Further, the reason not to always require it is that it can…

Twetch ·

Further, the reason not to always require it is that it can be a PITA to support. AWS does not support it for instance. I think we should only require it if it actually makes a security difference, which it does in the case of third party hosted paymails.