Prevent IDN homograph attacks
Domains can prevent other senders from spoofing their mails using DMARC and SPF, but there is no way for domains to prevent homograph attacks: only the mail client can handle that. Evolution should distinguish example@аpple.com (where аpple.com is the attack domain with Cyrillic а designed to appear similar to the real apple.com) from the real example@apple.com by converting to IDN: example@xn--pple-43d.com. Does it?
If not, the good news is we added a function to WebKit to handle this, webkit_uri_for_display(), and you already link to WebKit so might as well use it. The bad news is we were only thinking about web browsers at the time, so this means you would have to construct a fake URI string like https://аpple.com, pass that through webkit_uri_for_display(), then manually remove the protocol. It will work, though!