I'd previously resisted doing this, because the full `AUTH=...' notes
I'm passing around look a lot like email addresses and this might
subvert attempts to use extension addresses or the odin forwarder. But
it seems a shame to lose this information.
Compromise: report the sender, as a bare user-name, only if the
domain-part is us. This will, at worst, repeat the user name from the
sending MTA, which told us what it was either as the origin for a local
sender, or the authenticated user name from SMTP authentication or
identd (for submission to localhost).