The 80-page July 10 packet and a July 11 sender-side acceptance receipt are preserved; recipient-side intake and delivery-chain records remain requested.
The public captures establish the interface state visible at the recorded times. They do not identify a human actor or prove backend causation by themselves.
That is why the preservation demands target access logs, WAF and CDN records, database and application logs, deployment history, vendor tickets, retention actions, administrator events, and before-and-after content records.