Hi , I know you want researchers to focus on bugs with your open source , however , the fix for this issue is pretty simple , moreover you haven't clearly said not to report issues in your website , so reporting this to you ;) this bug can be used to spoof your emails.
1.Go to http://www.kitterman.com/spf/validate.html?
paragonie.comin the text box.
3. Click Get SPF Records (if any)
4. You will got no records.