
Is apple.com hacked? - mingliangfeng
I received an email this morning, the email address seems correct, but the content of the email has links to porn websites, so obviously it is a spam.<p>The Email address is:
from:	Apple &lt;appleid@id.apple.com&gt;
reply-to:	appleid_cnzh@email.apple.com<p>I got emails from apple support before when resetting password, the information is:
from:	Apple &lt;appleid@id.apple.com&gt;
reply-to:	do_not_reply@apple.com<p>Anyone got the same situation?
======
Someone
It is trivial to forge the "from" information; you do not have to hack any
system to do so.

"reply-to" doesn't even need forging; it is intended to accept whatever
address the sender wants to put there.

More info at
[https://en.m.wikipedia.org/wiki/Email_spoofing](https://en.m.wikipedia.org/wiki/Email_spoofing)

~~~
ztower
Problem is, the email headers contain legitimate apple certs.

[http://pastebin.com/P2gw5nXA](http://pastebin.com/P2gw5nXA)

------
ztower
[https://discussions.apple.com/thread/7608075](https://discussions.apple.com/thread/7608075)

I got the email as well, it looks like it came from official servers.

