ah. we have a solution in mind actually, and it's on our roadmap although a few years out because lower layers need to be in place first.

the core idea of the email-replacement layer is that, instead of giving out an email address which functions as a bearer token giving people the right to email you, you'll go through an oauth-stye authorization where you give each sender a unique, revokable token.