All users can email from my gmail account with ssmtp

I've set up ssmtp with my gmail account (and disabled sendmail) following these and these instructions.

I can now send mail using the following command:
echo "Hello" | mail -s subject

I have two specific questions now:
  1. Any user can now send mail with the above command from my gmail account (the "from" field in a received email is: "User & <>"). Therefore any user can potentially claim to be me as my own gmail address is in the from field??
  2. Why does the from field contain "User", when an email is sent with the above command from a user account that is not my own (I do not see this when I send the email using my personal user account, but I rather see my real full name followed by my gmail address which is good). And... if I execute the above command as root, the from field is: "Charlie & <>".
How can I prevent users from claiming to be me and is it possible to make the from field in a received email rather provide the actual username instead of a generic "User". And what's up with the Charlie thing? ;)

Does the solution have anything to do with the contents in
/usr/local/etc/ssmtp/revaliases? I am confused about the purpose of this file.

Thank you,
"Charlie &" is the old fullname convention in the password file, & is expected to be replaced by the capitalized username. Saves a byte or three of disk, if you don't count the code segments :)

Don't know ssmtp,
About point 1: SMTP (the protocol) is very old (by internet standards) and was designed without the necessary controls / infrastructure to prevent impersonation (pretending to be someone else). So, anybody who has access to send mail via SMTP can impersonate whoever they will (the From: line can be changed to whatever you like, as long as syntax is ok).
There are methods to figure out if the From: line is likely to be fake, most of these methods require you to read mail headers and other fields in the mail which are normally not visible to end users.
All attempts to replace SMTP with something better suited to todays internet "environment" has failed so far.
So we live with a mail system that is being "patched" with less than optimal measures to combat spam, impersonation, farud and other abuse (SPF, greylisting, blacklisting, etc.). The mail challenge with all these measures is that adoption is voluntary, and as long as just one SMTP server "slips through", spammers and fraudsters have what they need. Or they can simply set up their own SMTP server.
Which instructions?
You might consider using msmtp instead. I have a mutt page that mentions configuring it, but generally, one does put their credentials in the configuration file.

The thing with msmtp is that you would put its config file in an individual user's directory so only that user has access to it. Also, OpenBSD has a new smtp program (I haven't looked into it at all, but it's possible it might fit your needs. It's in ports as mail/opensmtpd
SPF and greylisting has worked pretty well for me. I just started using SPF and noticed a huge drop in spam backscatter.

In addition to Dspam, you train it to learn to filter out spams. I don't use Spamassassin as it takes up too much resources. I had like 1,000 spams a day and now only get like 3 to 5 spams a day.
Most of you are talking about a full mail server that receives mail too. I just want outbound-only to run server stats / periodic, therefore I think ssmtp is a good choice for me..
It appears that SSMTP was designed for use on a single user system, so what you are seeing is designed behavior. This article:

Says it best:

Replacing Sendmail with sSMTP works well for desktop PCs that have only a single user configured. If you have multiple users, you may not want to use sSMTP, since by default all email sent via the mail command will look like it comes from a single user. An additional configuration file, revaliases, allows you to map a local user to a specific From: address on outbound mail and to route that mail through a specific mailhub. Still, there is no way to configure different logins on different mailhubs that use different different authentication credentials. With sSMTP, your outbound mail can only have one remote MTA to which it can connect.
How quickly you need the mails to arrive? Is there something, that would run on your workbench making a nightly grab of all mail via ssh?

Thanks all. I think I'm happy with ssmtp considering there are only a handful of users with access to the server and my outbound mail server is a newly created gmail account — i.e. not much to hide there.

Does anyone know how to configure periodic to email its daily, weekly, and monthly emails to multiple users instead of just to root?
I've been doing some research and have solved almost all my queries. I take it ssmtp is a lot different to other mail setups, since much of what was posted here did not help (I am nevertheless impressed with the willingness from the FreeBSD community to help! Thank you!)

The solution to change the name "Charlie &" (and "User") in the "from" field in emails was not to change the name "Charlie" in /etc/passwd, but rather to correct the information for root and the users using the chpass command. It is the "Full Name" here that determines what will be seen in the "from field" in an email sent from an ssmtp setup. So, regardless of who (root or any user) executes
echo "Hello" | mail -s subject
(after following these instructions), the email address from where it comes will be the same, but the name that goes with it will differ depending on the chpass contents for each user / root (a security hazard but not for a small server whose users can be trusted).

Additionally, ssmtp does not use /etc/aliases in agreement with this blog post. Rather it uses /etc/mail.rc . So if I want periodic to email multiple email addresses, I would add the following to /etc/mail.rc :
alias root <>,<>
Still, I have tried configuring /usr/local/etc/ssmtp/revaliases, but oddly no changes seem to make any differences in behaviour. Cannot figure out what this file does or how I should use it.
revaliases, if I remember correctly. is for reverse aliases. So, unlike /etc/aliases, which takes mail sent to root and gives it to someone else, in this case, if you want mail from root to be from someone else, you use it.
So you would have
I've not used ssmtp in years, so not sure if I'm correct, just looking at some very old notes.

Also, as for /etc/aliases, I forgot to mention that after editing it, you would run newaliase to build a new database of it. (But you mentioned that ssmtp doesn't use it.)