diff --git a/src/mibew/libs/classes/Mibew/Controller/Chat/MailController.php b/src/mibew/libs/classes/Mibew/Controller/Chat/MailController.php
index 84c3a936..e0b9f365 100644
--- a/src/mibew/libs/classes/Mibew/Controller/Chat/MailController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/Chat/MailController.php
@@ -50,9 +50,13 @@ class MailController extends AbstractController
         $thread_id = $request->attributes->get('thread_id');
         $token = $request->attributes->get('token');
 
+        // We have to check that the thread is owned by the user.
+        $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
+            && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
+
         // Try to load the thread
         $thread = Thread::load($thread_id, $token);
-        if (!$thread) {
+        if (!$thread || !$is_own_thread) {
             throw new NotFoundException('The thread is not found.');
         }
 
@@ -86,9 +90,13 @@ class MailController extends AbstractController
         $thread_id = $request->attributes->get('thread_id');
         $token = $request->attributes->get('token');
 
+        // We have to check that the thread is owned by the user.
+        $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
+            && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
+
         // Try to load the thread
         $thread = Thread::load($thread_id, $token);
-        if (!$thread) {
+        if (!$thread || !$is_own_thread) {
             throw new NotFoundException('The thread is not found.');
         }