;
+    let chroma = 0.22;
+    let angle = str_to_angle(s);
+    let oklch = Oklch::new(lightness, chroma, angle);
+    let rgb = oklch.to_rgb(TransferFunction::Srgb);
+
+    rgb_to_u32(rgb)
 }

 /// Returns color as a "#RRGGBB" `String` where R, G, B are hex digits.
@@ -45,6 +46,7 @@ mod tests {
    use super::*;

    #[test]
+    #[allow(clippy::excessive_precision)]
    fn test_str_to_angle() {
        // Test against test vectors from
        // <https://xmpp.org/extensions/xep-0392.html#testvectors-fullrange-no-cvd>
@@ -57,11 +59,11 @@ mod tests {

    #[test]
    fn test_rgb_to_u32() {
-        assert_eq!(rgb_to_u32((0.0, 0.0, 0.0)), 0);
-        assert_eq!(rgb_to_u32((1.0, 1.0, 1.0)), 0xffffff);
-        assert_eq!(rgb_to_u32((0.0, 0.0, 1.0)), 0x0000ff);
-        assert_eq!(rgb_to_u32((0.0, 1.0, 0.0)), 0x00ff00);
-        assert_eq!(rgb_to_u32((1.0, 0.0, 0.0)), 0xff0000);
-        assert_eq!(rgb_to_u32((1.0, 0.5, 0.0)), 0xff8000);
+        assert_eq!(rgb_to_u32(Rgb::new(0, 0, 0)), 0);
+        assert_eq!(rgb_to_u32(Rgb::new(0xff, 0xff, 0xff)), 0xffffff);
+        assert_eq!(rgb_to_u32(Rgb::new(0, 0, 0xff)), 0x0000ff);
+        assert_eq!(rgb_to_u32(Rgb::new(0, 0xff, 0)), 0x00ff00);
+        assert_eq!(rgb_to_u32(Rgb::new(0xff, 0, 0)), 0xff0000);
+        assert_eq!(rgb_to_u32(Rgb::new(0xff, 0x80, 0)), 0xff8000);
    }
 }
--- a/src/config.rs
+++ b/src/config.rs
@@ -151,10 +151,6 @@ pub enum Config {
    /// setting up a second device, or receiving a sync message.
    BccSelf,

-    /// True if encryption is preferred according to Autocrypt standard.
-    #[strum(props(default = "1"))]
-    E2eeEnabled,
-
    /// True if Message Delivery Notifications (read receipts) should
    /// be sent and requested.
    #[strum(props(default = "1"))]
@@ -417,12 +413,12 @@ pub enum Config {
    #[strum(props(default = "172800"))]
    GossipPeriod,

-    /// Feature flag for verified 1:1 chats; the UI should set it
+    /// Deprecated 2025-07. Feature flag for verified 1:1 chats; the UI should set it
    /// to 1 if it supports verified 1:1 chats.
    /// Regardless of this setting, `chat.is_protected()` returns true while the key is verified,
    /// and when the key changes, an info message is posted into the chat.
    /// 0=Nothing else happens when the key changes.
-    /// 1=After the key changed, `can_send()` returns false and `is_protection_broken()` returns true
+    /// 1=After the key changed, `can_send()` returns false
    /// until `chat_id.accept()` is called.
    #[strum(props(default = "0"))]
    VerifiedOneOnOneChats,
@@ -705,7 +701,6 @@ impl Context {
            Config::Socks5Enabled
            | Config::ProxyEnabled
            | Config::BccSelf
-            | Config::E2eeEnabled
            | Config::MdnsEnabled
            | Config::SentboxWatch
            | Config::MvboxMove
@@ -734,7 +729,7 @@ impl Context {
        Self::check_config(key, value)?;

        let _pause = match key.needs_io_restart() {
-            true => self.scheduler.pause(self.clone()).await?,
+            true => self.scheduler.pause(self).await?,
            _ => Default::default(),
        };
        self.set_config_internal(key, value).await?;
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -95,10 +95,10 @@ pub const DC_GCL_ADDRESS: u32 = 0x04;
 pub(crate) const DC_RESEND_USER_AVATAR_DAYS: i64 = 14;

 // warn about an outdated app after a given number of days.
-// as we use the "provider-db generation date" as reference (that might not be updated very often)
-// and as not all system get speedy updates,
+// reference is the release date.
+// as not all system get speedy updates,
 // do not use too small value that will annoy users checking for nonexistent updates.
-pub(crate) const DC_OUTDATED_WARNING_DAYS: i64 = 365;
+pub(crate) const DC_OUTDATED_WARNING_DAYS: i64 = 183;

 /// messages that should be deleted get this chat_id; the messages are deleted from the working thread later then. This is also needed as rfc724_mid should be preset as long as the message is not deleted on the server (otherwise it is downloaded again)
 pub const DC_CHAT_ID_TRASH: ChatId = ChatId::new(3);
--- a/src/contact.rs
+++ b/src/contact.rs
@@ -21,7 +21,7 @@ use tokio::task;
 use tokio::time::{Duration, timeout};

 use crate::blob::BlobObject;
-use crate::chat::{ChatId, ChatIdBlocked, ProtectionStatus};
+use crate::chat::ChatId;
 use crate::color::str_to_color;
 use crate::config::Config;
 use crate::constants::{self, Blocked, Chattype};
@@ -755,7 +755,19 @@ impl Contact {
        self.is_bot
    }

-    /// Check if an e-mail address belongs to a known and unblocked contact.
+    /// Looks up a known and unblocked contact with a given e-mail address.
+    /// To get a list of all known and unblocked contacts, use contacts_get_contacts().
+    ///
+    ///
+    /// **POTENTIAL SECURITY ISSUE**: If there are multiple contacts with this address
+    /// (e.g. an address-contact and a key-contact),
+    /// this looks up the most recently seen contact,
+    /// i.e. which contact is returned depends on which contact last sent a message.
+    /// If the user just clicked on a mailto: link, then this is the best thing you can do.
+    /// But **DO NOT** internally represent contacts by their email address
+    /// and do not use this function to look them up;
+    /// otherwise this function will sometimes look up the wrong contact.
+    /// Instead, you should internally represent contacts by their ids.
    ///
    /// Known and unblocked contacts will be returned by `get_contacts()`.
    ///
@@ -795,14 +807,28 @@ impl Contact {
            .query_get_value(
                "SELECT id FROM contacts
                 WHERE addr=?1 COLLATE NOCASE
-                 AND fingerprint='' -- Do not lookup key-contacts
-                 AND id>?2 AND origin>=?3 AND (? OR blocked=?)",
+                     AND id>?2 AND origin>=?3 AND (? OR blocked=?)
+                 ORDER BY
+                     (
+                         SELECT COUNT(*) FROM chats c
+                         INNER JOIN chats_contacts cc
+                         ON c.id=cc.chat_id
+                         WHERE c.type=?
+                             AND c.id>?
+                             AND c.blocked=?
+                             AND cc.contact_id=contacts.id
+                     ) DESC,
+                     last_seen DESC, fingerprint DESC
+                 LIMIT 1",
                (
                    &addr_normalized,
                    ContactId::LAST_SPECIAL,
                    min_origin as u32,
                    blocked.is_none(),
-                    blocked.unwrap_or_default(),
+                    blocked.unwrap_or(Blocked::Not),
+                    Chattype::Single,
+                    constants::DC_CHAT_ID_LAST_SPECIAL,
+                    blocked.unwrap_or(Blocked::Not),
                ),
            )
            .await?;
@@ -1538,7 +1564,7 @@ impl Contact {
            return Ok(Some(chat::get_device_icon(context).await?));
        }
        if show_fallback_icon && !self.id.is_special() && !self.is_key_contact() {
-            return Ok(Some(chat::get_address_contact_icon(context).await?));
+            return Ok(Some(chat::get_unencrypted_icon(context).await?));
        }
        if let Some(image_rel) = self.param.get(Param::ProfileImage) {
            if !image_rel.is_empty() {
@@ -1549,11 +1575,16 @@ impl Contact {
    }

    /// Get a color for the contact.
-    /// The color is calculated from the contact's email address
-    /// and can be used for an fallback avatar with white initials
+    /// The color is calculated from the contact's fingerprint (for key-contacts)
+    /// or email address (for address-contacts) and can be used
+    /// for an fallback avatar with white initials
    /// as well as for headlines in bubbles of group chats.
    pub fn get_color(&self) -> u32 {
-        str_to_color(&self.addr.to_lowercase())
+        if let Some(fingerprint) = self.fingerprint() {
+            str_to_color(&fingerprint.hex())
+        } else {
+            str_to_color(&self.addr.to_lowercase())
+        }
    }

    /// Gets the contact's status.
@@ -1619,29 +1650,6 @@ impl Contact {
        }
    }

-    /// Returns if the contact profile title should display a green checkmark.
-    ///
-    /// This generally should be consistent with the 1:1 chat with the contact
-    /// so 1:1 chat with the contact and the contact profile
-    /// either both display the green checkmark or both don't display a green checkmark.
-    ///
-    /// UI often knows beforehand if a chat exists and can also call
-    /// `chat.is_protected()` (if there is a chat)
-    /// or `contact.is_verified()` (if there is no chat) directly.
-    /// This is often easier and also skips some database calls.
-    pub async fn is_profile_verified(&self, context: &Context) -> Result<bool> {
-        let contact_id = self.id;
-
-        if let Some(ChatIdBlocked { id: chat_id, .. }) =
-            ChatIdBlocked::lookup_by_contact(context, contact_id).await?
-        {
-            Ok(chat_id.is_protected(context).await? == ProtectionStatus::Protected)
-        } else {
-            // 1:1 chat does not exist.
-            Ok(self.is_verified(context).await?)
-        }
-    }
-
    /// Returns the number of real (i.e. non-special) contacts in the database.
    pub async fn get_real_cnt(context: &Context) -> Result<usize> {
        if !context.sql.is_open().await {
@@ -1917,16 +1925,21 @@ pub(crate) async fn update_last_seen(
 }

 /// Marks contact `contact_id` as verified by `verifier_id`.
+///
+/// `verifier_id == None` means that the verifier is unknown.
 pub(crate) async fn mark_contact_id_as_verified(
    context: &Context,
    contact_id: ContactId,
-    verifier_id: ContactId,
+    verifier_id: Option<ContactId>,
 ) -> Result<()> {
+    ensure_and_debug_assert_ne!(contact_id, ContactId::SELF,);
    ensure_and_debug_assert_ne!(
-        contact_id,
+        Some(contact_id),
        verifier_id,
        "Contact cannot be verified by self",
    );
+    let by_self = verifier_id == Some(ContactId::SELF);
+    let mut verifier_id = verifier_id.unwrap_or(contact_id);
    context
        .sql
        .transaction(|transaction| {
@@ -1939,20 +1952,33 @@ pub(crate) async fn mark_contact_id_as_verified(
                bail!("Non-key-contact {contact_id} cannot be verified");
            }
            if verifier_id != ContactId::SELF {
-                let verifier_fingerprint: String = transaction.query_row(
-                    "SELECT fingerprint FROM contacts WHERE id=?",
-                    (verifier_id,),
-                    |row| row.get(0),
-                )?;
+                let (verifier_fingerprint, verifier_verifier_id): (String, ContactId) = transaction
+                    .query_row(
+                        "SELECT fingerprint, verifier FROM contacts WHERE id=?",
+                        (verifier_id,),
+                        |row| Ok((row.get(0)?, row.get(1)?)),
+                    )?;
                if verifier_fingerprint.is_empty() {
                    bail!(
                        "Contact {contact_id} cannot be verified by non-key-contact {verifier_id}"
                    );
                }
+                ensure!(
+                    verifier_id == contact_id || verifier_verifier_id != ContactId::UNDEFINED,
+                    "Contact {contact_id} cannot be verified by unverified contact {verifier_id}",
+                );
+                if verifier_verifier_id == verifier_id {
+                    // Avoid introducing incorrect reverse chains: if the verifier itself has an
+                    // unknown verifier, it may be `contact_id` actually (directly or indirectly) on
+                    // the other device (which is needed for getting "verified by unknown contact"
+                    // in the first place).
+                    verifier_id = contact_id;
+                }
            }
            transaction.execute(
-                "UPDATE contacts SET verifier=? WHERE id=?",
-                (verifier_id, contact_id),
+                "UPDATE contacts SET verifier=?1
+                 WHERE id=?2 AND (verifier=0 OR verifier=id OR ?3)",
+                (verifier_id, contact_id, by_self),
            )?;
            Ok(())
        })
--- a/src/contact/contact_tests.rs
+++ b/src/contact/contact_tests.rs
@@ -1,7 +1,7 @@
 use deltachat_contact_tools::{addr_cmp, may_be_valid_addr};

 use super::*;
-use crate::chat::{Chat, get_chat_contacts, send_text_msg};
+use crate::chat::{Chat, ProtectionStatus, get_chat_contacts, send_text_msg};
 use crate::chatlist::Chatlist;
 use crate::receive_imf::receive_imf;
 use crate::test_utils::{self, TestContext, TestContextManager, TimeShiftFalsePositiveNote};
@@ -759,7 +759,7 @@ async fn test_contact_get_color() -> Result<()> {
    let t = TestContext::new().await;
    let contact_id = Contact::create(&t, "name", "name@example.net").await?;
    let color1 = Contact::get_by_id(&t, contact_id).await?.get_color();
-    assert_eq!(color1, 0xA739FF);
+    assert_eq!(color1, 0x4947dc);

    let t = TestContext::new().await;
    let contact_id = Contact::create(&t, "prename name", "name@example.net").await?;
@@ -1035,6 +1035,50 @@ async fn test_was_seen_recently_event() -> Result<()> {
    Ok(())
 }

+async fn test_lookup_id_by_addr_recent_ex(accept_unencrypted_chat: bool) -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let bob = &tcm.bob().await;
+
+    let raw = include_bytes!("../../test-data/message/thunderbird_with_autocrypt.eml");
+    assert!(std::str::from_utf8(raw)?.contains("Date: Thu, 24 Nov 2022 20:05:57 +0100"));
+    let received_msg = receive_imf(bob, raw, false).await?.unwrap();
+    received_msg.chat_id.accept(bob).await?;
+
+    let raw = r#"From: Alice <alice@example.org>
+To: bob@example.net
+Message-ID: message$TIME@example.org
+Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
+Date: Thu, 24 Nov 2022 $TIME +0100
+
+Hi"#
+    .to_string();
+    for (time, is_key_contact) in [("20:05:57", true), ("20:05:58", !accept_unencrypted_chat)] {
+        let raw = raw.replace("$TIME", time);
+        let received_msg = receive_imf(bob, raw.as_bytes(), false).await?.unwrap();
+        if accept_unencrypted_chat {
+            received_msg.chat_id.accept(bob).await?;
+        }
+        let contact_id = Contact::lookup_id_by_addr(bob, "alice@example.org", Origin::Unknown)
+            .await?
+            .unwrap();
+        let contact = Contact::get_by_id(bob, contact_id).await?;
+        assert_eq!(contact.is_key_contact(), is_key_contact);
+    }
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_lookup_id_by_addr_recent() -> Result<()> {
+    let accept_unencrypted_chat = true;
+    test_lookup_id_by_addr_recent_ex(accept_unencrypted_chat).await
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_lookup_id_by_addr_recent_accepted() -> Result<()> {
+    let accept_unencrypted_chat = false;
+    test_lookup_id_by_addr_recent_ex(accept_unencrypted_chat).await
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_verified_by_none() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -1072,6 +1116,7 @@ async fn test_sync_create() -> Result<()> {
            .unwrap();
    let a1b_contact = Contact::get_by_id(alice1, a1b_contact_id).await?;
    assert_eq!(a1b_contact.name, "Bob");
+    assert_eq!(a1b_contact.is_key_contact(), false);

    Contact::create(alice0, "Bob Renamed", "bob@example.net").await?;
    test_utils::sync(alice0, alice1).await;
@@ -1081,6 +1126,7 @@ async fn test_sync_create() -> Result<()> {
    assert_eq!(id, a1b_contact_id);
    let a1b_contact = Contact::get_by_id(alice1, a1b_contact_id).await?;
    assert_eq!(a1b_contact.name, "Bob Renamed");
+    assert_eq!(a1b_contact.is_key_contact(), false);

    Ok(())
 }
@@ -1256,7 +1302,6 @@ async fn test_self_is_verified() -> Result<()> {

    let contact = Contact::get_by_id(&alice, ContactId::SELF).await?;
    assert_eq!(contact.is_verified(&alice).await?, true);
-    assert!(contact.is_profile_verified(&alice).await?);
    assert!(contact.get_verifier_id(&alice).await?.is_none());
    assert!(contact.is_key_contact());

--- a/src/context.rs
+++ b/src/context.rs
@@ -34,7 +34,7 @@ use crate::param::{Param, Params};
 use crate::peer_channels::Iroh;
 use crate::push::PushSubscriber;
 use crate::quota::QuotaInfo;
-use crate::scheduler::{SchedulerState, convert_folder_meaning};
+use crate::scheduler::{ConnectivityStore, SchedulerState, convert_folder_meaning};
 use crate::sql::Sql;
 use crate::stock_str::StockStrings;
 use crate::timesmearing::SmearedTimestamp;
@@ -304,6 +304,10 @@ pub struct InnerContext {
    /// tokio::sync::OnceCell would be possible to use, but overkill for our usecase;
    /// the standard library's OnceLock is enough, and it's a lot smaller in memory.
    pub(crate) self_fingerprint: OnceLock<String>,
+
+    /// `Connectivity` values for mailboxes, unordered. Used to compute the aggregate connectivity,
+    /// see [`Context::get_connectivity()`].
+    pub(crate) connectivities: parking_lot::Mutex<Vec<ConnectivityStore>>,
 }

 /// The state of ongoing process.
@@ -333,6 +337,15 @@ impl Default for RunningState {
 /// about the context on top of the information here.
 pub fn get_info() -> BTreeMap<&'static str, String> {
    let mut res = BTreeMap::new();
+
+    #[cfg(debug_assertions)]
+    res.insert(
+        "debug_assertions",
+        "On - DO NOT RELEASE THIS BUILD".to_string(),
+    );
+    #[cfg(not(debug_assertions))]
+    res.insert("debug_assertions", "Off".to_string());
+
    res.insert("deltachat_core_version", format!("v{}", &*DC_VERSION_STR));
    res.insert("sqlite_version", rusqlite::version().to_string());
    res.insert("arch", (std::mem::size_of::<usize>() * 8).to_string());
@@ -464,6 +477,7 @@ impl Context {
            push_subscribed: AtomicBool::new(false),
            iroh: Arc::new(RwLock::new(None)),
            self_fingerprint: OnceLock::new(),
+            connectivities: parking_lot::Mutex::new(Vec::new()),
        };

        let ctx = Context {
@@ -493,7 +507,7 @@ impl Context {
        // Now, some configs may have changed, so, we need to invalidate the cache.
        self.sql.config_cache.write().await.clear();

-        self.scheduler.start(self.clone()).await;
+        self.scheduler.start(self).await;
    }

    /// Stops the IO scheduler.
@@ -570,7 +584,7 @@ impl Context {
        } else {
            // Pause the scheduler to ensure another connection does not start
            // while we are fetching on a dedicated connection.
-            let _pause_guard = self.scheduler.pause(self.clone()).await?;
+            let _pause_guard = self.scheduler.pause(self).await?;

            // Start a new dedicated connection.
            let mut connection = Imap::new_configured(self, channel::bounded(1).1).await?;
@@ -819,7 +833,6 @@ impl Context {
            .query_get_value("PRAGMA journal_mode;", ())
            .await?
            .unwrap_or_else(|| "unknown".to_string());
-        let e2ee_enabled = self.get_config_int(Config::E2eeEnabled).await?;
        let mdns_enabled = self.get_config_int(Config::MdnsEnabled).await?;
        let bcc_self = self.get_config_int(Config::BccSelf).await?;
        let sync_msgs = self.get_config_int(Config::SyncMsgs).await?;
@@ -953,7 +966,6 @@ impl Context {
        res.insert("configured_mvbox_folder", configured_mvbox_folder);
        res.insert("configured_trash_folder", configured_trash_folder);
        res.insert("mdns_enabled", mdns_enabled.to_string());
-        res.insert("e2ee_enabled", e2ee_enabled.to_string());
        res.insert("bcc_self", bcc_self.to_string());
        res.insert("sync_msgs", sync_msgs.to_string());
        res.insert("disable_idle", disable_idle.to_string());
@@ -1043,7 +1055,7 @@ impl Context {
            self.get_config_int(Config::GossipPeriod).await?.to_string(),
        );
        res.insert(
-            "verified_one_on_one_chats",
+            "verified_one_on_one_chats", // deprecated 2025-07
            self.get_config_bool(Config::VerifiedOneOnOneChats)
                .await?
                .to_string(),
@@ -1078,7 +1090,6 @@ impl Context {
        #[derive(Default)]
        struct ChatNumbers {
            protected: u32,
-            protection_broken: u32,
            opportunistic_dc: u32,
            opportunistic_mua: u32,
            unencrypted_dc: u32,
@@ -1114,7 +1125,6 @@ impl Context {

