All that Electrum can do is know for certain that a transaction is included in a block. It must trust that the Electrum servers that it has connected to have actually verified the transaction. However if your Electrum wallet were to be connected to malicious Electrum servers, they could serve you invalid transactions which you would not know are invalid. Said transaction can be included as part of a block; the merkle root would be correct and the PoW of the block would be valid. BUT the block would contain an invalid transaction. For full nodes, this block would be entirely invalid and discarded. But we are talking about malicious Electrum servers here. So those malicious servers TELL YOU that the invalid transaction is actually valid, and so you accept it.
I just realized you missed a crucial point of SPV here: the SPV user has the full list of block headers, but not of the block bodies. As such, for this user to believe the Electrum server, the root of the given Merkle tree needs to be in one of the elements of the full list of block headers, which means it is part of the block chain "up to now". I explained that earlier:
So, if you can obtain from the top mining pools:
- the last few block headers mined H'
- the SPV data (T, M(T), H)
in such a way that the end of H overlaps with H', you know 100% cryptographically for sure that T is part of the actual block chain.
Here, H is the full list of block headers.
Edit:
see for instance:
http://docs.electrum.org/en/latest/spv.html#spvSimple Payment Verification (SPV) is a technique described in Satoshi Nakamotos paper. SPV allows a lightweight client to verify that a transaction is included in the Bitcoin blockchain, without downloading the entire blockchain. The SPV client only needs download the block headers, which are much smaller than the full blocks. To verify that a transaction is in a block, a SPV client requests a proof of inclusion, in the form of a Merkle branch.