Today we noticed that a new customer had begun a phishing campaign in our name. They signed up using a stolen credit card and a VPN. They proceeded to send email to a little over 1,000 people (not necessarily customers of ours, just random people) claiming the email to be from firstname.lastname@example.org. For this reason, while weighing possible options to prevent such a thing in the future, we will be re-enabling a feature disabled some time ago due to user request. You will not be able to adjust a From header, our mail server will rewrite it to match the account that you are logged in with. This is to discourage customers from spoofing email from other customer domains, including ours, while passing SPF checks. I'm afraid this is not negotiable.