        // how many of the chats active in the last months are:
        // - protected
-        // - protection-broken
        // - opportunistic-encrypted and the contact uses Delta Chat
        // - opportunistic-encrypted and the contact uses a classical MUA
        // - unencrypted and the contact uses Delta Chat
@@ -1157,8 +1167,6 @@ impl Context {

                        if protected == ProtectionStatus::Protected {
                            chats.protected += 1;
-                        } else if protected == ProtectionStatus::ProtectionBroken {
-                            chats.protection_broken += 1;
                        } else if encrypted {
                            if is_dc_message {
                                chats.opportunistic_dc += 1;
@@ -1176,7 +1184,6 @@ impl Context {
            )
            .await?;
        res += &format!("chats_protected {}\n", chats.protected);
-        res += &format!("chats_protection_broken {}\n", chats.protection_broken);
        res += &format!("chats_opportunistic_dc {}\n", chats.opportunistic_dc);
        res += &format!("chats_opportunistic_mua {}\n", chats.opportunistic_mua);
        res += &format!("chats_unencrypted_dc {}\n", chats.unencrypted_dc);
@@ -1206,7 +1213,7 @@ impl Context {
            .await?
            .first()
            .context("Self reporting bot vCard does not contain a contact")?;
-        mark_contact_id_as_verified(self, contact_id, ContactId::SELF).await?;
+        mark_contact_id_as_verified(self, contact_id, Some(ContactId::SELF)).await?;

        let chat_id = ChatId::create_for_contact(self, contact_id).await?;
        chat_id
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -4,10 +4,8 @@ use std::io::Cursor;

 use anyhow::Result;
 use mail_builder::mime::MimePart;
-use num_traits::FromPrimitive;

 use crate::aheader::{Aheader, EncryptPreference};
-use crate::config::Config;
 use crate::context::Context;
 use crate::key::{SignedPublicKey, load_self_public_key, load_self_secret_key};
 use crate::pgp;
@@ -21,9 +19,7 @@ pub struct EncryptHelper {

 impl EncryptHelper {
    pub async fn new(context: &Context) -> Result<EncryptHelper> {
-        let prefer_encrypt =
-            EncryptPreference::from_i32(context.get_config_int(Config::E2eeEnabled).await?)
-                .unwrap_or_default();
+        let prefer_encrypt = EncryptPreference::Mutual;
        let addr = context.get_primary_self_addr().await?;
        let public_key = load_self_public_key(context).await?;

@@ -35,9 +31,12 @@ impl EncryptHelper {
    }

    pub fn get_aheader(&self) -> Aheader {
-        let pk = self.public_key.clone();
-        let addr = self.addr.to_string();
-        Aheader::new(addr, pk, self.prefer_encrypt)
+        Aheader {
+            addr: self.addr.clone(),
+            public_key: self.public_key.clone(),
+            prefer_encrypt: self.prefer_encrypt,
+            verified: false,
+        }
    }

    /// Tries to encrypt the passed in `mail`.
--- a/src/ephemeral.rs
+++ b/src/ephemeral.rs
@@ -277,6 +277,7 @@ pub(crate) async fn stock_ephemeral_timer_changed(
                .await
            }
            604_800 => stock_str::msg_ephemeral_timer_week(context, from_id).await,
+            31_536_000..=31_708_800 => stock_str::msg_ephemeral_timer_year(context, from_id).await,
            _ => {
                stock_str::msg_ephemeral_timer_weeks(
                    context,
--- a/src/ephemeral/ephemeral_tests.rs
+++ b/src/ephemeral/ephemeral_tests.rs
@@ -128,31 +128,33 @@ async fn test_stock_ephemeral_messages() {
 /// Test enabling and disabling ephemeral timer remotely.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_ephemeral_enable_disable() -> Result<()> {
-    let alice = TestContext::new_alice().await;
-    let bob = TestContext::new_bob().await;
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;

-    let chat_alice = alice.create_chat(&bob).await.id;
-    let chat_bob = bob.create_chat(&alice).await.id;
+    let chat_alice = alice.create_chat(bob).await.id;
+    let chat_bob = bob.create_chat(alice).await.id;

    chat_alice
-        .set_ephemeral_timer(&alice.ctx, Timer::Enabled { duration: 60 })
+        .set_ephemeral_timer(alice, Timer::Enabled { duration: 60 })
        .await?;
    let sent = alice.pop_sent_msg().await;
-    bob.recv_msg(&sent).await;
+    let bob_received_message = bob.recv_msg(&sent).await;
    assert_eq!(
-        chat_bob.get_ephemeral_timer(&bob.ctx).await?,
+        bob_received_message.text,
+        "Message deletion timer is set to 1 minute by alice@example.org."
+    );
+    assert_eq!(
+        chat_bob.get_ephemeral_timer(bob).await?,
        Timer::Enabled { duration: 60 }
    );

    chat_alice
-        .set_ephemeral_timer(&alice.ctx, Timer::Disabled)
+        .set_ephemeral_timer(alice, Timer::Disabled)
        .await?;
    let sent = alice.pop_sent_msg().await;
    bob.recv_msg(&sent).await;
-    assert_eq!(
-        chat_bob.get_ephemeral_timer(&bob.ctx).await?,
-        Timer::Disabled
-    );
+    assert_eq!(chat_bob.get_ephemeral_timer(bob).await?, Timer::Disabled);

    Ok(())
 }
--- a/src/events/payload.rs
+++ b/src/events/payload.rs
@@ -5,6 +5,7 @@ use std::path::PathBuf;

 use crate::chat::ChatId;
 use crate::config::Config;
+use crate::constants::Chattype;
 use crate::contact::ContactId;
 use crate::ephemeral::Timer as EphemeralTimer;
 use crate::message::MsgId;
@@ -272,9 +273,12 @@ pub enum EventType {
        /// ID of the contact that wants to join.
        contact_id: ContactId,

+        /// The type of the joined chat.
+        chat_type: Chattype,
+
        /// Progress as:
        /// 300=vg-/vc-request received, typically shown as "bob@addr joins".
-        /// 600=vg-/vc-request-with-auth received, vg-member-added/vc-contact-confirm sent, typically shown as "bob@addr verified".
+        /// 600=vg-/vc-request-with-auth received and verified, typically shown as "bob@addr verified".
        /// 800=contact added to chat, shown as "bob@addr securely joined GROUP". Only for the verified-group-protocol.
        /// 1000=Protocol finished for this contact.
        progress: usize,
@@ -376,6 +380,34 @@ pub enum EventType {
    /// This event is emitted from the account whose property changed.
    AccountsItemChanged,

+    /// Incoming call.
+    IncomingCall {
+        /// ID of the message referring to the call.
+        msg_id: MsgId,
+        /// User-defined info as passed to place_outgoing_call()
+        place_call_info: String,
+    },
+
+    /// Incoming call accepted.
+    IncomingCallAccepted {
+        /// ID of the message referring to the call.
+        msg_id: MsgId,
+    },
+
+    /// Outgoing call accepted.
+    OutgoingCallAccepted {
+        /// ID of the message referring to the call.
+        msg_id: MsgId,
+        /// User-defined info as passed to accept_incoming_call()
+        accept_call_info: String,
+    },
+
+    /// Call ended.
+    CallEnded {
+        /// ID of the message referring to the call.
+        msg_id: MsgId,
+    },
+
    /// Event for using in tests, e.g. as a fence between normally generated events.
    #[cfg(test)]
    Test,
--- a/src/headerdef.rs
+++ b/src/headerdef.rs
@@ -86,6 +86,7 @@ pub enum HeaderDef {

    ChatDispositionNotificationTo,
    ChatWebrtcRoom,
+    ChatWebrtcAccepted,

    /// This message deletes the messages listed in the value by rfc724_mid.
    ChatDelete,
--- a/src/imap.rs
+++ b/src/imap.rs
@@ -17,7 +17,7 @@ use anyhow::{Context as _, Result, bail, ensure, format_err};
 use async_channel::{self, Receiver, Sender};
 use async_imap::types::{Fetch, Flag, Name, NameAttribute, UnsolicitedResponse};
 use deltachat_contact_tools::ContactAddress;
-use futures::{FutureExt as _, StreamExt, TryStreamExt};
+use futures::{FutureExt as _, TryStreamExt};
 use futures_lite::FutureExt;
 use num_traits::FromPrimitive;
 use rand::Rng;
@@ -325,7 +325,7 @@ impl Imap {
        }

        info!(context, "Connecting to IMAP server.");
-        self.connectivity.set_connecting(context).await;
+        self.connectivity.set_connecting(context);

        self.conn_last_try = tools::Time::now();
        const BACKOFF_MIN_MS: u64 = 2000;
@@ -408,7 +408,7 @@ impl Imap {
                        "IMAP-LOGIN as {}",
                        lp.user
                    )));
-                    self.connectivity.set_preparing(context).await;
+                    self.connectivity.set_preparing(context);
                    info!(context, "Successfully logged into IMAP server.");
                    return Ok(session);
                }
@@ -466,7 +466,7 @@ impl Imap {
        let mut session = match self.connect(context, configuring).await {
            Ok(session) => session,
            Err(err) => {
-                self.connectivity.set_err(context, &err).await;
+                self.connectivity.set_err(context, &err);
                return Err(err);
            }
        };
@@ -692,7 +692,7 @@ impl Imap {
        }

        if !uids_fetch.is_empty() {
-            self.connectivity.set_working(context).await;
+            self.connectivity.set_working(context);
        }

        let (sender, receiver) = async_channel::unbounded();
@@ -1384,14 +1384,15 @@ impl Session {

                // Try to find a requested UID in returned FETCH responses.
                while fetch_response.is_none() {
-                    let Some(next_fetch_response) = fetch_responses.next().await else {
+                    let Some(next_fetch_response) = fetch_responses
+                        .try_next()
+                        .await
+                        .context("Failed to process IMAP FETCH result")?
+                    else {
                        // No more FETCH responses received from the server.
                        break;
                    };

-                    let next_fetch_response =
-                        next_fetch_response.context("Failed to process IMAP FETCH result")?;
-
                    if let Some(next_uid) = next_fetch_response.uid {
                        if next_uid == request_uid {
                            fetch_response = Some(next_fetch_response);
@@ -1491,7 +1492,16 @@ impl Session {

            // If we don't process the whole response, IMAP client is left in a broken state where
            // it will try to process the rest of response as the next response.
-            while fetch_responses.next().await.is_some() {}
+            //
+            // Make sure to not ignore the errors, because
+            // if connection times out, it will return
+            // infinite stream of `Some(Err(_))` results.
+            while fetch_responses
+                .try_next()
+                .await
+                .context("Failed to drain FETCH responses")?
+                .is_some()
+            {}

            if count != request_uids.len() {
                warn!(
@@ -1688,7 +1698,7 @@ impl Session {
            .uid_store(uid_set, &query)
            .await
            .with_context(|| format!("IMAP failed to store: ({uid_set}, {query})"))?;
-        while let Some(_response) = responses.next().await {
+        while let Some(_response) = responses.try_next().await? {
            // Read all the responses
        }
        Ok(())
@@ -2238,11 +2248,16 @@ pub(crate) async fn prefetch_should_download(
    message_id: &str,
    mut flags: impl Iterator<Item = Flag<'_>>,
 ) -> Result<bool> {
-    if message::rfc724_mid_exists(context, message_id)
-        .await?
-        .is_some()
+    if let Some((.., seen)) = message::rfc724_mid_exists_ex(
+        context,
+        message_id,
+        "state>=16", // `InSeen`
+    )
+    .await?
    {
-        markseen_on_imap_table(context, message_id).await?;
+        if seen {
+            markseen_on_imap_table(context, message_id).await?;
+        }
        return Ok(false);
    }

@@ -2387,6 +2402,11 @@ async fn mark_seen_by_uid(
 /// Schedule marking the message as Seen on IMAP by adding all known IMAP messages corresponding to
 /// the given Message-ID to `imap_markseen` table.
 pub(crate) async fn markseen_on_imap_table(context: &Context, message_id: &str) -> Result<()> {
+    if !context.get_config_bool(Config::BccSelf).await?
+        || context.get_config_bool(Config::Bot).await?
+    {
+        return Ok(());
+    }
    context
        .sql
        .execute(
--- a/src/imap/client.rs
+++ b/src/imap/client.rs
@@ -216,8 +216,8 @@ impl Client {
        let mut client = Client::new(session_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        Ok(client)
    }

@@ -231,8 +231,8 @@ impl Client {
        let mut client = Client::new(session_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        Ok(client)
    }

@@ -253,8 +253,8 @@ impl Client {
        let mut client = async_imap::Client::new(buffered_tcp_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        client
            .run_command_and_check_ok("STARTTLS", None)
            .await
@@ -287,8 +287,8 @@ impl Client {
        let mut client = Client::new(session_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        Ok(client)
    }

@@ -304,8 +304,8 @@ impl Client {
        let mut client = Client::new(session_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        Ok(client)
    }

@@ -325,8 +325,8 @@ impl Client {
        let mut client = ImapClient::new(buffered_proxy_stream);
        let _greeting = client
            .read_response()
-            .await
-            .context("failed to read greeting")??;
+            .await?
+            .context("Failed to read greeting")?;
        client
            .run_command_and_check_ok("STARTTLS", None)
            .await
--- a/src/imex.rs
+++ b/src/imex.rs
@@ -90,7 +90,7 @@ pub async fn imex(
    let cancel = context.alloc_ongoing().await?;

    let res = {
-        let _guard = context.scheduler.pause(context.clone()).await?;
+        let _guard = context.scheduler.pause(context).await?;
        imex_inner(context, what, path, passphrase)
            .race(async {
                cancel.recv().await.ok();
@@ -140,32 +140,8 @@ pub async fn has_backup(_context: &Context, dir_name: &Path) -> Result<String> {
 }

 async fn set_self_key(context: &Context, armored: &str) -> Result<()> {
-    // try hard to only modify key-state
-    let (private_key, header) = SignedSecretKey::from_asc(armored)?;
+    let private_key = SignedSecretKey::from_asc(armored)?;
    let public_key = private_key.split_public_key()?;
-    if let Some(preferencrypt) = header.get("Autocrypt-Prefer-Encrypt") {
-        let e2ee_enabled = match preferencrypt.as_str() {
-            "nopreference" => 0,
-            "mutual" => 1,
-            _ => {
-                bail!("invalid Autocrypt-Prefer-Encrypt header: {:?}", header);
-            }
-        };
-        context
-            .sql
-            .set_raw_config_int("e2ee_enabled", e2ee_enabled)
-            .await?;
-    } else {
-        // `Autocrypt-Prefer-Encrypt` is not included
-        // in keys exported to file.
-        //
-        // `Autocrypt-Prefer-Encrypt` also SHOULD be sent
-        // in Autocrypt Setup Message according to Autocrypt specification,
-        // but K-9 6.802 does not include this header.
-        //
-        // We keep current setting in this case.
-        info!(context, "No Autocrypt-Prefer-Encrypt header.");
-    };

    let keypair = pgp::KeyPair {
        public: public_key,
@@ -804,7 +780,7 @@ async fn export_database(
                "UPDATE backup.config SET value='0' WHERE keyname='verified_one_on_one_chats';",
                [],
            )
-            .ok(); // If verified_one_on_one_chats was not set, this errors, which we ignore
+            .ok(); // Deprecated 2025-07. If verified_one_on_one_chats was not set, this errors, which we ignore
            conn.execute("DETACH DATABASE backup", [])
                .context("failed to detach backup database")?;
            res?;
--- a/src/imex/key_transfer.rs
+++ b/src/imex/key_transfer.rs
@@ -93,10 +93,7 @@ pub async fn render_setup_file(context: &Context, passphrase: &str) -> Result<St
        bail!("Passphrase must be at least 2 chars long.");
    };
    let private_key = load_self_secret_key(context).await?;
-    let ac_headers = match context.get_config_bool(Config::E2eeEnabled).await? {
-        false => None,
-        true => Some(("Autocrypt-Prefer-Encrypt", "mutual")),
-    };
+    let ac_headers = Some(("Autocrypt-Prefer-Encrypt", "mutual"));
    let private_key_asc = private_key.to_asc(ac_headers);
    let encr = pgp::symm_encrypt(passphrase, private_key_asc.into_bytes())
        .await?
--- a/src/imex/transfer.rs
+++ b/src/imex/transfer.rs
@@ -105,7 +105,7 @@ impl BackupProvider {

        // Acquire global "ongoing" mutex.
        let cancel_token = context.alloc_ongoing().await?;
-        let paused_guard = context.scheduler.pause(context.clone()).await?;
+        let paused_guard = context.scheduler.pause(context).await?;
        let context_dir = context
            .get_blobdir()
            .parent()
@@ -250,7 +250,7 @@ impl BackupProvider {
                                Err(format_err!("Backup provider dropped"))
                            }
                        ).await {
-                            warn!(context, "Error while handling backup connection: {err:#}.");
+                            error!(context, "Error while handling backup connection: {err:#}.");
                            context.emit_event(EventType::ImexProgress(0));
                            break;
                        } else {
@@ -367,7 +367,8 @@ pub async fn get_backup(context: &Context, qr: Qr) -> Result<()> {
                    Err(format_err!("Backup reception cancelled"))
                })
                .await;
-            if res.is_err() {
+            if let Err(ref res) = res {
+                error!(context, "{:#}", res);
                context.emit_event(EventType::ImexProgress(0));
            }
            context.free_ongoing().await;
--- a/src/key.rs
+++ b/src/key.rs
@@ -71,31 +71,17 @@ pub(crate) trait DcKey: Serialize + Deserializable + Clone {
    }

    /// Create a key from an ASCII-armored string.
-    ///
-    /// Returns the key and a map of any headers which might have been set in
-    /// the ASCII-armored representation.
-    fn from_asc(data: &str) -> Result<(Self, BTreeMap<String, String>)> {
+    fn from_asc(data: &str) -> Result<Self> {
        let bytes = data.as_bytes();
        let res = Self::from_armor_single(Cursor::new(bytes));
-        let (key, headers) = match res {
+        let (key, _headers) = match res {
            Err(pgp::errors::Error::NoMatchingPacket { .. }) => match Self::is_private() {
                true => bail!("No private key packet found"),
                false => bail!("No public key packet found"),
            },
            _ => res.context("rPGP error")?,
        };
-        let headers = headers
-            .into_iter()
-            .map(|(key, values)| {
-                (
-                    key.trim().to_lowercase(),
-                    values
-                        .last()
-                        .map_or_else(String::new, |s| s.trim().to_string()),
-                )
-            })
-            .collect();
-        Ok((key, headers))
+        Ok(key)
    }

    /// Serialise the key as bytes.
@@ -446,7 +432,7 @@ pub(crate) async fn store_self_keypair(context: &Context, keypair: &KeyPair) ->
 /// to avoid generating the key in tests.
 /// Use import/export APIs instead.
 pub async fn preconfigure_keypair(context: &Context, secret_data: &str) -> Result<()> {
-    let secret = SignedSecretKey::from_asc(secret_data)?.0;
+    let secret = SignedSecretKey::from_asc(secret_data)?;
    let public = secret.split_public_key()?;
    let keypair = KeyPair { public, secret };
    store_self_keypair(context, &keypair).await?;
@@ -532,7 +518,7 @@ mod tests {

