I hadn't heard of that, it certainly is more what I expected. Now unless I'm missing something in order to verify an address I need the public key the signature and the message (ideally one I decided upon)
From any one part alone I couldn't verify the address and since I can't change the message it would be impossible to fake right?
Yes, someone else in the thread verifies and and quotes your signature information. That way someone who hacked your account can't simply modify the original message that you signed. The hacker would also have to hack the account that quoted you.