How can my friend prove his email was hacked and used to send emails not from him?

This is something he needs to talk with his lawyer about, and get a lawyer if he doesn’t have one. The company should not be asking him to prove this kind of stuff, nor should he have the burden of doing so placed on him when he likely doesn’t have the skills to do so, nor should he respond without consulting someone who doesn’t have a vested interested in firing him.

If he has to ask, he probably doesn’t have the skills to do it. He needs to hire an expert in computer forensics and a lawyer—and while he’s at it, he needs to file for a restraining order against his ex.

Check the sent items folder

His email address was probably being spoofed if there are no weird sent messages.

I would think if your friend contacted Tmobile, they would have some way of tracking the origin of the emails, and then have the evidence needed to prosecute this person, or at least prove to the people that got them that they were done with malice by someone other than himself.

I don’t use a phone to send email, so I don’t know if there is an ip adress that can be looked up or not, but his provider can probably look into it for him.

Well Tmobile did not do anything for him, and he did end up getting a termination notice since he was like an at-will contracted employee.

Secure your technological identities people!

I am unsure of how relevant this is but go to this page and scroll down to the bottom of the page. There are answers how to specifically deal with spoofed Gmail addresses. It is apparently illegal to send emails without permission to use spamees address in the from box (if that made any sense). So, start by reporting this.

You can’t. Even if you can proved that your system was accessed from another ISP address you still cannot prove that someone else did it. People often attempt to wriggle out of trouble by claiming to have been hacked – it is becoming commonplace. It is quite easy for someone skilled to hack Hotmail or Gmail, but as it is also quite easy to used servers in any part of the country or the world to access a webmail account, it means little in the way of a defence.

sounds like a job for the FBI

Email messages have unique identifiers. They are listed in a message header. The message header, contains, among other things, sender’s system information, IP addresses of all conduits for message delivery, dates and times, etc.

Your friend must ask the employer to provide the message headers and do a research of the information contained therein. Try to point out the impossibilities of the message coming from you based on date and time stamps, IP addresses, system information. He can also ask for message headers of email that he had sent himself and compare the IP information between the legit message and the spoofed message.

Unless he is being charged with anything serious or your livelihood is threatened, your simple explanation should suffice, otherwise consult with legal and technical experts.

Funny. Someone mentioned above that people wouldn’t hack email because doing so was illegal?.... well sure its illegal, so is speeding, smoking pot and plenty of other things that people do every day without blinking. Hacking email is perhaps an area that is underdeveloped where law is concerned, especially in some countries such as Great Britain, as proof needs to be pretty conclusive before you can convince a police man to do anything. And even then, you need to get someone that is up to date and even more rare, gives a monkey’s.
People can do a lot a damage with access to your email, such as collecting info that they can use to ruin your relationships and job prospects. I know. from experience.
But I wont go into this at the moment, as the people could actually use any statement that I make against me in a court of law. As without conclusive evidence, such a statement would be considered as slanderous. and although it may be happening, people who want to hurt you will do anything to do so. So, perhaps it is time that email services included the facility to allow users to access a log of log ins so that they can id the people who are shafting them.
Perhaps time to get a hacker to help. :-)
good luck.