diff --git a/chain/types/ethtypes/eth_types.go b/chain/types/ethtypes/eth_types.go
index ddda91ea0..f157c7f94 100644
--- a/chain/types/ethtypes/eth_types.go
+++ b/chain/types/ethtypes/eth_types.go
@@ -295,17 +295,21 @@ func EthAddressFromPubKey(pubk []byte) ([]byte, error) {
 	return ethAddr, nil
 }
 
+var maskedIDPrefix = [20 - 8]byte{0xff}
+
 func IsEthAddress(addr address.Address) bool {
 	if addr.Protocol() != address.Delegated {
 		return false
 	}
 	payload := addr.Payload()
-	namespace, _, err := varint.FromUvarint(payload)
+	namespace, offset, err := varint.FromUvarint(payload)
 	if err != nil {
 		return false
 	}
 
-	return namespace == builtintypes.EthereumAddressManagerActorID
+	payload = payload[offset:]
+
+	return namespace == builtintypes.EthereumAddressManagerActorID && len(payload) == 20 && !bytes.HasPrefix(payload, maskedIDPrefix[:])
 }
 
 func EthAddressFromFilecoinAddress(addr address.Address) (EthAddress, error) {
@@ -326,9 +330,17 @@ func EthAddressFromFilecoinAddress(addr address.Address) (EthAddress, error) {
 			return EthAddress{}, xerrors.Errorf("invalid delegated address namespace in: %s", addr)
 		}
 		payload = payload[n:]
-		if namespace == builtintypes.EthereumAddressManagerActorID {
-			return CastEthAddress(payload)
+		if namespace != builtintypes.EthereumAddressManagerActorID {
+			return EthAddress{}, ErrInvalidAddress
 		}
+		ethAddr, err := CastEthAddress(payload)
+		if err != nil {
+			return EthAddress{}, err
+		}
+		if ethAddr.IsMaskedID() {
+			return EthAddress{}, xerrors.Errorf("f410f addresses cannot embed masked-ID payloads: %s", ethAddr)
+		}
+		return ethAddr, nil
 	}
 	return EthAddress{}, ErrInvalidAddress
 }
@@ -376,8 +388,7 @@ func (ea *EthAddress) UnmarshalJSON(b []byte) error {
 }
 
 func (ea EthAddress) IsMaskedID() bool {
-	idmask := [12]byte{0xff}
-	return bytes.Equal(ea[:12], idmask[:])
+	return bytes.HasPrefix(ea[:], maskedIDPrefix[:])
 }
 
 func (ea EthAddress) ToFilecoinAddress() (address.Address, error) {
diff --git a/chain/types/ethtypes/eth_types_test.go b/chain/types/ethtypes/eth_types_test.go
index 118fbc901..4a73184c2 100644
--- a/chain/types/ethtypes/eth_types_test.go
+++ b/chain/types/ethtypes/eth_types_test.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/filecoin-project/go-address"
 	"github.com/filecoin-project/go-state-types/big"
+	"github.com/filecoin-project/go-state-types/builtin"
 )
 
 type TestCase struct {
@@ -178,6 +179,20 @@ func TestParseEthAddr(t *testing.T) {
 	}
 }
 
+func TestMaskedIDInF4(t *testing.T) {
+	addr, err := address.NewIDAddress(100)
+	require.NoError(t, err)
+
+	eaddr, err := EthAddressFromFilecoinAddress(addr)
+	require.NoError(t, err)
+
+	badaddr, err := address.NewDelegatedAddress(builtin.EthereumAddressManagerActorID, eaddr[:])
+	require.NoError(t, err)
+
+	_, err = EthAddressFromFilecoinAddress(badaddr)
+	require.Error(t, err)
+}
+
 func TestUnmarshalEthCall(t *testing.T) {
 	data := `{"from":"0x4D6D86b31a112a05A473c4aE84afaF873f632325","to":"0xFe01CC39f5Ae8553D6914DBb9dC27D219fa22D7f","gas":"0x5","gasPrice":"0x6","value":"0x123","data":""}`