As it turns out, making email that looks like it came from you is really easy. Spammers actually use “From” spoofing all the time to do this.
Surprisingly, proving that it was not from you might be a little harder.
Who is this message “from” really?
Most of our messages are accurate, but it’s easy for someone to make email look like it came “from” someone it did not. Spammers do this all the time – as a result the From: line is actually a fairly unreliable indicator of who actually sent an email.
It’s more difficult to change the headers in email. These are the additional information (which you don’t normally see) that accompanies every email message. Typically, it includes the server-to-server path that the email took from when the message was sent to when it arrived in your inbox. It might even include more, such as the machine name, the real email address, or the IP address of the sender.
Or it might not. Unfortunately none of that is actually required although the server or delivery path is almost always present.
Get that message
The problem is that this information – the full message header – is in the hands of the person that is accusing you. You have to get it somehow. It’s not enough for them to just forward the message; all that would do is give you the “From” line that you know can be faked.
They need to do the equivalent of a “View Source” or “View Headers” on that message, depending on their email program, to show the entire technical details of that specific email message that they claim is coming from you. That’s what you or your attorney will need to see.
Once again, much of that information can also be spoofed, and fake headers are possible. Ultimately, only a technical analysis of what is there will give you chance of proving or disproving anything.