    #[test]
    fn test_from_armored_string() {
-        let (private_key, _) = SignedSecretKey::from_asc(
+        let private_key = SignedSecretKey::from_asc(
            "-----BEGIN PGP PRIVATE KEY BLOCK-----

 xcLYBF0fgz4BCADnRUV52V4xhSsU56ZaAn3+3oG86MZhXy4X8w14WZZDf0VJGeTh
@@ -600,17 +586,13 @@ i8pcjGO+IZffvyZJVRWfVooBJmWWbPB1pueo3tx8w3+fcuzpxz+RLFKaPyqXO+dD
    fn test_asc_roundtrip() {
        let key = KEYPAIR.public.clone();
        let asc = key.to_asc(Some(("spam", "ham")));
-        let (key2, hdrs) = SignedPublicKey::from_asc(&asc).unwrap();
+        let key2 = SignedPublicKey::from_asc(&asc).unwrap();
        assert_eq!(key, key2);
-        assert_eq!(hdrs.len(), 1);
-        assert_eq!(hdrs.get("spam"), Some(&String::from("ham")));

        let key = KEYPAIR.secret.clone();
        let asc = key.to_asc(Some(("spam", "ham")));
-        let (key2, hdrs) = SignedSecretKey::from_asc(&asc).unwrap();
+        let key2 = SignedSecretKey::from_asc(&asc).unwrap();
        assert_eq!(key, key2);
-        assert_eq!(hdrs.len(), 1);
-        assert_eq!(hdrs.get("spam"), Some(&String::from("ham")));
    }

    #[test]
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -53,6 +53,7 @@ pub use events::*;

 mod aheader;
 pub mod blob;
+pub mod calls;
 pub mod chat;
 pub mod chatlist;
 pub mod config;
--- a/src/message.rs
+++ b/src/message.rs
@@ -973,6 +973,8 @@ impl Message {
            | SystemMessage::WebxdcStatusUpdate
            | SystemMessage::WebxdcInfoMessage
            | SystemMessage::IrohNodeAddr
+            | SystemMessage::CallAccepted
+            | SystemMessage::CallEnded
            | SystemMessage::Unknown => Ok(None),
        }
    }
@@ -1366,17 +1368,6 @@ impl Message {
        Ok(())
    }

-    pub(crate) async fn update_subject(&self, context: &Context) -> Result<()> {
-        context
-            .sql
-            .execute(
-                "UPDATE msgs SET subject=? WHERE id=?;",
-                (&self.subject, self.id),
-            )
-            .await?;
-        Ok(())
-    }
-
    /// Gets the error status of the message.
    ///
    /// A message can have an associated error status if something went wrong when sending or
@@ -2287,6 +2278,9 @@ pub enum Viewtype {
    /// Message is an invitation to a videochat.
    VideochatInvitation = 70,

+    /// Message is an incoming or outgoing call.
+    Call = 71,
+
    /// Message is an webxdc instance.
    Webxdc = 80,

@@ -2310,6 +2304,7 @@ impl Viewtype {
            Viewtype::Video => true,
            Viewtype::File => true,
            Viewtype::VideochatInvitation => false,
+            Viewtype::Call => false,
            Viewtype::Webxdc => true,
            Viewtype::Vcard => true,
        }
--- a/src/message/message_tests.rs
+++ b/src/message/message_tests.rs
@@ -808,3 +808,22 @@ async fn test_sanitize_filename_message() -> Result<()> {

    Ok(())
 }
+
+/// Tests that empty file can be sent and received.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_send_empty_file() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    let alice_chat = alice.create_chat(bob).await;
+    let mut msg = Message::new(Viewtype::File);
+    msg.set_file_from_bytes(alice, "myfile", b"", None)?;
+    chat::send_msg(alice, alice_chat.id, &mut msg).await?;
+    let sent = alice.pop_sent_msg().await;
+
+    let bob_received_msg = bob.recv_msg(&sent).await;
+    assert_eq!(bob_received_msg.get_filename().unwrap(), "myfile");
+    assert_eq!(bob_received_msg.get_viewtype(), Viewtype::File);
+    Ok(())
+}
--- a/src/mimefactory.rs
+++ b/src/mimefactory.rs
@@ -5,7 +5,9 @@ use std::io::Cursor;

 use anyhow::{Context as _, Result, bail, ensure};
 use base64::Engine as _;
+use data_encoding::BASE32_NOPAD;
 use deltachat_contact_tools::sanitize_bidi_characters;
+use iroh_gossip::proto::TopicId;
 use mail_builder::headers::HeaderType;
 use mail_builder::headers::address::{Address, EmailAddress};
 use mail_builder::mime::MimePart;
@@ -22,14 +24,14 @@ use crate::context::Context;
 use crate::e2ee::EncryptHelper;
 use crate::ensure_and_debug_assert;
 use crate::ephemeral::Timer as EphemeralTimer;
-use crate::key::self_fingerprint;
-use crate::key::{DcKey, SignedPublicKey};
+use crate::headerdef::HeaderDef;
+use crate::key::{DcKey, SignedPublicKey, self_fingerprint};
 use crate::location;
 use crate::log::{info, warn};
 use crate::message::{Message, MsgId, Viewtype};
 use crate::mimeparser::{SystemMessage, is_hidden};
 use crate::param::Param;
-use crate::peer_channels::create_iroh_header;
+use crate::peer_channels::{create_iroh_header, get_iroh_topic_for_msg};
 use crate::simplify::escape_message_footer_marks;
 use crate::stock_str;
 use crate::tools::{
@@ -140,6 +142,9 @@ pub struct MimeFactory {

    /// True if the avatar should be attached.
    pub attach_selfavatar: bool,
+
+    /// This field is used to sustain the topic id of webxdcs needed for peer channels.
+    webxdc_topic: Option<TopicId>,
 }

 /// Result of rendering a message, ready to be submitted to a send job.
@@ -248,6 +253,10 @@ impl MimeFactory {
            let mut missing_key_addresses = BTreeSet::new();
            context
                .sql
+                // Sort recipients by `add_timestamp DESC` so that if the group is large and there
+                // are multiple SMTP messages, a newly added member receives the member addition
+                // message earlier and has gossiped keys of other members (otherwise the new member
+                // may receive messages from other members earlier and fail to verify them).
                .query_map(
                    "SELECT
                     c.authname,
@@ -261,7 +270,8 @@ impl MimeFactory {
                     LEFT JOIN contacts c ON cc.contact_id=c.id
                     LEFT JOIN public_keys k ON k.fingerprint=c.fingerprint
                     WHERE cc.chat_id=?
-                     AND (cc.contact_id>9 OR (cc.contact_id=1 AND ?))",
+                     AND (cc.contact_id>9 OR (cc.contact_id=1 AND ?))
+                     ORDER BY cc.add_timestamp DESC",
                    (msg.chat_id, chat.typ == Chattype::Group),
                    |row| {
                        let authname: String = row.get(0)?;
@@ -460,7 +470,7 @@ impl MimeFactory {
            past_members.len(),
            member_timestamps.len(),
        );
-
+        let webxdc_topic = get_iroh_topic_for_msg(context, msg.id).await?;
        let factory = MimeFactory {
            from_addr,
            from_displayname,
@@ -480,6 +490,7 @@ impl MimeFactory {
            last_added_location_id: None,
            sync_ids_to_delete: None,
            attach_selfavatar,
+            webxdc_topic,
        };
        Ok(factory)
    }
@@ -527,6 +538,7 @@ impl MimeFactory {
            last_added_location_id: None,
            sync_ids_to_delete: None,
            attach_selfavatar: false,
+            webxdc_topic: None,
        };

        Ok(res)
@@ -1080,13 +1092,14 @@ impl MimeFactory {
                                continue;
                            }

-                            let header = Aheader::new(
-                                addr.clone(),
-                                key.clone(),
+                            let header = Aheader {
+                                addr: addr.clone(),
+                                public_key: key.clone(),
                                // Autocrypt 1.1.0 specification says that
                                // `prefer-encrypt` attribute SHOULD NOT be included.
-                                EncryptPreference::NoPreference,
-                            )
+                                prefer_encrypt: EncryptPreference::NoPreference,
+                                verified: false,
+                            }
                            .to_string();

                            message = message.header(
@@ -1510,7 +1523,7 @@ impl MimeFactory {
            }
            SystemMessage::IrohNodeAddr => {
                headers.push((
-                    "Iroh-Node-Addr",
+                    HeaderDef::IrohNodeAddr.into(),
                    mail_builder::headers::text::Text::new(serde_json::to_string(
                        &context
                            .get_or_try_init_peer_channel()
@@ -1521,6 +1534,18 @@ impl MimeFactory {
                    .into(),
                ));
            }
+            SystemMessage::CallAccepted => {
+                headers.push((
+                    "Chat-Content",
+                    mail_builder::headers::raw::Raw::new("call-accepted").into(),
+                ));
+            }
+            SystemMessage::CallEnded => {
+                headers.push((
+                    "Chat-Content",
+                    mail_builder::headers::raw::Raw::new("call-ended").into(),
+                ));
+            }
            _ => {}
        }

@@ -1545,15 +1570,25 @@ impl MimeFactory {
                "Chat-Content",
                mail_builder::headers::raw::Raw::new("videochat-invitation").into(),
            ));
+        } else if msg.viewtype == Viewtype::Call {
+            headers.push((
+                "Chat-Content",
+                mail_builder::headers::raw::Raw::new("call").into(),
+            ));
+            placeholdertext = Some(
+                "[This is a 'Call'. The sender uses an experiment not supported on your version yet]".to_string(),
+            );
+        }
+
+        if let Some(offer) = msg.param.get(Param::WebrtcRoom) {
            headers.push((
                "Chat-Webrtc-Room",
-                mail_builder::headers::raw::Raw::new(
-                    msg.param
-                        .get(Param::WebrtcRoom)
-                        .unwrap_or_default()
-                        .to_string(),
-                )
-                .into(),
+                mail_builder::headers::raw::Raw::new(b_encode(offer)).into(),
+            ));
+        } else if let Some(answer) = msg.param.get(Param::WebrtcAccepted) {
+            headers.push((
+                "Chat-Webrtc-Accepted",
+                mail_builder::headers::raw::Raw::new(b_encode(answer)).into(),
            ));
        }

@@ -1691,10 +1726,13 @@ impl MimeFactory {
            let json = msg.param.get(Param::Arg).unwrap_or_default();
            parts.push(context.build_status_update_part(json));
        } else if msg.viewtype == Viewtype::Webxdc {
+            let topic = self
+                .webxdc_topic
+                .map(|top| BASE32_NOPAD.encode(top.as_bytes()).to_ascii_lowercase())
+                .unwrap_or(create_iroh_header(context, msg.id).await?);
            headers.push((
-                "Iroh-Gossip-Topic",
-                mail_builder::headers::raw::Raw::new(create_iroh_header(context, msg.id).await?)
-                    .into(),
+                HeaderDef::IrohGossipTopic.get_headername(),
+                mail_builder::headers::raw::Raw::new(topic).into(),
            ));
            if let (Some(json), _) = context
                .render_webxdc_status_update_object(
@@ -1844,5 +1882,17 @@ fn render_rfc724_mid(rfc724_mid: &str) -> String {
    }
 }

+/// Encodes UTF-8 string as a single B-encoded-word.
+///
+/// We manually encode some headers because as of
+/// version 0.4.4 mail-builder crate does not encode
+/// newlines correctly if they appear in a text header.
+fn b_encode(value: &str) -> String {
+    format!(
+        "=?utf-8?B?{}?=",
+        base64::engine::general_purpose::STANDARD.encode(value)
+    )
+}
+
 #[cfg(test)]
 mod mimefactory_tests;
--- a/src/mimefactory/mimefactory_tests.rs
+++ b/src/mimefactory/mimefactory_tests.rs
@@ -2,6 +2,7 @@ use deltachat_contact_tools::ContactAddress;
 use mail_builder::headers::Header;
 use mailparse::{MailHeaderMap, addrparse_header};
 use std::str;
+use std::time::Duration;

 use super::*;
 use crate::chat::{
@@ -16,6 +17,7 @@ use crate::message;
 use crate::mimeparser::MimeMessage;
 use crate::receive_imf::receive_imf;
 use crate::test_utils::{TestContext, TestContextManager, get_chat_msg};
+use crate::tools::SystemTime;

 fn render_email_address(display_name: &str, addr: &str) -> String {
    let mut output = Vec::<u8>::new();
@@ -89,8 +91,11 @@ fn test_render_rfc724_mid() {

 fn render_header_text(text: &str) -> String {
    let mut output = Vec::<u8>::new();
+
+    // Some non-zero length of the header name.
+    let bytes_written = 20;
    mail_builder::headers::text::Text::new(text.to_string())
-        .write_header(&mut output, 0)
+        .write_header(&mut output, bytes_written)
        .unwrap();

    String::from_utf8(output).unwrap()
@@ -681,6 +686,7 @@ async fn test_selfavatar_unencrypted_signed() {
        .unwrap()
        .unwrap();
    let alice_contact = Contact::get_by_id(&bob.ctx, alice_id).await.unwrap();
+    assert_eq!(alice_contact.is_key_contact(), false);
    assert!(
        alice_contact
            .get_profile_image(&bob.ctx)
@@ -867,6 +873,43 @@ async fn test_dont_remove_self() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_new_member_is_first_recipient() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let charlie = &tcm.charlie().await;
+
+    let bob_id = alice.add_or_lookup_contact_id(bob).await;
+    let charlie_id = alice.add_or_lookup_contact_id(charlie).await;
+
+    let group = alice
+        .create_group_with_members(ProtectionStatus::Unprotected, "Group", &[bob])
+        .await;
+    alice.send_text(group, "Hi! I created a group.").await;
+
+    SystemTime::shift(Duration::from_secs(60));
+    add_contact_to_chat(alice, group, charlie_id).await?;
+    let sent_msg = alice.pop_sent_msg().await;
+    assert!(
+        sent_msg
+            .recipients
+            .starts_with(&charlie.get_config(Config::Addr).await?.unwrap())
+    );
+
+    remove_contact_from_chat(alice, group, bob_id).await?;
+    alice.pop_sent_msg().await;
+    SystemTime::shift(Duration::from_secs(60));
+    add_contact_to_chat(alice, group, bob_id).await?;
+    let sent_msg = alice.pop_sent_msg().await;
+    assert!(
+        sent_msg
+            .recipients
+            .starts_with(&bob.get_config(Config::Addr).await?.unwrap())
+    );
+    Ok(())
+}
+
 /// Regression test: mimefactory should never create an empty to header,
 /// also not if the Selftalk parameter is missing
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -1,7 +1,7 @@
 //! # MIME message parsing module.

 use std::cmp::min;
-use std::collections::{HashMap, HashSet};
+use std::collections::{BTreeMap, HashMap, HashSet};
 use std::path::Path;
 use std::str;
 use std::str::FromStr;
@@ -36,6 +36,17 @@ use crate::tools::{
 };
 use crate::{chatlist_events, location, stock_str, tools};

+/// Public key extracted from `Autocrypt-Gossip`
+/// header with associated information.
+#[derive(Debug)]
+pub struct GossipedKey {
+    /// Public key extracted from `keydata` attribute.
+    pub public_key: SignedPublicKey,
+
+    /// True if `Autocrypt-Gossip` has a `_verified` attribute.
+    pub verified: bool,
+}
+
 /// A parsed MIME message.
 ///
 /// This represents the relevant information of a parsed MIME message
@@ -85,7 +96,7 @@ pub(crate) struct MimeMessage {

    /// The addresses for which there was a gossip header
    /// and their respective gossiped keys.
-    pub gossiped_keys: HashMap<String, SignedPublicKey>,
+    pub gossiped_keys: BTreeMap<String, GossipedKey>,

    /// Fingerprint of the key in the Autocrypt header.
    ///
@@ -216,6 +227,12 @@ pub enum SystemMessage {

    /// "Messages are end-to-end encrypted."
    ChatE2ee = 50,
+
+    /// Message indicating that a call was accepted.
+    CallAccepted = 66,
+
+    /// Message indicating that a call was ended.
+    CallEnded = 67,
 }

 const MIME_AC_SETUP_FILE: &str = "application/autocrypt-setup";
@@ -427,7 +444,7 @@ impl MimeMessage {
            None
        };

-        let public_keyring = if incoming {
+        let mut public_keyring = if incoming {
            if let Some(autocrypt_header) = autocrypt_header {
                vec![autocrypt_header.public_key]
            } else {
@@ -437,8 +454,46 @@ impl MimeMessage {
            key::load_self_public_keyring(context).await?
        };

+        if let Some(signature) = match &decrypted_msg {
+            Some(pgp::composed::Message::Literal { .. }) => None,
+            Some(pgp::composed::Message::Compressed { .. }) => {
+                // One layer of compression should already be handled by now.
+                // We don't decompress messages compressed multiple times.
+                None
+            }
+            Some(pgp::composed::Message::SignedOnePass { reader, .. }) => reader.signature(),
+            Some(pgp::composed::Message::Signed { reader, .. }) => Some(reader.signature()),
+            Some(pgp::composed::Message::Encrypted { .. }) => {
+                // The message is already decrypted once.
+                None
+            }
+            None => None,
+        } {
+            for issuer_fingerprint in signature.issuer_fingerprint() {
+                let issuer_fingerprint =
+                    crate::key::Fingerprint::from(issuer_fingerprint.clone()).hex();
+                if let Some(public_key_bytes) = context
+                    .sql
+                    .query_row_optional(
+                        "SELECT public_key
+                         FROM public_keys
+                         WHERE fingerprint=?",
+                        (&issuer_fingerprint,),
+                        |row| {
+                            let bytes: Vec<u8> = row.get(0)?;
+                            Ok(bytes)
+                        },
+                    )
+                    .await?
+                {
+                    let public_key = SignedPublicKey::from_slice(&public_key_bytes)?;
+                    public_keyring.push(public_key)
+                }
+            }
+        }
+
        let mut signatures = if let Some(ref decrypted_msg) = decrypted_msg {
-            crate::pgp::valid_signature_fingerprints(decrypted_msg, &public_keyring)?
+            crate::pgp::valid_signature_fingerprints(decrypted_msg, &public_keyring)
        } else {
            HashSet::new()
        };
@@ -638,6 +693,10 @@ impl MimeMessage {
                self.is_system_message = SystemMessage::ChatProtectionDisabled;
            } else if value == "group-avatar-changed" {
                self.is_system_message = SystemMessage::GroupImageChanged;
+            } else if value == "call-accepted" {
+                self.is_system_message = SystemMessage::CallAccepted;
+            } else if value == "call-ended" {
+                self.is_system_message = SystemMessage::CallEnded;
            }
        } else if self.get_header(HeaderDef::ChatGroupMemberRemoved).is_some() {
            self.is_system_message = SystemMessage::MemberRemovedFromGroup;
@@ -660,16 +719,26 @@ impl MimeMessage {
    }

    fn parse_videochat_headers(&mut self) {
-        if let Some(value) = self.get_header(HeaderDef::ChatContent) {
-            if value == "videochat-invitation" {
-                let instance = self
-                    .get_header(HeaderDef::ChatWebrtcRoom)
-                    .map(|s| s.to_string());
-                if let Some(part) = self.parts.first_mut() {
+        let content = self
+            .get_header(HeaderDef::ChatContent)
+            .unwrap_or_default()
+            .to_string();
+        let room = self
+            .get_header(HeaderDef::ChatWebrtcRoom)
+            .map(|s| s.to_string());
+        let accepted = self
+            .get_header(HeaderDef::ChatWebrtcAccepted)
+            .map(|s| s.to_string());
+        if let Some(part) = self.parts.first_mut() {
+            if let Some(room) = room {
+                if content == "videochat-invitation" {
                    part.typ = Viewtype::VideochatInvitation;
-                    part.param
-                        .set(Param::WebrtcRoom, instance.unwrap_or_default());
+                } else if content == "call" {
+                    part.typ = Viewtype::Call
                }
+                part.param.set(Param::WebrtcRoom, room);
+            } else if let Some(accepted) = accepted {
+                part.param.set(Param::WebrtcAccepted, accepted);
            }
        }
    }
@@ -695,7 +764,10 @@ impl MimeMessage {
                    | Viewtype::Vcard
                    | Viewtype::File
                    | Viewtype::Webxdc => true,
-                    Viewtype::Unknown | Viewtype::Text | Viewtype::VideochatInvitation => false,
+                    Viewtype::Unknown
+                    | Viewtype::Text
+                    | Viewtype::VideochatInvitation
+                    | Viewtype::Call => false,
                })
        {
            let mut parts = std::mem::take(&mut self.parts);
@@ -1322,10 +1394,6 @@ impl MimeMessage {
        filename: &str,
        is_related: bool,
    ) -> Result<()> {
-        if decoded_data.is_empty() {
-            return Ok(());
-        }
-
        // Process attached PGP keys.
        if mime_type.type_() == mime::APPLICATION
            && mime_type.subtype().as_str() == "pgp-keys"
@@ -1451,7 +1519,7 @@ impl MimeMessage {
                );
                return Ok(false);
            }
-            Ok((key, _)) => key,
+            Ok(key) => key,
        };
        if let Err(err) = key.verify() {
            warn!(context, "Attached PGP key verification failed: {err:#}.");
@@ -1514,13 +1582,11 @@ impl MimeMessage {
        }
    }

