I was playing around trying to test the SG service and used the "send a message from one of your disposable addresses" link to send a test message from my real ID to another of my real IDs.
On the other account I viewed full headers and discovered that my original ID (my forwarded email ID under SG) showed up under the MIME header "X-Originating-Email".
If the idea is to hide my real email ID, then the real email ID shouldn't go out in the MIME headers either, otherwise a simple regex match would yield my real ID if the receiver were trying to harvest IDs to sell to spammers.
Do you folks agree this is a bug?