Questions about reply-by-email address

  1. Can the reply-by-email address be the same as what I set up during install, from which the transactional emails come from? There is no mailbox behind that at the moment.
  2. If so, what happens if someone replies to a regular transactional mail that does not carry the reply-by-email signature?
  3. I have a paid membership site to which the forum is annexed via SSO. I don’t wish to let people continue commenting (by email) once their subscription expires. Should I not enable reply-by-email then?
  4. If the address with the reply_key is leaked, could my forum get unauthenticated replies/spam or does the engine verify it came from the user’s registered email address?

Thanks