-    pub fn replace_msg_by_error(&mut self, error_msg: &str) {
-        self.is_system_message = SystemMessage::Unknown;
-        if let Some(part) = self.parts.first_mut() {
-            part.typ = Viewtype::Text;
-            part.msg = format!("[{error_msg}]");
-            self.parts.truncate(1);
-        }
+    /// Check if a message is a call.
+    pub(crate) fn is_call(&self) -> bool {
+        self.parts
+            .first()
+            .is_some_and(|part| part.typ == Viewtype::Call)
    }

    pub(crate) fn get_rfc724_mid(&self) -> Option<String> {
@@ -1908,9 +1974,9 @@ async fn parse_gossip_headers(
    from: &str,
    recipients: &[SingleInfo],
    gossip_headers: Vec<String>,
-) -> Result<HashMap<String, SignedPublicKey>> {
+) -> Result<BTreeMap<String, GossipedKey>> {
    // XXX split the parsing from the modification part
-    let mut gossiped_keys: HashMap<String, SignedPublicKey> = Default::default();
+    let mut gossiped_keys: BTreeMap<String, GossipedKey> = Default::default();

    for value in &gossip_headers {
        let header = match value.parse::<Aheader>() {
@@ -1952,7 +2018,12 @@ async fn parse_gossip_headers(
            )
            .await?;

-        gossiped_keys.insert(header.addr.to_lowercase(), header.public_key);
+        let gossiped_key = GossipedKey {
+            public_key: header.public_key,
+
+            verified: header.verified,
+        };
+        gossiped_keys.insert(header.addr.to_lowercase(), gossiped_key);
    }

    Ok(gossiped_keys)
--- a/src/net.rs
+++ b/src/net.rs
@@ -16,14 +16,12 @@ use crate::sql::Sql;
 use crate::tools::time;

 pub(crate) mod dns;
-pub(crate) mod error_capturing_stream;
 pub(crate) mod http;
 pub(crate) mod proxy;
 pub(crate) mod session;
 pub(crate) mod tls;

 use dns::lookup_host_with_cache;
-pub(crate) use error_capturing_stream::ErrorCapturingStream;
 pub use http::{Response as HttpResponse, read_url, read_url_blob};
 use tls::wrap_tls;

@@ -107,7 +105,7 @@ pub(crate) async fn load_connection_timestamp(
 /// to the network, which is important to reduce the latency of interactive protocols such as IMAP.
 pub(crate) async fn connect_tcp_inner(
    addr: SocketAddr,
-) -> Result<Pin<Box<ErrorCapturingStream<TimeoutStream<TcpStream>>>>> {
+) -> Result<Pin<Box<TimeoutStream<TcpStream>>>> {
    let tcp_stream = timeout(TIMEOUT, TcpStream::connect(addr))
        .await
        .context("connection timeout")?
@@ -120,9 +118,7 @@ pub(crate) async fn connect_tcp_inner(
    timeout_stream.set_write_timeout(Some(TIMEOUT));
    timeout_stream.set_read_timeout(Some(TIMEOUT));

-    let error_capturing_stream = ErrorCapturingStream::new(timeout_stream);
-
-    Ok(Box::pin(error_capturing_stream))
+    Ok(Box::pin(timeout_stream))
 }

 /// Attempts to establish TLS connection
@@ -239,7 +235,7 @@ pub(crate) async fn connect_tcp(
    host: &str,
    port: u16,
    load_cache: bool,
-) -> Result<Pin<Box<ErrorCapturingStream<TimeoutStream<TcpStream>>>>> {
+) -> Result<Pin<Box<TimeoutStream<TcpStream>>>> {
    let connection_futures = lookup_host_with_cache(context, host, port, "", load_cache)
        .await?
        .into_iter()
--- a/src/net/dns.rs
+++ b/src/net/dns.rs
@@ -227,9 +227,6 @@ pub(crate) async fn update_connect_timestamp(
 }

 /// Preloaded DNS results that can be used in case of DNS server failures.
-///
-/// See <https://support.delta.chat/t/no-dns-resolution-result/2778> and
-/// <https://github.com/deltachat/deltachat-core-rust/issues/4920> for reasons.
 static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new(|| {
    HashMap::from([
        (
--- a/src/net/error_capturing_stream.rs
+++ b/src/net/error_capturing_stream.rs
@@ -1,136 +0,0 @@
-use std::io::IoSlice;
-use std::net::SocketAddr;
-use std::pin::Pin;
-use std::task::{Context, Poll};
-use std::time::Duration;
-use tokio::io::{self, AsyncRead, AsyncWrite, ReadBuf};
-
-use pin_project::pin_project;
-
-use crate::net::SessionStream;
-
-/// Stream that remembers the first error
-/// and keeps returning it afterwards.
-///
-/// It is needed to avoid accidentally using
-/// the stream after read timeout.
-#[derive(Debug)]
-#[pin_project]
-pub(crate) struct ErrorCapturingStream<T: AsyncRead + AsyncWrite + std::fmt::Debug> {
-    #[pin]
-    inner: T,
-
-    /// If true, the stream has already returned an error once.
-    ///
-    /// All read and write operations return error in this case.
-    is_broken: bool,
-}
-
-impl<T: AsyncRead + AsyncWrite + std::fmt::Debug> ErrorCapturingStream<T> {
-    pub fn new(inner: T) -> Self {
-        Self {
-            inner,
-            is_broken: false,
-        }
-    }
-
-    /// Gets a reference to the underlying stream.
-    pub fn get_ref(&self) -> &T {
-        &self.inner
-    }
-
-    /// Gets a pinned mutable reference to the underlying stream.
-    pub fn get_pin_mut(self: Pin<&mut Self>) -> Pin<&mut T> {
-        self.project().inner
-    }
-}
-
-impl<T: AsyncRead + AsyncWrite + std::fmt::Debug> AsyncRead for ErrorCapturingStream<T> {
-    fn poll_read(
-        self: Pin<&mut Self>,
-        cx: &mut Context<'_>,
-        buf: &mut ReadBuf,
-    ) -> Poll<io::Result<()>> {
-        let this = self.project();
-        if *this.is_broken {
-            return Poll::Ready(Err(io::Error::other("Broken stream")));
-        }
-        let res = this.inner.poll_read(cx, buf);
-        if let Poll::Ready(Err(_)) = res {
-            *this.is_broken = true;
-        }
-        res
-    }
-}
-
-impl<T: AsyncRead + AsyncWrite + std::fmt::Debug> AsyncWrite for ErrorCapturingStream<T> {
-    fn poll_write(
-        self: Pin<&mut Self>,
-        cx: &mut Context<'_>,
-        buf: &[u8],
-    ) -> Poll<io::Result<usize>> {
-        let this = self.project();
-        if *this.is_broken {
-            return Poll::Ready(Err(io::Error::other("Broken stream")));
-        }
-        let res = this.inner.poll_write(cx, buf);
-        if let Poll::Ready(Err(_)) = res {
-            *this.is_broken = true;
-        }
-        res
-    }
-
-    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
-        let this = self.project();
-        if *this.is_broken {
-            return Poll::Ready(Err(io::Error::other("Broken stream")));
-        }
-        let res = this.inner.poll_flush(cx);
-        if let Poll::Ready(Err(_)) = res {
-            *this.is_broken = true;
-        }
-        res
-    }
-
-    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
-        let this = self.project();
-        if *this.is_broken {
-            return Poll::Ready(Err(io::Error::other("Broken stream")));
-        }
-        let res = this.inner.poll_shutdown(cx);
-        if let Poll::Ready(Err(_)) = res {
-            *this.is_broken = true;
-        }
-        res
-    }
-
-    fn poll_write_vectored(
-        self: Pin<&mut Self>,
-        cx: &mut Context<'_>,
-        bufs: &[IoSlice<'_>],
-    ) -> Poll<io::Result<usize>> {
-        let this = self.project();
-        if *this.is_broken {
-            return Poll::Ready(Err(io::Error::other("Broken stream")));
-        }
-        let res = this.inner.poll_write_vectored(cx, bufs);
-        if let Poll::Ready(Err(_)) = res {
-            *this.is_broken = true;
-        }
-        res
-    }
-
-    fn is_write_vectored(&self) -> bool {
-        self.inner.is_write_vectored()
-    }
-}
-
-impl<T: SessionStream> SessionStream for ErrorCapturingStream<T> {
-    fn set_read_timeout(&mut self, timeout: Option<Duration>) {
-        self.inner.set_read_timeout(timeout)
-    }
-
-    fn peer_addr(&self) -> anyhow::Result<SocketAddr> {
-        self.inner.peer_addr()
-    }
-}
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -244,7 +244,7 @@ async fn fetch_url(context: &Context, original_url: &str) -> Result<Response> {
            .clone();

        let req = hyper::Request::builder()
-            .uri(parsed_url.path())
+            .uri(parsed_url)
            .header(hyper::header::HOST, authority.as_str())
            .body(http_body_util::Empty::<Bytes>::new())?;
        let response = sender.send_request(req).await?;
@@ -378,7 +378,7 @@ pub(crate) async fn post_string(context: &Context, url: &str, body: String) -> R
        .context("URL has no authority")?
        .clone();

-    let request = hyper::Request::post(parsed_url.path())
+    let request = hyper::Request::post(parsed_url)
        .header(hyper::header::HOST, authority.as_str())
        .body(body)?;
    let response = sender.send_request(request).await?;
@@ -408,7 +408,7 @@ pub(crate) async fn post_form<T: Serialize + ?Sized>(
        .authority()
        .context("URL has no authority")?
        .clone();
-    let request = hyper::Request::post(parsed_url.path())
+    let request = hyper::Request::post(parsed_url)
        .header(hyper::header::HOST, authority.as_str())
        .header("content-type", "application/x-www-form-urlencoded")
        .body(encoded_body)?;
--- a/src/net/proxy.rs
+++ b/src/net/proxy.rs
@@ -21,9 +21,9 @@ use url::Url;
 use crate::config::Config;
 use crate::constants::NON_ALPHANUMERIC_WITHOUT_DOT;
 use crate::context::Context;
+use crate::net::connect_tcp;
 use crate::net::session::SessionStream;
 use crate::net::tls::wrap_rustls;
-use crate::net::{ErrorCapturingStream, connect_tcp};
 use crate::sql::Sql;

 /// Default SOCKS5 port according to [RFC 1928](https://tools.ietf.org/html/rfc1928).
@@ -118,7 +118,7 @@ impl Socks5Config {
        target_host: &str,
        target_port: u16,
        load_dns_cache: bool,
-    ) -> Result<Socks5Stream<Pin<Box<ErrorCapturingStream<TimeoutStream<TcpStream>>>>>> {
+    ) -> Result<Socks5Stream<Pin<Box<TimeoutStream<TcpStream>>>>> {
        let tcp_stream = connect_tcp(context, &self.host, self.port, load_dns_cache)
            .await
            .context("Failed to connect to SOCKS5 proxy")?;
--- a/src/net/session.rs
+++ b/src/net/session.rs
@@ -7,8 +7,6 @@ use tokio::io::{AsyncBufRead, AsyncRead, AsyncWrite, BufStream, BufWriter};
 use tokio::net::TcpStream;
 use tokio_io_timeout::TimeoutStream;

-use crate::net::ErrorCapturingStream;
-
 pub(crate) trait SessionStream:
    AsyncRead + AsyncWrite + Unpin + Send + Sync + std::fmt::Debug
 {
@@ -63,13 +61,13 @@ impl<T: SessionStream> SessionStream for BufWriter<T> {
        self.get_ref().peer_addr()
    }
 }
-impl SessionStream for Pin<Box<ErrorCapturingStream<TimeoutStream<TcpStream>>>> {
+impl SessionStream for Pin<Box<TimeoutStream<TcpStream>>> {
    fn set_read_timeout(&mut self, timeout: Option<Duration>) {
-        self.as_mut().get_pin_mut().set_read_timeout_pinned(timeout);
+        self.as_mut().set_read_timeout_pinned(timeout);
    }

    fn peer_addr(&self) -> Result<SocketAddr> {
-        Ok(self.get_ref().get_ref().peer_addr()?)
+        Ok(self.get_ref().peer_addr()?)
    }
 }
 impl<T: SessionStream> SessionStream for Socks5Stream<T> {
--- a/src/param.rs
+++ b/src/param.rs
@@ -120,6 +120,9 @@ pub enum Param {
    /// For Messages
    WebrtcRoom = b'V',

+    /// For Messages
+    WebrtcAccepted = b'7',
+
    /// For Messages: space-separated list of messaged IDs of forwarded copies.
    ///
    /// This is used when a [crate::message::Message] is in the
@@ -262,7 +265,7 @@ impl str::FromStr for Params {
    /// or from an upgrade (when a key is dropped but was used in the past)
    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
        let mut inner = BTreeMap::new();
-        let mut lines = s.lines().peekable();
+        let mut lines = s.split('\n').peekable();

        while let Some(line) = lines.next() {
            if let [key, value] = line.splitn(2, '=').collect::<Vec<_>>()[..] {
@@ -454,6 +457,7 @@ mod tests {
        let mut params = Params::new();
        params.set(Param::Height, "foo\nbar=baz\nquux");
        params.set(Param::Width, "\n\n\na=\n=");
+        params.set(Param::WebrtcRoom, "foo\r\nbar\r\n\r\nbaz\r\n");
        assert_eq!(params.to_string().parse::<Params>().unwrap(), params);
    }

--- a/src/peer_channels.rs
+++ b/src/peer_channels.rs
@@ -48,13 +48,13 @@ use crate::mimeparser::SystemMessage;
 const PUBLIC_KEY_LENGTH: usize = 32;
 const PUBLIC_KEY_STUB: &[u8] = "static_string".as_bytes();

-/// Store iroh peer channels for the context.
+/// Store Iroh peer channels for the context.
 #[derive(Debug)]
 pub struct Iroh {
-    /// iroh router  needed for iroh peer channels.
+    /// Iroh router  needed for Iroh peer channels.
    pub(crate) router: iroh::protocol::Router,

-    /// [Gossip] needed for iroh peer channels.
+    /// [Gossip] needed for Iroh peer channels.
    pub(crate) gossip: Gossip,

    /// Sequence numbers for gossip channels.
@@ -109,7 +109,7 @@ impl Iroh {

        info!(
            ctx,
-            "IROH_REALTIME: Joining gossip with peers: {:?}", node_ids,
+            "IROH_REALTIME: Joining gossip {topic} with peers: {:?}.", node_ids,
        );

        // Inform iroh of potentially new node addresses
@@ -138,17 +138,11 @@ impl Iroh {
        Ok(Some(join_rx))
    }

-    /// Add gossip peers to realtime channel if it is already active.
-    pub async fn maybe_add_gossip_peers(&self, topic: TopicId, peers: Vec<NodeAddr>) -> Result<()> {
+    /// Add gossip peer to realtime channel if it is already active.
+    pub async fn maybe_add_gossip_peer(&self, topic: TopicId, peer: NodeAddr) -> Result<()> {
        if self.iroh_channels.read().await.get(&topic).is_some() {
-            for peer in &peers {
-                self.router.endpoint().add_node_addr(peer.clone())?;
-            }
-
-            self.gossip.subscribe_with_opts(
-                topic,
-                JoinOptions::with_bootstrap(peers.into_iter().map(|peer| peer.node_id)),
-            );
+            self.router.endpoint().add_node_addr(peer.clone())?;
+            self.gossip.subscribe(topic, vec![peer.node_id])?;
        }
        Ok(())
    }
@@ -316,6 +310,17 @@ impl Context {
            }
        }
    }
+
+    pub(crate) async fn maybe_add_gossip_peer(&self, topic: TopicId, peer: NodeAddr) -> Result<()> {
+        if let Some(iroh) = &*self.iroh.read().await {
+            info!(
+                self,
+                "Adding (maybe existing) peer with id {} to {topic}.", peer.node_id
+            );
+            iroh.maybe_add_gossip_peer(topic, peer).await?;
+        }
+        Ok(())
+    }
 }

 /// Cache a peers [NodeId] for one topic.
@@ -348,13 +353,14 @@ pub async fn add_gossip_peer_from_header(
        return Ok(());
    }

-    info!(
-        context,
-        "Adding iroh peer with address {node_addr:?} to the topic of {instance_id}."
-    );
    let node_addr =
        serde_json::from_str::<NodeAddr>(node_addr).context("Failed to parse node address")?;

+    info!(
+        context,
+        "Adding iroh peer with node id {} to the topic of {instance_id}.", node_addr.node_id
+    );
+
    context.emit_event(EventType::WebxdcRealtimeAdvertisementReceived {
        msg_id: instance_id,
    });
@@ -371,8 +377,7 @@ pub async fn add_gossip_peer_from_header(
    let relay_server = node_addr.relay_url().map(|relay| relay.as_str());
    iroh_add_peer_for_topic(context, instance_id, topic, node_id, relay_server).await?;

-    let iroh = context.get_or_try_init_peer_channel().await?;
-    iroh.maybe_add_gossip_peers(topic, vec![node_addr]).await?;
+    context.maybe_add_gossip_peer(topic, node_addr).await?;
    Ok(())
 }

@@ -555,9 +560,9 @@ mod tests {
    use super::*;
    use crate::{
        EventType,
-        chat::send_msg,
+        chat::{self, ChatId, ProtectionStatus, add_contact_to_chat, resend_msgs, send_msg},
        message::{Message, Viewtype},
-        test_utils::TestContextManager,
+        test_utils::{TestContext, TestContextManager},
    };

    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -924,8 +929,8 @@ mod tests {
        let alice = &mut tcm.alice().await;
        let bob = &mut tcm.bob().await;

-        // Alice sends webxdc to bob
-        let alice_chat = alice.create_chat(bob).await;
+        let chat = alice.create_chat(bob).await.id;
+
        let mut instance = Message::new(Viewtype::File);
        instance
            .set_file_from_bytes(
@@ -935,7 +940,100 @@ mod tests {
                None,
            )
            .unwrap();
-        send_msg(alice, alice_chat.id, &mut instance).await.unwrap();
+        connect_alice_bob(alice, chat, &mut instance, bob).await
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_webxdc_resend() {
+        let mut tcm = TestContextManager::new();
+        let alice = &mut tcm.alice().await;
+        let bob = &mut tcm.bob().await;
+        let group = chat::create_group_chat(alice, ProtectionStatus::Unprotected, "group chat")
+            .await
+            .unwrap();
+
+        // Alice sends webxdc to bob
+        let mut instance = Message::new(Viewtype::File);
+        instance
+            .set_file_from_bytes(
+                alice,
+                "minimal.xdc",
+                include_bytes!("../test-data/webxdc/minimal.xdc"),
+                None,
+            )
+            .unwrap();
+
+        add_contact_to_chat(alice, group, alice.add_or_lookup_contact_id(bob).await)
+            .await
+            .unwrap();
+
+        connect_alice_bob(alice, group, &mut instance, bob).await;
+
+        // fiona joins late
+        let fiona = &mut tcm.fiona().await;
+
+        add_contact_to_chat(alice, group, alice.add_or_lookup_contact_id(fiona).await)
+            .await
+            .unwrap();
+
+        resend_msgs(alice, &[instance.id]).await.unwrap();
+        let msg = alice.pop_sent_msg().await;
+        let fiona_instance = fiona.recv_msg(&msg).await;
+        fiona_instance.chat_id.accept(fiona).await.unwrap();
+        assert!(fiona.ctx.iroh.read().await.is_none());
+
+        let fiona_connect_future = send_webxdc_realtime_advertisement(fiona, fiona_instance.id)
+            .await
+            .unwrap()
+            .unwrap();
+        let fiona_advert = fiona.pop_sent_msg().await;
+        alice.recv_msg_trash(&fiona_advert).await;
+
+        fiona_connect_future.await.unwrap();
+
+        let realtime_send_loop = async {
+            // Keep sending in a loop because right after joining
+            // Fiona may miss messages.
+            loop {
+                send_webxdc_realtime_data(alice, instance.id, b"alice -> bob & fiona".into())
+                    .await
+                    .unwrap();
+                tokio::time::sleep(std::time::Duration::from_secs(1)).await;
+            }
+        };
+
+        let realtime_receive_loop = async {
+            loop {
+                let event = fiona.evtracker.recv().await.unwrap();
+                if let EventType::WebxdcRealtimeData { data, .. } = event.typ {
+                    if data == b"alice -> bob & fiona" {
+                        break;
+                    } else {
+                        panic!(
+                            "Unexpected status update: {}",
+                            String::from_utf8_lossy(&data)
+                        );
+                    }
+                }
+            }
+        };
+        tokio::select!(
+            _ = realtime_send_loop => {
+                panic!("Send loop should never finish");
+            },
+            _ = realtime_receive_loop => {
+                return;
+            }
+        );
+    }
+
+    async fn connect_alice_bob(
+        alice: &mut TestContext,
+        alice_chat_id: ChatId,
+        instance: &mut Message,
+        bob: &mut TestContext,
+    ) {
+        send_msg(alice, alice_chat_id, instance).await.unwrap();
        let alice_webxdc = alice.get_last_msg().await;

        let webxdc = alice.pop_sent_msg().await;
@@ -952,8 +1050,9 @@ mod tests {
            .unwrap();
        let alice_advertisement = alice.pop_sent_msg().await;

