Exactly accidental collisions even if the hash was random would be rare there would have to be more than 2 billion steves before the chance of collision became likely.
as it stands tin-can is more spoof resistant than email.
The signature is not in plain text standard editors would not be effective in changing it.
It is assigned at installation making forced selection quite a bit of a chore.
I need to thank you for this line of questions it is making me think that the encryption and the hash should perhaps not be made public.