diff --git a/app/dashboard/views/custom_alias.py b/app/dashboard/views/custom_alias.py
index dff60699..f9dc55a1 100644
--- a/app/dashboard/views/custom_alias.py
+++ b/app/dashboard/views/custom_alias.py
@@ -64,7 +64,7 @@ def custom_alias():
 
         # check if mailbox is not tempered with
         if mailbox_email != current_user.email:
-            mailbox = Mailbox.get_by(email=mailbox_email)
+            mailbox = Mailbox.get_by(email=mailbox_email, user_id=current_user.id)
             if not mailbox or mailbox.user_id != current_user.id:
                 flash("Something went wrong, please retry", "warning")
                 return redirect(url_for("dashboard.custom_alias"))
@@ -91,7 +91,7 @@ def custom_alias():
                     "warning",
                 )
             else:
-                mailbox = Mailbox.get_by(email=mailbox_email)
+                mailbox = Mailbox.get_by(email=mailbox_email, user_id=current_user.id)
 
                 alias = Alias.create(
                     user_id=current_user.id,
diff --git a/app/email_utils.py b/app/email_utils.py
index be0c2e4f..324256e4 100644
--- a/app/email_utils.py
+++ b/app/email_utils.py
@@ -376,7 +376,7 @@ def email_already_used(email: str) -> bool:
 
 
 def mailbox_already_used(email: str, user) -> bool:
-    if Mailbox.get_by(email=email):
+    if Mailbox.get_by(email=email, user_id=user.id):
         return True
 
     # support the case user wants to re-add their real email as mailbox