-        send_webxdc_realtime_advertisement(bob, bob_webxdc.id)
+        let bob_advertisement_future = send_webxdc_realtime_advertisement(bob, bob_webxdc.id)
            .await
+            .unwrap()
            .unwrap();
        let bob_advertisement = bob.pop_sent_msg().await;

@@ -961,8 +1060,9 @@ mod tests {
        bob.recv_msg_trash(&alice_advertisement).await;
        alice.recv_msg_trash(&bob_advertisement).await;

-        eprintln!("Alice waits for connection");
+        eprintln!("Alice and Bob wait for connection");
        alice_advertisement_future.await.unwrap();
+        bob_advertisement_future.await.unwrap();

        // Alice sends ephemeral message
        eprintln!("Sending ephemeral message");
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -272,7 +272,7 @@ pub fn pk_decrypt(
 pub fn valid_signature_fingerprints(
    msg: &pgp::composed::Message,
    public_keys_for_validation: &[SignedPublicKey],
-) -> Result<HashSet<Fingerprint>> {
+) -> HashSet<Fingerprint> {
    let mut ret_signature_fingerprints: HashSet<Fingerprint> = Default::default();
    if msg.is_signed() {
        for pkey in public_keys_for_validation {
@@ -282,7 +282,7 @@ pub fn valid_signature_fingerprints(
            }
        }
    }
-    Ok(ret_signature_fingerprints)
+    ret_signature_fingerprints
 }

 /// Validates detached signature.
@@ -359,7 +359,7 @@ mod tests {
        let mut msg = pk_decrypt(ctext.to_vec(), private_keys_for_decryption)?;
        let content = msg.as_data_vec()?;
        let ret_signature_fingerprints =
-            valid_signature_fingerprints(&msg, public_keys_for_validation)?;
+            valid_signature_fingerprints(&msg, public_keys_for_validation);

        Ok((msg, ret_signature_fingerprints, content))
    }
--- a/src/provider/data.rs
+++ b/src/provider/data.rs
@@ -13,8 +13,8 @@ use std::sync::LazyLock;
 // 163.md: 163.com
 static P_163: Provider = Provider {
    id: "163",
-    status: Status::Ok,
-    before_login_hint: "",
+    status: Status::Preparation,
+    before_login_hint: "Enable \"POP3/SMTP/IMAP\" on the website, add a third-party auth code and use that as the login password",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/163",
    server: &[
@@ -98,7 +98,7 @@ static P_ALIYUN: Provider = Provider {
 static P_AOL: Provider = Provider {
    id: "aol",
    status: Status::Preparation,
-    before_login_hint: "To log in to AOL with Delta Chat, you need to set up an app password in the AOL web interface.",
+    before_login_hint: "To log in to AOL, you need to set up an app password in the AOL web interface.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/aol",
    server: &[
@@ -432,7 +432,7 @@ static P_EXAMPLE_COM: Provider = Provider {
    id: "example.com",
    status: Status::Broken,
    before_login_hint: "Hush this provider doesn't exist!",
-    after_login_hint: "This provider doesn't really exist, so you can't use it :/ If you need an email provider for Delta Chat, take a look at providers.delta.chat!",
+    after_login_hint: "This provider doesn't really exist, so you can't use it :/ If you need an email provider, take a look at providers.delta.chat!",
    overview_page: "https://providers.delta.chat/example-com",
    server: &[
        Server {
@@ -459,7 +459,7 @@ static P_EXAMPLE_COM: Provider = Provider {
 static P_FASTMAIL: Provider = Provider {
    id: "fastmail",
    status: Status::Preparation,
-    before_login_hint: "You must create an app-specific password for Delta Chat before you can log in.",
+    before_login_hint: "You must create an app-specific password before you can log in.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/fastmail",
    server: &[
@@ -526,7 +526,7 @@ static P_FIVE_CHAT: Provider = Provider {
 static P_FREENET_DE: Provider = Provider {
    id: "freenet.de",
    status: Status::Preparation,
-    before_login_hint: "Um deine freenet.de E-Mail-Adresse mit Delta Chat zu benutzen, musst du erst auf der freenet.de-Webseite \"POP3/IMAP/SMTP\" aktivieren.",
+    before_login_hint: "Um deine freenet.de E-Mail-Adresse zu benutzen, musst du erst auf der freenet.de-Webseite \"POP3/IMAP/SMTP\" aktivieren.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/freenet-de",
    server: &[
@@ -647,10 +647,6 @@ static P_HERMES_RADIO: Provider = Provider {
            key: Config::MdnsEnabled,
            value: "0",
        },
-        ConfigDefault {
-            key: Config::E2eeEnabled,
-            value: "0",
-        },
        ConfigDefault {
            key: Config::ShowEmails,
            value: "2",
@@ -663,7 +659,7 @@ static P_HERMES_RADIO: Provider = Provider {
 static P_HEY_COM: Provider = Provider {
    id: "hey.com",
    status: Status::Broken,
-    before_login_hint: "hey.com does not offer the standard IMAP e-mail protocol, so you cannot log in with Delta Chat to hey.com.",
+    before_login_hint: "hey.com does not offer the standard IMAP e-mail protocol, so you cannot log in to hey.com.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/hey-com",
    server: &[],
@@ -702,7 +698,7 @@ static P_I3_NET: Provider = Provider {
 static P_ICLOUD: Provider = Provider {
    id: "icloud",
    status: Status::Preparation,
-    before_login_hint: "You must create an app-specific password for Delta Chat before login.",
+    before_login_hint: "You must create an app-specific password before login.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/icloud",
    server: &[
@@ -787,7 +783,7 @@ static P_KONTENT_COM: Provider = Provider {
 static P_MAIL_COM: Provider = Provider {
    id: "mail.com",
    status: Status::Preparation,
-    before_login_hint: "To log in with Delta Chat, you first need to activate POP3/IMAP in your mail.com settings. Note that this is a mail.com Premium feature only.",
+    before_login_hint: "To log in, you first need to activate POP3/IMAP in your mail.com settings. Note that this is a mail.com Premium feature only.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/mail-com",
    server: &[],
@@ -828,7 +824,7 @@ static P_MAIL_DE: Provider = Provider {
 static P_MAIL_RU: Provider = Provider {
    id: "mail.ru",
    status: Status::Preparation,
-    before_login_hint: "Вам необходимо сгенерировать \"пароль для внешнего приложения\" в веб-интерфейсе mail.ru, чтобы mail.ru работал с Delta Chat.",
+    before_login_hint: "Вам необходимо сгенерировать \"пароль для внешнего приложения\" в веб-интерфейсе mail.ru, чтобы mail.ru работал с chatmail.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/mail-ru",
    server: &[
@@ -1222,8 +1218,8 @@ static P_NUBO_COOP: Provider = Provider {
 // outlook.com.md: hotmail.com, outlook.com, office365.com, outlook.com.tr, live.com, outlook.de
 static P_OUTLOOK_COM: Provider = Provider {
    id: "outlook.com",
-    status: Status::Ok,
-    before_login_hint: "",
+    status: Status::Broken,
+    before_login_hint: "Unfortunately, Outlook does not allow using passwords anymore, per-app-passwords are currently not working.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/outlook-com",
    server: &[
@@ -1321,8 +1317,8 @@ static P_POSTEO: Provider = Provider {
 static P_PROTONMAIL: Provider = Provider {
    id: "protonmail",
    status: Status::Broken,
-    before_login_hint: "Protonmail does not offer the standard IMAP e-mail protocol, so you cannot log in with Delta Chat to Protonmail.",
-    after_login_hint: "To use Delta Chat with Protonmail, the IMAP bridge must be running in the background. If you have connectivity issues, double check whether it works as expected.",
+    before_login_hint: "Protonmail does not offer the standard IMAP e-mail protocol, so you cannot log in with to Protonmail.",
+    after_login_hint: "To use Protonmail, the IMAP bridge must be running in the background. If you have connectivity issues, double check whether it works as expected.",
    overview_page: "https://providers.delta.chat/protonmail",
    server: &[],
    opt: ProviderOptions::new(),
@@ -1362,7 +1358,7 @@ static P_PURELYMAIL_COM: Provider = Provider {
 static P_QQ: Provider = Provider {
    id: "qq",
    status: Status::Preparation,
-    before_login_hint: "Manually enabling IMAP/SMTP and creating an app-specific password for Delta Chat are required.",
+    before_login_hint: "Manually enabling IMAP/SMTP and creating an app-specific password are required.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/qq",
    server: &[
@@ -1390,7 +1386,7 @@ static P_QQ: Provider = Provider {
 static P_RAMBLER_RU: Provider = Provider {
    id: "rambler.ru",
    status: Status::Preparation,
-    before_login_hint: "Чтобы войти в Рамблер/почта через Delta Chat, необходимо предварительно включить доступ с помощью почтовых клиентов на сайте mail.rambler.ru",
+    before_login_hint: "Чтобы войти в Рамблер/почта, необходимо предварительно включить доступ с помощью почтовых клиентов на сайте mail.rambler.ru",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/rambler-ru",
    server: &[
@@ -1566,7 +1562,7 @@ static P_SYSTEMLI_ORG: Provider = Provider {
 static P_T_ONLINE: Provider = Provider {
    id: "t-online",
    status: Status::Preparation,
-    before_login_hint: "To use Delta Chat with a T-Online email address, you need to create an app password in the web interface.",
+    before_login_hint: "To use a T-Online email address, you need to create an app password in the web interface.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/t-online",
    server: &[
@@ -1677,7 +1673,7 @@ static P_TISCALI_IT: Provider = Provider {
 static P_TUTANOTA: Provider = Provider {
    id: "tutanota",
    status: Status::Broken,
-    before_login_hint: "Tutanota does not offer the standard IMAP e-mail protocol, so you cannot log in with Delta Chat to Tutanota.",
+    before_login_hint: "Tutanota does not offer the standard IMAP e-mail protocol, so you cannot log in to Tutanota.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/tutanota",
    server: &[],
@@ -1787,7 +1783,7 @@ static P_VIVALDI: Provider = Provider {
 static P_VK_COM: Provider = Provider {
    id: "vk.com",
    status: Status::Preparation,
-    before_login_hint: "Вам необходимо сгенерировать \"пароль для внешнего приложения\" в веб-интерфейсе mail.ru https://account.mail.ru/user/2-step-auth/passwords/ чтобы vk.com работал с Delta Chat.",
+    before_login_hint: "Вам необходимо сгенерировать \"пароль для внешнего приложения\" в веб-интерфейсе mail.ru https://account.mail.ru/user/2-step-auth/passwords/ чтобы vk.com работал с chatmail.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/vk-com",
    server: &[
@@ -1906,7 +1902,7 @@ static P_WKPB_DE: Provider = Provider {
 static P_YAHOO: Provider = Provider {
    id: "yahoo",
    status: Status::Preparation,
-    before_login_hint: "To use Delta Chat with your Yahoo email address you have to create an \"App-Password\" in the account security screen.",
+    before_login_hint: "To use your Yahoo email address you have to create an \"App-Password\" in the account security screen.",
    after_login_hint: "",
    overview_page: "https://providers.delta.chat/yahoo",
    server: &[
@@ -2662,4 +2658,4 @@ pub(crate) static PROVIDER_IDS: LazyLock<HashMap<&'static str, &'static Provider
    });

 pub static _PROVIDER_UPDATED: LazyLock<chrono::NaiveDate> =
-    LazyLock::new(|| chrono::NaiveDate::from_ymd_opt(2024, 9, 13).unwrap());
+    LazyLock::new(|| chrono::NaiveDate::from_ymd_opt(2025, 9, 4).unwrap());
--- a/src/push.rs
+++ b/src/push.rs
@@ -74,7 +74,7 @@ fn pad_device_token(s: &str) -> String {
 ///
 /// The result is base64-encoded and not ASCII armored to avoid dealing with newlines.
 pub(crate) fn encrypt_device_token(device_token: &str) -> Result<String> {
-    let public_key = pgp::composed::SignedPublicKey::from_asc(NOTIFIERS_PUBLIC_KEY)?.0;
+    let public_key = pgp::composed::SignedPublicKey::from_asc(NOTIFIERS_PUBLIC_KEY)?;
    let encryption_subkey = public_key
        .public_subkeys
        .first()
--- a/src/qr.rs
+++ b/src/qr.rs
@@ -766,19 +766,18 @@ pub async fn set_config_from_qr(context: &Context, qr: &str) -> Result<()> {
            authcode,
            ..
        } => {
-            token::delete(context, token::Namespace::InviteNumber, &invitenumber).await?;
-            token::delete(context, token::Namespace::Auth, &authcode).await?;
+            token::delete(context, "").await?;
            context
                .sync_qr_code_token_deletion(invitenumber, authcode)
                .await?;
        }
        Qr::WithdrawVerifyGroup {
+            grpid,
            invitenumber,
            authcode,
            ..
        } => {
-            token::delete(context, token::Namespace::InviteNumber, &invitenumber).await?;
-            token::delete(context, token::Namespace::Auth, &authcode).await?;
+            token::delete(context, &grpid).await?;
            context
                .sync_qr_code_token_deletion(invitenumber, authcode)
                .await?;
--- a/src/qr/qr_tests.rs
+++ b/src/qr/qr_tests.rs
@@ -2,7 +2,7 @@ use super::*;
 use crate::chat::{ProtectionStatus, create_group_chat};
 use crate::config::Config;
 use crate::securejoin::get_securejoin_qr;
-use crate::test_utils::{TestContext, TestContextManager};
+use crate::test_utils::{TestContext, TestContextManager, sync};

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_decode_http() -> Result<()> {
@@ -509,6 +509,77 @@ async fn test_withdraw_verifygroup() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_withdraw_multidevice() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let alice2 = &tcm.alice().await;
+
+    alice.set_config_bool(Config::SyncMsgs, true).await?;
+    alice2.set_config_bool(Config::SyncMsgs, true).await?;
+
+    // Alice creates two QR codes on the first device:
+    // group QR code and contact QR code.
+    let chat_id = create_group_chat(alice, ProtectionStatus::Unprotected, "Group").await?;
+    let chat2_id = create_group_chat(alice, ProtectionStatus::Unprotected, "Group 2").await?;
+    let contact_qr = get_securejoin_qr(alice, None).await?;
+    let group_qr = get_securejoin_qr(alice, Some(chat_id)).await?;
+    let group2_qr = get_securejoin_qr(alice, Some(chat2_id)).await?;
+
+    assert!(matches!(
+        check_qr(alice, &contact_qr).await?,
+        Qr::WithdrawVerifyContact { .. }
+    ));
+    assert!(matches!(
+        check_qr(alice, &group_qr).await?,
+        Qr::WithdrawVerifyGroup { .. }
+    ));
+
+    // Sync group QR codes.
+    sync(alice, alice2).await;
+    assert!(matches!(
+        check_qr(alice2, &group_qr).await?,
+        Qr::WithdrawVerifyGroup { .. }
+    ));
+    assert!(matches!(
+        check_qr(alice2, &group2_qr).await?,
+        Qr::WithdrawVerifyGroup { .. }
+    ));
+
+    // Alice creates a contact QR code on second device
+    // and withdraws it.
+    let contact_qr2 = get_securejoin_qr(alice2, None).await?;
+    set_config_from_qr(alice2, &contact_qr2).await?;
+    assert!(matches!(
+        check_qr(alice2, &contact_qr2).await?,
+        Qr::ReviveVerifyContact { .. }
+    ));
+
+    // Alice also withdraws second group QR code on second device.
+    set_config_from_qr(alice2, &group2_qr).await?;
+
+    // Sync messages are sent from Alice's second device to first device.
+    sync(alice2, alice).await;
+
+    // Now first device has reset all contact QR codes
+    // and second group QR code,
+    // but first group QR code is still valid.
+    assert!(matches!(
+        check_qr(alice, &contact_qr2).await?,
+        Qr::ReviveVerifyContact { .. }
+    ));
+    assert!(matches!(
+        check_qr(alice, &group_qr).await?,
+        Qr::WithdrawVerifyGroup { .. }
+    ));
+    assert!(matches!(
+        check_qr(alice, &group2_qr).await?,
+        Qr::ReviveVerifyGroup { .. }
+    ));
+
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_decode_and_apply_dclogin() -> Result<()> {
    let ctx = TestContext::new().await;
--- a/src/reaction.rs
+++ b/src/reaction.rs
@@ -404,7 +404,7 @@ mod tests {
    use crate::config::Config;
    use crate::contact::{Contact, Origin};
    use crate::download::DownloadState;
-    use crate::message::{MessageState, delete_msgs};
+    use crate::message::{MessageState, Viewtype, delete_msgs};
    use crate::receive_imf::{receive_imf, receive_imf_from_inbox};
    use crate::sql::housekeeping;
    use crate::test_utils::E2EE_INFO_MSGS;
@@ -550,6 +550,46 @@ Here's my footer -- bob@example.net"
        let reactions = get_msg_reactions(&alice, msg.id).await?;
        assert_eq!(reactions.to_string(), "😀1");

+        // Alice receives a message with reaction to her message from Bob.
+        let msg_bob = receive_imf(
+            &alice,
+            "To: alice@example.org\n\
+From: bob@example.net\n\
+Date: Today, 29 February 2021 00:00:10 -800\n\
+Message-ID: 56791@example.net\n\
+In-Reply-To: 12345@example.org\n\
+Mime-Version: 1.0\n\
+Content-Type: multipart/mixed; boundary=\"YiEDa0DAkWCtVeE4\"\n\
+Content-Disposition: inline\n\
+\n\
+--YiEDa0DAkWCtVeE4\n\
+Content-Type: text/plain; charset=utf-8\n\
+Content-Disposition: inline\n\
+\n\
+Reply + reaction\n\
+\n\
+--YiEDa0DAkWCtVeE4\n\
+Content-Type: text/plain; charset=utf-8\n\
+Content-Disposition: reaction\n\
+\n\
+\u{1F44D}\n\
+\n\
+--YiEDa0DAkWCtVeE4--"
+                .as_bytes(),
+            false,
+        )
+        .await?
+        .unwrap();
+        let msg_bob = Message::load_from_db(&alice, msg_bob.msg_ids[0]).await?;
+        assert_eq!(msg_bob.from_id, bob_id);
+        assert_eq!(msg_bob.chat_id, msg.chat_id);
+        assert_eq!(msg_bob.viewtype, Viewtype::Text);
+        assert_eq!(msg_bob.state, MessageState::InFresh);
+        assert_eq!(msg_bob.hidden, false);
+        assert_eq!(msg_bob.text, "Reply + reaction");
+        let reactions = get_msg_reactions(&alice, msg.id).await?;
+        assert_eq!(reactions.to_string(), "👍1");
+
        Ok(())
    }

--- a/src/receive_imf.rs
+++ b/src/receive_imf.rs
@@ -1,6 +1,6 @@
 //! Internet Message Format reception pipeline.

