Prevent fake-user spam on public boards. Per-project trust policy with three tiers: Strict (must be signed in with verified email to vote/comment/submit), Balanced (default - email verification required to vote, captcha required for anonymous post submission, signed-in members bypass captcha), Open (current behaviour - anonymous submissions allowed, captcha required, content goes through AI moderation gate).

Verification primitives: email verification flow that issues a signed nonce on signup and only flips a profiles.email_verified_at on confirmation; optional phone verification via the Twilio Verify card for high-trust events; disposable-email-domain blocklist refreshed weekly from a public list; honeypot fields and minimum-time-to-submit checks on public forms; rate limits per IP on signup and password reset (cross-references the abuse hardening card).

UI: Settings -> Privacy & Access gets a Trust policy panel with the three presets and per-event overrides. A small "Verified" badge appears next to verified-user comments and votes. Out of scope: forcing existing customers to use this (defaults are conservative but not breaking); paid identity verification (Twilio Lookup, IDV) is a future card if enterprise demand surfaces.