You can get certificates from the RBG to send signed emails. With signed mails, the recipient can be sure that the sender is the right one.
Without such signatures, it is basically impossible to prohibit the forgery of sender-identities. This is because of how email works.
- Mails that come in from outside can basically have any sender. They come in from external servers that are not under our control, and it is up to the external servers to determine which sender address they provide. Because spammers have been exploiting this for a long time, various mechanisms have been developed to identify fake senders as spam. As with spam detection, the result is not absolute, it only indicates the probability that a mail is spam.
- Mails from within our network are accepted by our SMTP servers without requiring a password. This means that even if we introduce complex measures in webmail to avoid fake senders, you could still send it directly to the SMTP server. We will probably not change that either, because otherwise, the chairs would no longer be able to operate their own mail servers or other auto mailer systems, which they like and do a lot.
The possibility of fake emails is well known and can also be read on Wikipedia: Email Spoofing
In addition, the user can select, which sender is used when sending emails in his mail client, e.g. in Thunderbird under Account Settings under "Default Identity" or under "Manage Identities". You can also set up several different sender identities that are used on a case-by-case basis. This is often used by users of our Project IDs. Of course, you have to make sure that you do not make a mistake when setting the sender, because - as described above - no one checks whether the sender is correct.