-use std::collections::{HashMap, HashSet};
+use std::collections::{BTreeMap, HashSet};
 use std::iter;
 use std::sync::LazyLock;

@@ -18,7 +18,7 @@ use crate::chat::{
    self, Chat, ChatId, ChatIdBlocked, ProtectionStatus, remove_from_chat_contacts_table,
 };
 use crate::config::Config;
-use crate::constants::{Blocked, Chattype, DC_CHAT_ID_TRASH, EDITED_PREFIX, ShowEmails};
+use crate::constants::{self, Blocked, Chattype, DC_CHAT_ID_TRASH, EDITED_PREFIX, ShowEmails};
 use crate::contact::{Contact, ContactId, Origin, mark_contact_id_as_verified};
 use crate::context::Context;
 use crate::debug_logging::maybe_set_logging_xdc_inner;
@@ -28,14 +28,14 @@ use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
 use crate::imap::{GENERATED_PREFIX, markseen_on_imap_table};
 use crate::key::self_fingerprint_opt;
-use crate::key::{DcKey, Fingerprint, SignedPublicKey};
+use crate::key::{DcKey, Fingerprint};
 use crate::log::LogExt;
 use crate::log::{info, warn};
 use crate::logged_debug_assert;
 use crate::message::{
    self, Message, MessageState, MessengerMessage, MsgId, Viewtype, rfc724_mid_exists,
 };
-use crate::mimeparser::{AvatarAction, MimeMessage, SystemMessage, parse_message_ids};
+use crate::mimeparser::{AvatarAction, GossipedKey, MimeMessage, SystemMessage, parse_message_ids};
 use crate::param::{Param, Params};
 use crate::peer_channels::{add_gossip_peer_from_header, insert_topic_stub};
 use crate::reaction::{Reaction, set_msg_reaction};
@@ -297,18 +297,16 @@ async fn get_to_and_past_contact_ids(
        past_member_fingerprints = &[];
    }

-    let pgp_to_ids = add_or_lookup_key_contacts_by_address_list(
-        context,
-        &mime_parser.recipients,
-        &mime_parser.gossiped_keys,
-        to_member_fingerprints,
-        Origin::Hidden,
-    )
-    .await?;
-
    match chat_assignment {
        ChatAssignment::GroupChat { .. } => {
-            to_ids = pgp_to_ids;
+            to_ids = add_or_lookup_key_contacts(
+                context,
+                &mime_parser.recipients,
+                &mime_parser.gossiped_keys,
+                to_member_fingerprints,
+                Origin::Hidden,
+            )
+            .await?;

            if let Some(chat_id) = chat_id {
                past_ids = lookup_key_contacts_by_address_list(
@@ -319,7 +317,7 @@ async fn get_to_and_past_contact_ids(
                )
                .await?;
            } else {
-                past_ids = add_or_lookup_key_contacts_by_address_list(
+                past_ids = add_or_lookup_key_contacts(
                    context,
                    &mime_parser.past_members,
                    &mime_parser.gossiped_keys,
@@ -336,7 +334,14 @@ async fn get_to_and_past_contact_ids(
        ChatAssignment::ExistingChat { chat_id, .. } => {
            let chat = Chat::load_from_db(context, *chat_id).await?;
            if chat.is_encrypted(context).await? {
-                to_ids = pgp_to_ids;
+                to_ids = add_or_lookup_key_contacts(
+                    context,
+                    &mime_parser.recipients,
+                    &mime_parser.gossiped_keys,
+                    to_member_fingerprints,
+                    Origin::Hidden,
+                )
+                .await?;
                past_ids = lookup_key_contacts_by_address_list(
                    context,
                    &mime_parser.past_members,
@@ -388,6 +393,14 @@ async fn get_to_and_past_contact_ids(
            .await?;
        }
        ChatAssignment::OneOneChat => {
+            let pgp_to_ids = add_or_lookup_key_contacts(
+                context,
+                &mime_parser.recipients,
+                &mime_parser.gossiped_keys,
+                to_member_fingerprints,
+                Origin::Hidden,
+            )
+            .await?;
            if pgp_to_ids
                .first()
                .is_some_and(|contact_id| contact_id.is_some())
@@ -429,7 +442,7 @@ async fn get_to_and_past_contact_ids(
                            context,
                            &mime_parser.recipients,
                            to_member_fingerprints,
-                            chat_id,
+                            None,
                        )
                        .await?
                    }
@@ -617,8 +630,7 @@ pub(crate) async fn receive_imf_inner(
        return Ok(None);
    };

-    let prevent_rename = (mime_parser.is_mailinglist_message() && !mime_parser.was_encrypted())
-        || mime_parser.get_header(HeaderDef::Sender).is_some();
+    let prevent_rename = should_prevent_rename(&mime_parser);

    // get From: (it can be an address list!) and check if it is known (for known From:'s we add
    // the other To:/Cc: in the 3rd pass)
@@ -751,7 +763,6 @@ pub(crate) async fn receive_imf_inner(
        let show_emails = ShowEmails::from_i32(context.get_config_int(Config::ShowEmails).await?)
            .unwrap_or_default();

-        let is_reaction = mime_parser.parts.iter().any(|part| part.is_reaction);
        let allow_creation = if mime_parser.decrypting_failed {
            false
        } else if mime_parser.is_system_message != SystemMessage::AutocryptSetupMessage
@@ -765,7 +776,7 @@ pub(crate) async fn receive_imf_inner(
                ShowEmails::All => true,
            }
        } else {
-            !is_reaction
+            !mime_parser.parts.iter().all(|part| part.is_reaction)
        };

        let to_id = if mime_parser.incoming {
@@ -824,7 +835,7 @@ pub(crate) async fn receive_imf_inner(
            context
                .sql
                .transaction(move |transaction| {
-                    let fingerprint = gossiped_key.dc_fingerprint().hex();
+                    let fingerprint = gossiped_key.public_key.dc_fingerprint().hex();
                    transaction.execute(
                        "INSERT INTO gossip_timestamp (chat_id, fingerprint, timestamp)
                         VALUES                       (?, ?, ?)
@@ -982,19 +993,20 @@ pub(crate) async fn receive_imf_inner(
                )
                .await?;
        }
-        if target.is_none() && !mime_parser.mdn_reports.is_empty() && mime_parser.has_chat_version()
-        {
-            // This is a Delta Chat MDN. Mark as read.
-            markseen_on_imap_table(context, rfc724_mid_orig).await?;
-        }
    }

-    if received_msg.hidden {
+    if mime_parser.is_call() {
+        context
+            .handle_call_msg(insert_msg_id, &mime_parser, from_id)
+            .await?;
+    } else if received_msg.hidden {
        // No need to emit an event about the changed message
    } else if let Some(replace_chat_id) = replace_chat_id {
        context.emit_msgs_changed_without_msg_id(replace_chat_id);
    } else if !chat_id.is_trash() {
-        let fresh = received_msg.state == MessageState::InFresh;
+        let fresh = received_msg.state == MessageState::InFresh
+            && mime_parser.is_system_message != SystemMessage::CallAccepted
+            && mime_parser.is_system_message != SystemMessage::CallEnded;
        for msg_id in &received_msg.msg_ids {
            chat_id.emit_msg_event(context, *msg_id, mime_parser.incoming && fresh);
        }
@@ -1128,8 +1140,9 @@ async fn decide_chat_assignment(
        info!(context, "Message is an MDN (TRASH).");
        true
    } else if mime_parser.delivery_report.is_some() {
+        // Auto-marking DSNs as IMAP-seen should be avoided because the user may want to see them in
+        // another MUA.
        info!(context, "Message is a DSN (TRASH).");
-        markseen_on_imap_table(context, rfc724_mid).await.ok();
        true
    } else if mime_parser.get_header(HeaderDef::ChatEdit).is_some()
        || mime_parser.get_header(HeaderDef::ChatDelete).is_some()
@@ -1138,6 +1151,11 @@ async fn decide_chat_assignment(
    {
        info!(context, "Chat edit/delete/iroh/sync message (TRASH).");
        true
+    } else if mime_parser.is_system_message == SystemMessage::CallAccepted
+        || mime_parser.is_system_message == SystemMessage::CallEnded
+    {
+        info!(context, "Call state changed (TRASH).");
+        true
    } else if mime_parser.decrypting_failed && !mime_parser.incoming {
        // Outgoing undecryptable message.
        let last_time = context
@@ -1206,17 +1224,21 @@ async fn decide_chat_assignment(
    //
    // The chat may not exist yet, i.e. there may be
    // no database row and ChatId yet.
-    let mut num_recipients = mime_parser.recipients.len();
-    if from_id != ContactId::SELF {
-        let mut has_self_addr = false;
-        for recipient in &mime_parser.recipients {
-            if context.is_self_addr(&recipient.addr).await? {
-                has_self_addr = true;
-            }
+    let mut num_recipients = 0;
+    let mut has_self_addr = false;
+    for recipient in &mime_parser.recipients {
+        if addr_cmp(&recipient.addr, &mime_parser.from.addr) {
+            continue;
        }
-        if !has_self_addr {
-            num_recipients += 1;
+
+        if context.is_self_addr(&recipient.addr).await? {
+            has_self_addr = true;
        }
+
+        num_recipients += 1;
+    }
+    if from_id != ContactId::SELF && !has_self_addr {
+        num_recipients += 1;
    }

    let chat_assignment = if should_trash {
@@ -1259,11 +1281,15 @@ async fn decide_chat_assignment(
                chat_id,
                chat_id_blocked,
            }
+        } else if mime_parser.get_header(HeaderDef::ChatGroupName).is_some() {
+            ChatAssignment::AdHocGroup
        } else if num_recipients <= 1 {
            ChatAssignment::OneOneChat
        } else {
            ChatAssignment::AdHocGroup
        }
+    } else if mime_parser.get_header(HeaderDef::ChatGroupName).is_some() {
+        ChatAssignment::AdHocGroup
    } else if num_recipients <= 1 {
        ChatAssignment::OneOneChat
    } else {
@@ -1384,7 +1410,6 @@ async fn do_chat_assignment(
                    context,
                    mime_parser,
                    to_ids,
-                    from_id,
                    allow_creation || test_normal_chat.is_some(),
                    create_blocked,
                    is_partial_download.is_some(),
@@ -1461,19 +1486,16 @@ async fn do_chat_assignment(
                        chat.typ == Chattype::Single,
                        "Chat {chat_id} is not Single",
                    );
-                    let mut new_protection = match verified_encryption {
+                    let new_protection = match verified_encryption {
                        VerifiedEncryption::Verified => ProtectionStatus::Protected,
                        VerifiedEncryption::NotVerified(_) => ProtectionStatus::Unprotected,
                    };

-                    if chat.protected != ProtectionStatus::Unprotected
-                        && new_protection == ProtectionStatus::Unprotected
-                        // `chat.protected` must be maintained regardless of the `Config::VerifiedOneOnOneChats`.
-                        // That's why the config is checked here, and not above.
-                        && context.get_config_bool(Config::VerifiedOneOnOneChats).await?
-                    {
-                        new_protection = ProtectionStatus::ProtectionBroken;
-                    }
+                    ensure_and_debug_assert!(
+                        chat.protected == ProtectionStatus::Unprotected
+                            || new_protection == ProtectionStatus::Protected,
+                        "Chat {chat_id} can't downgrade to Unprotected",
+                    );
                    if chat.protected != new_protection {
                        // The message itself will be sorted under the device message since the device
                        // message is `MessageState::InNoticed`, which means that all following
@@ -1557,7 +1579,6 @@ async fn do_chat_assignment(
                    context,
                    mime_parser,
                    to_ids,
-                    from_id,
                    allow_creation,
                    Blocked::Not,
                    is_partial_download.is_some(),
@@ -1662,12 +1683,12 @@ async fn add_parts(
        }
    }

+    let mut chat = Chat::load_from_db(context, chat_id).await?;
+
    if mime_parser.incoming && !chat_id.is_trash() {
        // It can happen that the message is put into a chat
        // but the From-address is not a member of this chat.
        if !chat::is_contact_in_chat(context, chat_id, from_id).await? {
-            let chat = Chat::load_from_db(context, chat_id).await?;
-
            // Mark the sender as overridden.
            // The UI will prepend `~` to the sender's name,
            // indicating that the sender is not part of the group.
@@ -1675,12 +1696,6 @@ async fn add_parts(
            let name: &str = from.display_name.as_ref().unwrap_or(&from.addr);
            for part in &mut mime_parser.parts {
                part.param.set(Param::OverrideSenderDisplayname, name);
-
-                if chat.is_protected() {
-                    // In protected chat, also mark the message with an error.
-                    let s = stock_str::unknown_sender_for_chat(context).await;
-                    part.error = Some(s);
-                }
            }
        }
    }
@@ -1688,7 +1703,6 @@ async fn add_parts(
    let is_location_kml = mime_parser.location_kml.is_some();
    let is_mdn = !mime_parser.mdn_reports.is_empty();

-    let mut chat = Chat::load_from_db(context, chat_id).await?;
    let mut group_changes = match chat.typ {
        _ if chat.id.is_special() => GroupChangesInfo::default(),
        Chattype::Single => GroupChangesInfo::default(),
@@ -1838,6 +1852,8 @@ async fn add_parts(
    {
        Some(stock_str::msg_location_enabled_by(context, from_id).await)
    } else if mime_parser.is_system_message == SystemMessage::EphemeralTimerChanged {
+        let better_msg = stock_ephemeral_timer_changed(context, ephemeral_timer, from_id).await;
+
        // Do not delete the system message itself.
        //
        // This prevents confusion when timer is changed
@@ -1846,31 +1862,12 @@ async fn add_parts(
        // week is left.
        ephemeral_timer = EphemeralTimer::Disabled;

-        Some(stock_ephemeral_timer_changed(context, ephemeral_timer, from_id).await)
+        Some(better_msg)
    } else {
        None
    };

-    // if a chat is protected and the message is fully downloaded, check additional properties
-    if !chat_id.is_special() && is_partial_download.is_none() {
-        let chat = Chat::load_from_db(context, chat_id).await?;
-
-        // For outgoing emails in the 1:1 chat we have an exception that
-        // they are allowed to be unencrypted:
-        // 1. They can't be an attack (they are outgoing, not incoming)
-        // 2. Probably the unencryptedness is just a temporary state, after all
-        //    the user obviously still uses DC
-        //    -> Showing info messages every time would be a lot of noise
-        // 3. The info messages that are shown to the user ("Your chat partner
-        //    likely reinstalled DC" or similar) would be wrong.
-        if chat.is_protected() && (mime_parser.incoming || chat.typ != Chattype::Single) {
-            if let VerifiedEncryption::NotVerified(err) = verified_encryption {
-                warn!(context, "Verification problem: {err:#}.");
-                let s = format!("{err}. See 'Info' for more details");
-                mime_parser.replace_msg_by_error(&s);
-            }
-        }
-    }
+    drop(chat); // Avoid using stale `chat` object.

    let sort_timestamp = tweak_sort_timestamp(
        context,
@@ -1983,10 +1980,28 @@ async fn add_parts(

    handle_edit_delete(context, mime_parser, from_id).await?;

-    let is_reaction = mime_parser.parts.iter().any(|part| part.is_reaction);
-    let hidden = is_reaction;
+    if mime_parser.is_system_message == SystemMessage::CallAccepted
+        || mime_parser.is_system_message == SystemMessage::CallEnded
+    {
+        if let Some(field) = mime_parser.get_header(HeaderDef::InReplyTo) {
+            if let Some(call) =
+                message::get_by_rfc724_mids(context, &parse_message_ids(field)).await?
+            {
+                context
+                    .handle_call_msg(call.get_id(), mime_parser, from_id)
+                    .await?;
+            } else {
+                warn!(context, "Call: Cannot load parent.")
+            }
+        } else {
+            warn!(context, "Call: Not a reply.")
+        }
+    }
+
+    let hidden = mime_parser.parts.iter().all(|part| part.is_reaction);
    let mut parts = mime_parser.parts.iter().peekable();
    while let Some(part) = parts.next() {
+        let hidden = part.is_reaction;
        if part.is_reaction {
            let reaction_str = simplify::remove_footers(part.msg.as_str());
            let is_incoming_fresh = mime_parser.incoming && !seen;
@@ -2149,7 +2164,7 @@ RETURNING id
        created_db_entries.push(row_id);
    }

-    // check all parts whether they contain a new logging webxdc
+    // Maybe set logging xdc and add gossip topics for webxdcs.
    for (part, msg_id) in mime_parser.parts.iter().zip(&created_db_entries) {
        // check if any part contains a webxdc topic id
        if part.typ == Viewtype::Webxdc {
@@ -2452,7 +2467,6 @@ async fn lookup_or_create_adhoc_group(
    context: &Context,
    mime_parser: &MimeMessage,
    to_ids: &[Option<ContactId>],
-    from_id: ContactId,
    allow_creation: bool,
    create_blocked: Blocked,
    is_partial_download: bool,
@@ -2475,10 +2489,29 @@ async fn lookup_or_create_adhoc_group(
        return Ok(None);
    }

+    // Lookup address-contact by the From address.
+    let fingerprint = None;
+    let find_key_contact_by_addr = false;
+    let prevent_rename = should_prevent_rename(mime_parser);
+    let (from_id, _from_id_blocked, _incoming_origin) = from_field_to_contact_id(
+        context,
+        &mime_parser.from,
+        fingerprint,
+        prevent_rename,
+        find_key_contact_by_addr,
+    )
+    .await?
+    .context("Cannot lookup address-contact by the From field")?;
+
    let grpname = mime_parser
-        .get_subject()
-        .map(|s| remove_subject_prefix(&s))
-        .unwrap_or_else(|| "👥📧".to_string());
+        .get_header(HeaderDef::ChatGroupName)
+        .map(|s| s.to_string())
+        .unwrap_or_else(|| {
+            mime_parser
+                .get_subject()
+                .map(|s| remove_subject_prefix(&s))
+                .unwrap_or_else(|| "👥📧".to_string())
+        });
    let to_ids: Vec<ContactId> = to_ids.iter().filter_map(|x| *x).collect();
    let mut contact_ids = Vec::with_capacity(to_ids.len() + 1);
    contact_ids.extend(&to_ids);
@@ -2843,20 +2876,13 @@ async fn apply_group_changes(
    let is_from_in_chat =
        !chat_contacts.contains(&ContactId::SELF) || chat_contacts.contains(&from_id);

-    if mime_parser.get_header(HeaderDef::ChatVerified).is_some() {
+    if mime_parser.get_header(HeaderDef::ChatVerified).is_some() && !chat.is_protected() {
        if let VerifiedEncryption::NotVerified(err) = verified_encryption {
-            if chat.is_protected() {
-                warn!(context, "Verification problem: {err:#}.");
-                let s = format!("{err}. See 'Info' for more details");
-                mime_parser.replace_msg_by_error(&s);
-            } else {
-                warn!(
-                    context,
-                    "Not marking chat {} as protected due to verification problem: {err:#}.",
-                    chat.id
-                );
-            }
-        } else if !chat.is_protected() {
+            warn!(
+                context,
+                "Not marking chat {} as protected due to verification problem: {err:#}.", chat.id,
+            );
+        } else {
            chat.id
                .set_protection(
                    context,
@@ -2896,7 +2922,7 @@ async fn apply_group_changes(
            // highest `add_timestamp` to disambiguate.
            // The result of the error is that info message
            // may contain display name of the wrong contact.
-            let fingerprint = key.dc_fingerprint().hex();
+            let fingerprint = key.public_key.dc_fingerprint().hex();
            if let Some(contact_id) =
                lookup_key_contact_by_fingerprint(context, &fingerprint).await?
            {
@@ -3638,15 +3664,34 @@ async fn mark_recipients_as_verified(
    to_ids: &[Option<ContactId>],
    mimeparser: &MimeMessage,
 ) -> Result<()> {
+    let verifier_id = Some(from_id).filter(|&id| id != ContactId::SELF);
+    for gossiped_key in mimeparser
+        .gossiped_keys
+        .values()
+        .filter(|gossiped_key| gossiped_key.verified)
+    {
+        let fingerprint = gossiped_key.public_key.dc_fingerprint().hex();
+        let Some(to_id) = lookup_key_contact_by_fingerprint(context, &fingerprint).await? else {
+            continue;
+        };
+
+        if to_id == ContactId::SELF || to_id == from_id {
+            continue;
+        }
+
+        mark_contact_id_as_verified(context, to_id, verifier_id).await?;
+        ChatId::set_protection_for_contact(context, to_id, mimeparser.timestamp_sent).await?;
+    }
+
    if mimeparser.get_header(HeaderDef::ChatVerified).is_none() {
        return Ok(());
    }
    for to_id in to_ids.iter().filter_map(|&x| x) {
-        if to_id == ContactId::SELF {
+        if to_id == ContactId::SELF || to_id == from_id {
            continue;
        }

