Hello,

I would like to report an important security concern in Proton Mail.
Currently, the web version of Proton Mail displays a warning when a message fails DMARC/SPF verification, but the mobile app (Android/iOS) does not show such information.

This creates a risk that users who primarily rely on the mobile app may be unaware that a message could be forged or sent from an unauthorized server. In practice, this is a significant security issue, especially for users who are not able to manually inspect email headers.

Proposed improvement:

Implement the same DMARC/SPF failure warnings in the mobile app as in the web version.

Optionally, allow users to enable security notifications in settings, so they are warned before opening potentially suspicious emails.

This would ensure consistent phishing and spoofing protection across all Proton Mail platforms and significantly improve user safety.