Currently emails used for verp contain a long encrypted cryptic string. This is fine for most cases where you are replying to an email which is sent by moodle.

But there are some cases where you want to publish an email address for emails initiated by the outside and have them look a bit nicer. eg you could have moodle+contactus@example.edu and that would go through the same handlers and be forwarded to the plugin but skip the validation step which can't be done because there is no hash to validate. But it's still an email and we can still do do partial validation based on the email and in particular whether the has already passed DMARC in which case we can trust it, and if the email matches a user in moodle then the subaddress hash isn't as critical.