-        mark_contact_id_as_verified(context, to_id, from_id).await?;
+        mark_contact_id_as_verified(context, to_id, verifier_id).await?;
        ChatId::set_protection_for_contact(context, to_id, mimeparser.timestamp_sent).await?;
    }

@@ -3730,10 +3775,10 @@ async fn add_or_lookup_contacts_by_address_list(
 }

 /// Looks up contact IDs from the database given the list of recipients.
-async fn add_or_lookup_key_contacts_by_address_list(
+async fn add_or_lookup_key_contacts(
    context: &Context,
    address_list: &[SingleInfo],
-    gossiped_keys: &HashMap<String, SignedPublicKey>,
+    gossiped_keys: &BTreeMap<String, GossipedKey>,
    fingerprints: &[Fingerprint],
    origin: Origin,
 ) -> Result<Vec<Option<ContactId>>> {
@@ -3749,7 +3794,10 @@ async fn add_or_lookup_key_contacts_by_address_list(
            // Iterator has not ran out of fingerprints yet.
            fp.hex()
        } else if let Some(key) = gossiped_keys.get(addr) {
-            key.dc_fingerprint().hex()
+            key.public_key.dc_fingerprint().hex()
+        } else if context.is_self_addr(addr).await? {
+            contact_ids.push(Some(ContactId::SELF));
+            continue;
        } else {
            contact_ids.push(None);
            continue;
@@ -3778,13 +3826,16 @@ async fn add_or_lookup_key_contacts_by_address_list(
 /// Looks up a key-contact by email address.
 ///
 /// If provided, `chat_id` must be an encrypted chat ID that has key-contacts inside.
-/// Otherwise the function searches in all contacts, returning the recently seen one.
+/// Otherwise the function searches in all contacts, preferring accepted and most recently seen ones.
 async fn lookup_key_contact_by_address(
    context: &Context,
    addr: &str,
    chat_id: Option<ChatId>,
 ) -> Result<Option<ContactId>> {
    if context.is_self_addr(addr).await? {
+        if chat_id.is_none() {
+            return Ok(Some(ContactId::SELF));
+        }
        let is_self_in_chat = context
            .sql
            .exists(
@@ -3821,11 +3872,26 @@ async fn lookup_key_contact_by_address(
                .sql
                .query_row_optional(
                    "SELECT id FROM contacts
-                     WHERE contacts.addr=?1
+                     WHERE addr=?
                     AND fingerprint<>''
-                     ORDER BY last_seen DESC, id DESC
+                     ORDER BY
+                         (
+                             SELECT COUNT(*) FROM chats c
+                             INNER JOIN chats_contacts cc
+                             ON c.id=cc.chat_id
+                             WHERE c.type=?
+                                 AND c.id>?
+                                 AND c.blocked=?
+                                 AND cc.contact_id=contacts.id
+                         ) DESC,
+                         last_seen DESC, id DESC
                     ",
-                    (addr,),
+                    (
+                        addr,
+                        Chattype::Single,
+                        constants::DC_CHAT_ID_LAST_SPECIAL,
+                        Blocked::Not,
+                    ),
                    |row| {
                        let contact_id: ContactId = row.get(0)?;
                        Ok(contact_id)
@@ -3933,5 +3999,12 @@ async fn lookup_key_contacts_by_address_list(
    Ok(contact_ids)
 }

+/// Returns true if the message should not result in renaming
+/// of the sender contact.
+fn should_prevent_rename(mime_parser: &MimeMessage) -> bool {
+    (mime_parser.is_mailinglist_message() && !mime_parser.was_encrypted())
+        || mime_parser.get_header(HeaderDef::Sender).is_some()
+}
+
 #[cfg(test)]
 mod receive_imf_tests;
--- a/src/receive_imf/receive_imf_tests.rs
+++ b/src/receive_imf/receive_imf_tests.rs
@@ -991,6 +991,7 @@ async fn test_other_device_writes_to_mailinglist() -> Result<()> {
            .await?
            .unwrap();
    let list_post_contact = Contact::get_by_id(&t, list_post_contact_id).await?;
+    assert_eq!(list_post_contact.is_key_contact(), false);
    assert_eq!(
        list_post_contact.param.get(Param::ListId).unwrap(),
        "delta.codespeak.net"
@@ -1453,6 +1454,7 @@ async fn test_apply_mailinglist_changes_assigned_by_reply() {
    .unwrap()
    .unwrap();
    let contact = Contact::get_by_id(&t, contact_id).await.unwrap();
+    assert_eq!(contact.is_key_contact(), false);
    assert_eq!(
        contact.param.get(Param::ListId).unwrap(),
        "deltachat-core-rust.deltachat.github.com"
@@ -3050,6 +3052,39 @@ async fn test_auto_accept_protected_group_for_bots() -> Result<()> {
    Ok(())
 }

+/// Regression test for a bug where receive_imf() failed
+/// if the sender of a verification-gossiping message
+/// also put itself into the To header.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_verification_gossip() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    mark_as_verified(alice, bob).await;
+    mark_as_verified(bob, alice).await;
+
+    // This is message sent by Alice with verified encryption
+    // that gossips Fiona's verification,
+    // and for some reason, Alice also put herself into the To: header.
+    let imf_raw =
+        include_bytes!("../../test-data/message/verification-gossip-also-sent-to-from.eml");
+
+    // The regression test is that receive_imf() doesn't panic:
+    let msg = receive_imf(bob, imf_raw, false).await?.unwrap();
+    let msg = Message::load_from_db(bob, msg.msg_ids[0]).await?;
+    assert_eq!(msg.text, "Hello!");
+    assert!(
+        bob.add_or_lookup_contact(fiona)
+            .await
+            .is_verified(bob)
+            .await?
+    );
+
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_bot_accepts_another_group_after_qr_scan() -> Result<()> {
    let mut tcm = TestContextManager::new();
@@ -3281,6 +3316,31 @@ async fn test_thunderbird_autocrypt() -> Result<()> {
    Ok(())
 }

+/// Tests that a message without an Autocrypt header is assigned to the key-contact
+/// by using the signature Issuer Fingerprint.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_issuer_fingerprint() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    let alice_contact_id = bob.add_or_lookup_contact_id(alice).await;
+
+    let raw = include_bytes!("../../test-data/message/encrypted-signed.eml");
+    let received_msg = receive_imf(bob, raw, false).await?.unwrap();
+
+    assert_eq!(received_msg.msg_ids.len(), 1);
+    let msg_id = received_msg.msg_ids[0];
+
+    let message = Message::load_from_db(bob, msg_id).await?;
+    assert!(message.get_showpadlock());
+
+    let from_id = message.from_id;
+    assert_eq!(from_id, alice_contact_id);
+
+    Ok(())
+}
+
 /// Tests reception of a message from Thunderbird with attached key.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_prefer_encrypt_mutual_if_encrypted() -> Result<()> {
@@ -3649,10 +3709,13 @@ async fn test_mua_user_adds_recipient_to_single_chat() -> Result<()> {
        chat::get_chat_contacts(&alice, group_chat.id).await?.len(),
        4
    );
-    let fiona = Contact::lookup_id_by_addr(&alice, "fiona@example.net", Origin::IncomingTo)
-        .await?
-        .unwrap();
-    assert!(chat::is_contact_in_chat(&alice, group_chat.id, fiona).await?);
+    let fiona_contact_id =
+        Contact::lookup_id_by_addr(&alice, "fiona@example.net", Origin::IncomingTo)
+            .await?
+            .unwrap();
+    assert!(chat::is_contact_in_chat(&alice, group_chat.id, fiona_contact_id).await?);
+    let fiona_contact = Contact::get_by_id(&alice, fiona_contact_id).await?;
+    assert_eq!(fiona_contact.is_key_contact(), false);

    Ok(())
 }
@@ -5053,6 +5116,58 @@ async fn test_two_group_securejoins() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_unverified_member_msg() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    let alice_chat_id =
+        chat::create_group_chat(alice, ProtectionStatus::Protected, "Group").await?;
+    let qr = get_securejoin_qr(alice, Some(alice_chat_id)).await?;
+
+    tcm.exec_securejoin_qr(bob, alice, &qr).await;
+    tcm.exec_securejoin_qr(fiona, alice, &qr).await;
+
+    let fiona_chat_id = fiona.get_last_msg().await.chat_id;
+    let fiona_sent_msg = fiona.send_text(fiona_chat_id, "Hi").await;
+
+    // The message is by non-verified member,
+    // but the checks have been removed
+    // and the message should be downloaded as usual.
+    let bob_msg = bob.recv_msg(&fiona_sent_msg).await;
+    assert_eq!(bob_msg.download_state, DownloadState::Done);
+    assert_eq!(bob_msg.text, "Hi");
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_dont_reverify_by_self_on_outgoing_msg() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let a0 = &tcm.alice().await;
+    let a1 = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let fiona = &tcm.fiona().await;
+
+    let bob_chat_id = chat::create_group_chat(bob, ProtectionStatus::Protected, "Group").await?;
+    let qr = get_securejoin_qr(bob, Some(bob_chat_id)).await?;
+    tcm.exec_securejoin_qr(fiona, bob, &qr).await;
+    tcm.exec_securejoin_qr(a0, bob, &qr).await;
+    tcm.exec_securejoin_qr(a1, bob, &qr).await;
+
+    let a0_chat_id = a0.get_last_msg().await.chat_id;
+    let a0_sent_msg = a0.send_text(a0_chat_id, "Hi").await;
+    a1.recv_msg(&a0_sent_msg).await;
+    let a1_bob_id = a1.add_or_lookup_contact_id(bob).await;
+    let a1_fiona = a1.add_or_lookup_contact(fiona).await;
+    assert_eq!(
+        a1_fiona.get_verifier_id(a1).await?.unwrap().unwrap(),
+        a1_bob_id
+    );
+    Ok(())
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_sanitize_filename_in_received() -> Result<()> {
    let alice = &TestContext::new_alice().await;
@@ -5269,3 +5384,176 @@ async fn test_outgoing_unencrypted_chat_assignment() {
    let chat = alice.create_email_chat(bob).await;
    assert_eq!(received.chat_id, chat.id);
 }
+
+/// Tests Bob receiving a message from Alice
+/// in a new group she just created
+/// with only Alice and Bob.
+///
+/// The message has no Autocrypt-Gossip
+/// headers and no Chat-Group-Member-Fpr header.
+/// Such messages were created by core 1.159.5
+/// when Alice has bcc_self disabled
+/// as Chat-Group-Member-Fpr header did not exist
+/// yet and Autocrypt-Gossip is not sent
+/// as there is only one recipient
+/// (Bob, and no additional Alice devices).
+///
+/// Bob should recognize self as being
+/// a member of the group by just the e-mail address.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_group_introduction_no_gossip() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let bob = &tcm.bob().await;
+
+    let received = receive_imf(
+        bob,
+        include_bytes!("../../test-data/message/group-introduction-no-gossip.eml"),
+        false,
+    )
+    .await
+    .unwrap()
+    .unwrap();
+    let msg = Message::load_from_db(bob, *received.msg_ids.last().unwrap())
+        .await
+        .unwrap();
+    assert_eq!(msg.text, "I created a group");
+    let chat = Chat::load_from_db(bob, msg.chat_id).await.unwrap();
+    assert_eq!(chat.typ, Chattype::Group);
+    assert_eq!(chat.blocked, Blocked::Request);
+    assert_eq!(chat.name, "Group!");
+    assert!(chat.is_encrypted(bob).await.unwrap());
+
+    let contacts = get_chat_contacts(bob, chat.id).await?;
+    assert_eq!(contacts.len(), 2);
+    assert!(chat.is_self_in_chat(bob).await?);
+
+    Ok(())
+}
+
+/// Tests reception of an encrypted group message
+/// without Chat-Group-ID.
+///
+/// The message should be displayed as
+/// encrypted and have key-contact `from_id`,
+/// but all group members should be address-contacts.
+///
+/// Due to a bug in v2.10.0 this resulted
+/// in creation of an ad hoc group with a key-contact.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_encrypted_adhoc_group_message() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    // Bob receives encrypted message from Alice
+    // sent to multiple recipients,
+    // but without a group ID.
+    let received = receive_imf(
+        bob,
+        include_bytes!("../../test-data/message/encrypted-group-without-id.eml"),
+        false,
+    )
+    .await?
+    .unwrap();
+    let msg = Message::load_from_db(bob, *received.msg_ids.last().unwrap())
+        .await
+        .unwrap();
+
+    let chat = Chat::load_from_db(bob, msg.chat_id).await.unwrap();
+    assert_eq!(chat.typ, Chattype::Group);
+    assert_eq!(chat.is_encrypted(bob).await?, false);
+
+    let contact_ids = get_chat_contacts(bob, chat.id).await?;
+    assert_eq!(contact_ids.len(), 3);
+    assert!(chat.is_self_in_chat(bob).await?);
+
+    // Since the group is unencrypted, all contacts have
+    // to be address-contacts.
+    for contact_id in contact_ids {
+        let contact = Contact::get_by_id(bob, contact_id).await?;
+        if contact_id != ContactId::SELF {
+            assert_eq!(contact.is_key_contact(), false);
+        }
+    }
+
+    // `from_id` of the message corresponds to key-contact of Alice
+    // even though the message is assigned to unencrypted chat.
+    let alice_contact_id = bob.add_or_lookup_contact_id(alice).await;
+    assert_eq!(msg.from_id, alice_contact_id);
+
+    Ok(())
+}
+
+/// Tests that messages sent to unencrypted group
+/// with only two members arrive in a group
+/// and not in 1:1 chat.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_small_unencrypted_group() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+
+    let alice_chat_id = chat::create_group_ex(alice, None, "Unencrypted group").await?;
+    let alice_bob_id = alice.add_or_lookup_address_contact_id(bob).await;
+    add_contact_to_chat(alice, alice_chat_id, alice_bob_id).await?;
+    send_text_msg(alice, alice_chat_id, "Hello!".to_string()).await?;
+
+    let sent_msg = alice.pop_sent_msg().await;
+    let bob_chat_id = bob.recv_msg(&sent_msg).await.chat_id;
+    let bob_chat = Chat::load_from_db(bob, bob_chat_id).await?;
+
+    assert_eq!(bob_chat.typ, Chattype::Group);
+    assert_eq!(bob_chat.is_encrypted(bob).await?, false);
+
+    bob_chat_id.accept(bob).await?;
+    send_text_msg(bob, bob_chat_id, "Hello back!".to_string()).await?;
+    let sent_msg = bob.pop_sent_msg().await;
+    let alice_rcvd_msg = alice.recv_msg(&sent_msg).await;
+    assert_eq!(alice_rcvd_msg.chat_id, alice_chat_id);
+
+    Ok(())
+}
+
+/// Tests that if the sender includes self
+/// in the `To` field, we do not count
+/// it as a third recipient in addition to ourselves
+/// and the sender and do not create a group chat.
+///
+/// This is a regression test.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_bcc_not_a_group() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+
+    let received = receive_imf(
+        alice,
+        b"From: \"\"<foobar@example.org>\n\
+          To: <foobar@example.org>\n\
+          Subject: Hello, this is not a group\n\
+          Message-ID: <abcdef@example.org>\n\
+          Chat-Version: 1.0\n\
+          Date: Sun, 22 Mar 2020 22:37:57 +0000\n\
+          \n\
+          hello\n",
+        false,
+    )
+    .await?
+    .unwrap();
+
+    let received_chat = Chat::load_from_db(alice, received.chat_id).await?;
+    assert_eq!(received_chat.typ, Chattype::Single);
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_lookup_key_contact_by_address_self() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let t = &tcm.alice().await;
+    let addr = &t.get_config(Config::Addr).await?.unwrap();
+    assert_eq!(
+        lookup_key_contact_by_address(t, addr, None).await?,
+        Some(ContactId::SELF)
+    );
+    Ok(())
+}
--- a/src/scheduler.rs
+++ b/src/scheduler.rs
@@ -8,12 +8,12 @@ use async_channel::{self as channel, Receiver, Sender};
 use futures::future::try_join_all;
 use futures_lite::FutureExt;
 use rand::Rng;
-use tokio::sync::{RwLock, RwLockWriteGuard, oneshot};
+use tokio::sync::{RwLock, oneshot};
 use tokio::task;
 use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;

-use self::connectivity::ConnectivityStore;
+pub(crate) use self::connectivity::ConnectivityStore;
 use crate::config::{self, Config};
 use crate::constants;
 use crate::contact::{ContactId, RecentlySeenLoop};
@@ -53,32 +53,32 @@ impl SchedulerState {
    }

    /// Starts the scheduler if it is not yet started.
-    pub(crate) async fn start(&self, context: Context) {
+    pub(crate) async fn start(&self, context: &Context) {
        let mut inner = self.inner.write().await;
        match *inner {
            InnerSchedulerState::Started(_) => (),
-            InnerSchedulerState::Stopped => Self::do_start(inner, context).await,
+            InnerSchedulerState::Stopped => Self::do_start(&mut inner, context).await,
            InnerSchedulerState::Paused {
                ref mut started, ..
            } => *started = true,
        }
+        context.update_connectivities(&inner);
    }

    /// Starts the scheduler if it is not yet started.
-    async fn do_start(mut inner: RwLockWriteGuard<'_, InnerSchedulerState>, context: Context) {
+    async fn do_start(inner: &mut InnerSchedulerState, context: &Context) {
        info!(context, "starting IO");

        // Notify message processing loop
        // to allow processing old messages after restart.
        context.new_msgs_notify.notify_one();

-        let ctx = context.clone();
-        match Scheduler::start(&context).await {
+        match Scheduler::start(context).await {
            Ok(scheduler) => {
                *inner = InnerSchedulerState::Started(scheduler);
                context.emit_event(EventType::ConnectivityChanged);
            }
-            Err(err) => error!(&ctx, "Failed to start IO: {:#}", err),
+            Err(err) => error!(context, "Failed to start IO: {:#}", err),
        }
    }

@@ -87,18 +87,19 @@ impl SchedulerState {
        let mut inner = self.inner.write().await;
        match *inner {
            InnerSchedulerState::Started(_) => {
-                Self::do_stop(inner, context, InnerSchedulerState::Stopped).await
+                Self::do_stop(&mut inner, context, InnerSchedulerState::Stopped).await
            }
            InnerSchedulerState::Stopped => (),
            InnerSchedulerState::Paused {
                ref mut started, ..
            } => *started = false,
        }
+        context.update_connectivities(&inner);
    }

    /// Stops the scheduler if it is currently running.
    async fn do_stop(
-        mut inner: RwLockWriteGuard<'_, InnerSchedulerState>,
+        inner: &mut InnerSchedulerState,
        context: &Context,
        new_state: InnerSchedulerState,
    ) {
@@ -122,7 +123,7 @@ impl SchedulerState {
            debug_logging.loop_handle.abort();
            debug_logging.loop_handle.await.ok();
        }
-        let prev_state = std::mem::replace(&mut *inner, new_state);
+        let prev_state = std::mem::replace(inner, new_state);
        context.emit_event(EventType::ConnectivityChanged);
        match prev_state {
            InnerSchedulerState::Started(scheduler) => scheduler.stop(context).await,
@@ -138,7 +139,7 @@ impl SchedulerState {
    /// If in the meantime [`SchedulerState::start`] or [`SchedulerState::stop`] is called
    /// resume will do the right thing and restore the scheduler to the state requested by
    /// the last call.
-    pub(crate) async fn pause(&'_ self, context: Context) -> Result<IoPausedGuard> {
+    pub(crate) async fn pause(&'_ self, context: &Context) -> Result<IoPausedGuard> {
        {
            let mut inner = self.inner.write().await;
            match *inner {
@@ -147,7 +148,7 @@ impl SchedulerState {
                        started: true,
                        pause_guards_count: NonZeroUsize::new(1).unwrap(),
                    };
-                    Self::do_stop(inner, &context, new_state).await;
+                    Self::do_stop(&mut inner, context, new_state).await;
                }
                InnerSchedulerState::Stopped => {
                    *inner = InnerSchedulerState::Paused {
@@ -164,9 +165,11 @@ impl SchedulerState {
                        .ok_or_else(|| Error::msg("Too many pause guards active"))?
                }
            }
+            context.update_connectivities(&inner);
        }

        let (tx, rx) = oneshot::channel();
+        let context = context.clone();
        tokio::spawn(async move {
            rx.await.ok();
            let mut inner = context.scheduler.inner.write().await;
@@ -183,7 +186,7 @@ impl SchedulerState {
                } => {
                    if *pause_guards_count == NonZeroUsize::new(1).unwrap() {
                        match *started {
-                            true => SchedulerState::do_start(inner, context.clone()).await,
+                            true => SchedulerState::do_start(&mut inner, &context).await,
                            false => *inner = InnerSchedulerState::Stopped,
                        }
                    } else {
@@ -193,6 +196,7 @@ impl SchedulerState {
                    }
                }
            }
+            context.update_connectivities(&inner);
        });
        Ok(IoPausedGuard { sender: Some(tx) })
    }
@@ -202,7 +206,7 @@ impl SchedulerState {
        info!(context, "restarting IO");
        if self.is_running().await {
            self.stop(context).await;
-            self.start(context.clone()).await;
+            self.start(context).await;
        }
    }

