Security and Identities

So I like the ability to have multiple identities but right now its a huge security risk to have enable the way I see it. Since there is no indication in the header of the original username, and also no check to authorize the user for the address they are adding, I just can't allow my users to have that option. It wont even be a day before people start sending emails out as me and as the officers. Does anybody else share this sentiment? If so, I propose that there needs to be 1) a simple way to disable it and 2) a way to force RC to put the original identity into the headers of the outgoing message. Thanks.

Jim Lester ACM Staff Manager notroot@acm.cs.umn.edu