To prevent email spoofing, if a person (whether guest or member) sends an email using the Contact form, the email should be sent from the server itself, not the From address. This will always land in Junk mail in major email services because there's no matching DKIM/SPF records for that email to be sent from the IP address of the server. IE: a gmail address is not signed on the Oxwall installation, so every email provider will flag this as spoofing, because anyone can enter anything in the "From" address.
It is a bit problematic that this plugin uses the email address of the person entering the comment as "From" (especially as it does not sent a verification mail first). I modified it to put the email into the body (as Reply-To can unfortunatelly not be used in addToQueue()). Also the plugin should not display a captcha when authorized user uses it (the captches are bad useability).