@@ -223,7 +227,7 @@ impl SchedulerState {
            _ => return,
        };
        drop(inner);
-        connectivity::idle_interrupted(inbox, oboxes).await;
+        connectivity::idle_interrupted(inbox, oboxes);
    }

    /// Indicate that the network likely is lost.
@@ -240,7 +244,7 @@ impl SchedulerState {
            _ => return,
        };
        drop(inner);
-        connectivity::maybe_network_lost(context, stores).await;
+        connectivity::maybe_network_lost(context, stores);
    }

    pub(crate) async fn interrupt_inbox(&self) {
@@ -288,7 +292,7 @@ impl SchedulerState {
 }

 #[derive(Debug, Default)]
-enum InnerSchedulerState {
+pub(crate) enum InnerSchedulerState {
    Started(Scheduler),
    #[default]
    Stopped,
@@ -565,7 +569,7 @@ async fn fetch_idle(
        // The folder is not configured.
        // For example, this happens if the server does not have Sent folder
        // but watching Sent folder is enabled.
-        connection.connectivity.set_not_configured(ctx).await;
+        connection.connectivity.set_not_configured(ctx);
        connection.idle_interrupt_receiver.recv().await.ok();
        bail!("Cannot fetch folder {folder_meaning} because it is not configured");
    };
@@ -655,7 +659,7 @@ async fn fetch_idle(
        .log_err(ctx)
        .ok();

-    connection.connectivity.set_idle(ctx).await;
+    connection.connectivity.set_idle(ctx);

    ctx.emit_event(EventType::ImapInboxIdle);

@@ -806,8 +810,8 @@ async fn smtp_loop(
            // Fake Idle
            info!(ctx, "SMTP fake idle started.");
            match &connection.last_send_error {
-                None => connection.connectivity.set_idle(&ctx).await,
-                Some(err) => connection.connectivity.set_err(&ctx, err).await,
+                None => connection.connectivity.set_idle(&ctx),
+                Some(err) => connection.connectivity.set_err(&ctx, err),
            }

            // If send_smtp_messages() failed, we set a timeout for the fake-idle so that
--- a/src/scheduler/connectivity.rs
+++ b/src/scheduler/connectivity.rs
@@ -4,7 +4,6 @@ use std::{iter::once, ops::Deref, sync::Arc};

 use anyhow::Result;
 use humansize::{BINARY, format_size};
-use tokio::sync::Mutex;

 use crate::events::EventType;
 use crate::imap::{FolderMeaning, scan_folders::get_watched_folder_configs};
@@ -160,52 +159,51 @@ impl DetailedConnectivity {
 }

 #[derive(Clone, Default)]
-pub(crate) struct ConnectivityStore(Arc<Mutex<DetailedConnectivity>>);
+pub(crate) struct ConnectivityStore(Arc<parking_lot::Mutex<DetailedConnectivity>>);

 impl ConnectivityStore {
-    async fn set(&self, context: &Context, v: DetailedConnectivity) {
+    fn set(&self, context: &Context, v: DetailedConnectivity) {
        {
-            *self.0.lock().await = v;
+            *self.0.lock() = v;
        }
        context.emit_event(EventType::ConnectivityChanged);
    }

-    pub(crate) async fn set_err(&self, context: &Context, e: impl ToString) {
-        self.set(context, DetailedConnectivity::Error(e.to_string()))
-            .await;
+    pub(crate) fn set_err(&self, context: &Context, e: impl ToString) {
+        self.set(context, DetailedConnectivity::Error(e.to_string()));
    }
-    pub(crate) async fn set_connecting(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::Connecting).await;
+    pub(crate) fn set_connecting(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::Connecting);
    }
-    pub(crate) async fn set_working(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::Working).await;
+    pub(crate) fn set_working(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::Working);
    }
-    pub(crate) async fn set_preparing(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::Preparing).await;
+    pub(crate) fn set_preparing(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::Preparing);
    }
-    pub(crate) async fn set_not_configured(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::NotConfigured).await;
+    pub(crate) fn set_not_configured(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::NotConfigured);
    }
-    pub(crate) async fn set_idle(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::Idle).await;
+    pub(crate) fn set_idle(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::Idle);
    }

-    async fn get_detailed(&self) -> DetailedConnectivity {
-        self.0.lock().await.deref().clone()
+    fn get_detailed(&self) -> DetailedConnectivity {
+        self.0.lock().deref().clone()
    }
-    async fn get_basic(&self) -> Option<Connectivity> {
-        self.0.lock().await.to_basic()
+    fn get_basic(&self) -> Option<Connectivity> {
+        self.0.lock().to_basic()
    }
-    async fn get_all_work_done(&self) -> bool {
-        self.0.lock().await.all_work_done()
+    fn get_all_work_done(&self) -> bool {
+        self.0.lock().all_work_done()
    }
 }

 /// Set all folder states to InterruptingIdle in case they were `Idle` before.
 /// Called during `dc_maybe_network()` to make sure that `all_work_done()`
 /// returns false immediately after `dc_maybe_network()`.
-pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<ConnectivityStore>) {
-    let mut connectivity_lock = inbox.0.lock().await;
+pub(crate) fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<ConnectivityStore>) {
+    let mut connectivity_lock = inbox.0.lock();
    // For the inbox, we also have to set the connectivity to InterruptingIdle if it was
    // NotConfigured before: If all folders are NotConfigured, dc_get_connectivity()
    // returns Connected. But after dc_maybe_network(), dc_get_connectivity() must not
@@ -219,7 +217,7 @@ pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<Conne
    drop(connectivity_lock);

    for state in oboxes {
-        let mut connectivity_lock = state.0.lock().await;
+        let mut connectivity_lock = state.0.lock();
        if *connectivity_lock == DetailedConnectivity::Idle {
            *connectivity_lock = DetailedConnectivity::InterruptingIdle;
        }
@@ -231,9 +229,9 @@ pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<Conne
 /// Set the connectivity to "Not connected" after a call to dc_maybe_network_lost().
 /// If we did not do this, the connectivity would stay "Connected" for quite a long time
 /// after `maybe_network_lost()` was called.
-pub(crate) async fn maybe_network_lost(context: &Context, stores: Vec<ConnectivityStore>) {
+pub(crate) fn maybe_network_lost(context: &Context, stores: Vec<ConnectivityStore>) {
    for store in &stores {
-        let mut connectivity_lock = store.0.lock().await;
+        let mut connectivity_lock = store.0.lock();
        if !matches!(
            *connectivity_lock,
            DetailedConnectivity::Uninitialized
@@ -248,7 +246,7 @@ pub(crate) async fn maybe_network_lost(context: &Context, stores: Vec<Connectivi

 impl fmt::Debug for ConnectivityStore {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        if let Ok(guard) = self.0.try_lock() {
+        if let Some(guard) = self.0.try_lock() {
            write!(f, "ConnectivityStore {:?}", &*guard)
        } else {
            write!(f, "ConnectivityStore [LOCKED]")
@@ -271,27 +269,29 @@ impl Context {
    /// e.g. in the title of the main screen.
    ///
    /// If the connectivity changes, a DC_EVENT_CONNECTIVITY_CHANGED will be emitted.
-    pub async fn get_connectivity(&self) -> Connectivity {
-        let lock = self.scheduler.inner.read().await;
-        let stores: Vec<_> = match *lock {
-            InnerSchedulerState::Started(ref sched) => sched
-                .boxes()
-                .map(|b| b.conn_state.state.connectivity.clone())
-                .collect(),
-            _ => return Connectivity::NotConnected,
-        };
-        drop(lock);
-
+    pub fn get_connectivity(&self) -> Connectivity {
+        let stores = self.connectivities.lock().clone();
        let mut connectivities = Vec::new();
        for s in stores {
-            if let Some(connectivity) = s.get_basic().await {
+            if let Some(connectivity) = s.get_basic() {
                connectivities.push(connectivity);
            }
        }
        connectivities
            .into_iter()
            .min()
-            .unwrap_or(Connectivity::Connected)
+            .unwrap_or(Connectivity::NotConnected)
+    }
+
+    pub(crate) fn update_connectivities(&self, sched: &InnerSchedulerState) {
+        let stores: Vec<_> = match sched {
+            InnerSchedulerState::Started(sched) => sched
+                .boxes()
+                .map(|b| b.conn_state.state.connectivity.clone())
+                .collect(),
+            _ => Vec::new(),
+        };
+        *self.connectivities.lock() = stores;
    }

    /// Get an overview of the current connectivity, and possibly more statistics.
@@ -391,7 +391,7 @@ impl Context {
                let f = self.get_config(config).await.log_err(self).ok().flatten();

                if let Some(foldername) = f {
-                    let detailed = &state.get_detailed().await;
+                    let detailed = &state.get_detailed();
                    ret += "<li>";
                    ret += &*detailed.to_icon();
                    ret += " <b>";
@@ -405,7 +405,7 @@ impl Context {
            }

            if !folder_added && folder == &FolderMeaning::Inbox {
-                let detailed = &state.get_detailed().await;
+                let detailed = &state.get_detailed();
                if let DetailedConnectivity::Error(_) = detailed {
                    // On the inbox thread, we also do some other things like scan_folders and run jobs
                    // so, maybe, the inbox is not watched, but something else went wrong
@@ -427,7 +427,7 @@ impl Context {

        let outgoing_messages = stock_str::outgoing_messages(self).await;
        ret += &format!("<h3>{outgoing_messages}</h3><ul><li>");
-        let detailed = smtp.get_detailed().await;
+        let detailed = smtp.get_detailed();
        ret += &*detailed.to_icon();
        ret += " ";
        ret += &*escaper::encode_minimal(&detailed.to_string_smtp(self).await);
@@ -551,7 +551,7 @@ impl Context {
        drop(lock);

        for s in &stores {
-            if !s.get_all_work_done().await {
+            if !s.get_all_work_done() {
                return false;
            }
        }
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -1,6 +1,6 @@
 //! Implementation of [SecureJoin protocols](https://securejoin.delta.chat/).

-use anyhow::{Context as _, Error, Result, ensure};
+use anyhow::{Context as _, Error, Result, bail, ensure};
 use deltachat_contact_tools::ContactAddress;
 use percent_encoding::{NON_ALPHANUMERIC, utf8_percent_encode};

@@ -32,16 +32,29 @@ use qrinvite::QrInvite;

 use crate::token::Namespace;

-fn inviter_progress(context: &Context, contact_id: ContactId, progress: usize) {
+fn inviter_progress(
+    context: &Context,
+    contact_id: ContactId,
+    step: &str,
+    progress: usize,
+) -> Result<()> {
    logged_debug_assert!(
        context,
        progress <= 1000,
        "inviter_progress: contact {contact_id}, progress={progress}, but value in range 0..1000 expected with: 0=error, 1..999=progress, 1000=success."
    );
+    let chat_type = match step.get(..3) {
+        Some("vc-") => Chattype::Single,
+        Some("vg-") => Chattype::Group,
+        _ => bail!("Unknown securejoin step {step}"),
+    };
    context.emit_event(EventType::SecurejoinInviterProgress {
        contact_id,
+        chat_type,
        progress,
    });
+
+    Ok(())
 }

 /// Generates a Secure Join QR code.
@@ -63,10 +76,11 @@ pub async fn get_securejoin_qr(context: &Context, group: Option<ChatId>) -> Resu
                chat.typ == Chattype::Group,
                "Can't generate SecureJoin QR code for 1:1 chat {id}"
            );
-            ensure!(
-                !chat.grpid.is_empty(),
-                "Can't generate SecureJoin QR code for ad-hoc group {id}"
-            );
+            if chat.grpid.is_empty() {
+                let err = format!("Can't generate QR code, chat {id} is a email thread");
+                error!(context, "get_securejoin_qr: {}.", err);
+                bail!(err);
+            }
            Some(chat)
        }
        None => None,
@@ -209,7 +223,7 @@ async fn verify_sender_by_fingerprint(
    let contact = Contact::get_by_id(context, contact_id).await?;
    let is_verified = contact.fingerprint().is_some_and(|fp| &fp == fingerprint);
    if is_verified {
-        mark_contact_id_as_verified(context, contact_id, ContactId::SELF).await?;
+        mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;
    }
    Ok(is_verified)
 }
@@ -271,7 +285,9 @@ pub(crate) async fn handle_securejoin_handshake(
        let mut self_found = false;
        let self_fingerprint = load_self_public_key(context).await?.dc_fingerprint();
        for (addr, key) in &mime_message.gossiped_keys {
-            if key.dc_fingerprint() == self_fingerprint && context.is_self_addr(addr).await? {
+            if key.public_key.dc_fingerprint() == self_fingerprint
+                && context.is_self_addr(addr).await?
+            {
                self_found = true;
                break;
            }
@@ -307,7 +323,7 @@ pub(crate) async fn handle_securejoin_handshake(
                return Ok(HandshakeMessage::Ignore);
            }

-            inviter_progress(context, contact_id, 300);
+            inviter_progress(context, contact_id, step, 300)?;

            let from_addr = ContactAddress::new(&mime_message.from.addr)?;
            let autocrypt_fingerprint = mime_message.autocrypt_fingerprint.as_deref().unwrap_or("");
@@ -402,7 +418,7 @@ pub(crate) async fn handle_securejoin_handshake(
                ChatId::create_for_contact(context, contact_id).await?;
            }
            context.emit_event(EventType::ContactsChanged(Some(contact_id)));
-            inviter_progress(context, contact_id, 600);
+            inviter_progress(context, contact_id, step, 600)?;
            if let Some(group_chat_id) = group_chat_id {
                // Join group.
                secure_connection_established(
@@ -414,8 +430,8 @@ pub(crate) async fn handle_securejoin_handshake(
                .await?;
                chat::add_contact_to_chat_ex(context, Nosync, group_chat_id, contact_id, true)
                    .await?;
-                inviter_progress(context, contact_id, 800);
-                inviter_progress(context, contact_id, 1000);
+                inviter_progress(context, contact_id, step, 800)?;
+                inviter_progress(context, contact_id, step, 1000)?;
                // IMAP-delete the message to avoid handling it by another device and adding the
                // member twice. Another device will know the member's key from Autocrypt-Gossip.
                Ok(HandshakeMessage::Done)
@@ -432,7 +448,7 @@ pub(crate) async fn handle_securejoin_handshake(
                    .await
                    .context("failed sending vc-contact-confirm message")?;

-                inviter_progress(context, contact_id, 1000);
+                inviter_progress(context, contact_id, step, 1000)?;
                Ok(HandshakeMessage::Ignore) // "Done" would delete the message and break multi-device (the key from Autocrypt-header is needed)
            }
        }
@@ -541,21 +557,21 @@ pub(crate) async fn observe_securejoin_on_other_device(
        return Ok(HandshakeMessage::Ignore);
    };

-    if key.dc_fingerprint() != contact_fingerprint {
+    if key.public_key.dc_fingerprint() != contact_fingerprint {
        // Fingerprint does not match, ignore.
        warn!(context, "Fingerprint does not match.");
        return Ok(HandshakeMessage::Ignore);
    }

-    mark_contact_id_as_verified(context, contact_id, ContactId::SELF).await?;
+    mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;

    ChatId::set_protection_for_contact(context, contact_id, mime_message.timestamp_sent).await?;

    if step == "vg-member-added" {
-        inviter_progress(context, contact_id, 800);
+        inviter_progress(context, contact_id, step, 800)?;
    }
    if step == "vg-member-added" || step == "vc-contact-confirm" {
-        inviter_progress(context, contact_id, 1000);
+        inviter_progress(context, contact_id, step, 1000)?;
    }

    if step == "vg-request-with-auth" || step == "vc-request-with-auth" {
--- a/src/securejoin/securejoin_tests.rs
+++ b/src/securejoin/securejoin_tests.rs
@@ -5,6 +5,7 @@ use crate::chat::{CantSendReason, remove_contact_from_chat};
 use crate::chatlist::Chatlist;
 use crate::constants::Chattype;
 use crate::key::self_fingerprint;
+use crate::mimeparser::GossipedKey;
 use crate::receive_imf::receive_imf;
 use crate::stock_str::{self, messages_e2e_encrypted};
 use crate::test_utils::{
@@ -185,7 +186,10 @@ async fn test_setup_contact_ex(case: SetupContactCase) {
    );

    if case == SetupContactCase::WrongAliceGossip {
-        let wrong_pubkey = load_self_public_key(&bob).await.unwrap();
+        let wrong_pubkey = GossipedKey {
+            public_key: load_self_public_key(&bob).await.unwrap(),
+            verified: false,
+        };
        let alice_pubkey = msg
            .gossiped_keys
            .insert(alice_addr.to_string(), wrong_pubkey)
@@ -361,6 +365,29 @@ async fn test_setup_contact_bob_knows_alice() -> Result<()> {
    alice.recv_msg_trash(&sent).await;
    assert_eq!(contact_bob.is_verified(alice).await?, true);

+    // Check Alice signalled success via the SecurejoinInviterProgress event.
+    let event = alice
+        .evtracker
+        .get_matching(|evt| {
+            matches!(
+                evt,
+                EventType::SecurejoinInviterProgress { progress: 1000, .. }
+            )
+        })
+        .await;
+    match event {
+        EventType::SecurejoinInviterProgress {
+            contact_id,
+            chat_type,
+            progress,
+        } => {
+            assert_eq!(contact_id, contact_bob.id);
+            assert_eq!(chat_type, Chattype::Single);
+            assert_eq!(progress, 1000);
+        }
+        _ => unreachable!(),
+    }
+
    let sent = alice.pop_sent_msg().await;
    let msg = bob.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
@@ -511,6 +538,29 @@ async fn test_secure_join() -> Result<()> {
    alice.recv_msg_trash(&sent).await;
    assert_eq!(contact_bob.is_verified(&alice).await?, true);

+    // Check Alice signalled success via the SecurejoinInviterProgress event.
+    let event = alice
+        .evtracker
+        .get_matching(|evt| {
+            matches!(
+                evt,
+                EventType::SecurejoinInviterProgress { progress: 1000, .. }
+            )
+        })
+        .await;
+    match event {
+        EventType::SecurejoinInviterProgress {
+            contact_id,
+            chat_type,
+            progress,
+        } => {
+            assert_eq!(contact_id, contact_bob.id);
+            assert_eq!(chat_type, Chattype::Group);
+            assert_eq!(progress, 1000);
+        }
+        _ => unreachable!(),
+    }
+
    let sent = alice.pop_sent_msg().await;
    let msg = bob.parse_msg(&sent).await;
    assert!(msg.was_encrypted());
@@ -634,7 +684,7 @@ async fn test_unknown_sender() -> Result<()> {
    // The message from Bob is delivered late, Bob is already removed.
    let msg = alice.recv_msg(&sent).await;
    assert_eq!(msg.text, "Hi hi!");
-    assert_eq!(msg.error.unwrap(), "Unknown sender for this chat.");
+    assert_eq!(msg.get_override_sender_name().unwrap(), "bob@example.net");

    Ok(())
 }
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 -07-19
 -09-15