Detecting scam is disclosed. A sender, having a first email address, is associated with a set of secondary contact data items. The set of secondary contact data items comprises at least one of a phone number, a second email address, and an instant messaging identifier. It is determined that an email message purporting to originate from the sender's first email address has been sent to a recipient. Prior to allowing access by the recipient to the email message, it is requested, using at least one secondary contact item, that the sender confirm that the email message was indeed originated by the sender. In response to receiving a confirmation from the sender that the sender did originate the email message, the email message is delivered to the recipient.