Is server-customer@apple.com a legit Apple Support email address or a scam?

Question

Level 1

15 points

Is server-customer@apple.com a legit Apple Support email address or a scam?

I received an email from this guy named Vladi in reply to my previous post about Mountain Lion Server taking forever to mount AFP shares onto clients (https://discussions.apple.com/thread/4687046). He asked that I reproduce the situation and send him the tcpdump file. I was somewhat hesitant at first because I didn't want to send confidential information to a total stranger. Usually an Apple Tech Support Employee would sign the email with his name, department, and some kind of notice of confidentiality.

For example:

" Regards,

Jonathan Nickles

AppleCare Enterprise Support

APPLE NOTICE OF CONFIDENTIALITY:

This communication (including any attachments) is intended ONLY for the recipient(s) identified in the message, and may contain information that is business proprietary/confidential, privileged, or otherwise protected by law. If you are not the intended recipient, please disregard this communication and notify the sender. Any disclosure, coping, or distribution of this message, or the taking of any action based on it, without the express permission of the originator, is strictly prohibited. "

Nothing of the sort was included in the email. The only reason I decided to send the tcpdump file is because his email domain was @apple.com, which sort of looked legit. But now I'm starting to have second thoughts as a week passed with no reply from him. So my question is, is server-customer@apple.com a legit email address from Apple Support or do you think its a scam?? Please let me know. Thanks!

iMac, OS X Mountain Lion (10.8.2)

Posted on Feb 15, 2013 7:08 PM

Reply

Answer 1

Best reply

Camelot

Level 9

54,333 points

Feb 16, 2013 8:57 PM in response to jamauai

I'm not sure if it is part of Apple's normal support setup or not, but it's almost impossible for anyone to hijack the data when it's addressed to ...@apple.com.

The email message is going to be sent to Apple's mail servers. They'll then determine whether the mailbox is legitimate (and deliver the mail) or not (in which case it'll bounce).

So if the person in question got the data they're almost certainly associated with Apple at some level. It's mostly a matter of whether this is their standard support method (and it's the first time I've heard of such a thing).

Reply

Answer 2

Dec 20, 2013 5:14 PM in response to Camelot

Same thing is happening to me. As I see it, there is something fishy going on. The emails indicate no person of such and are very vague. It would be good to get this clarified for certain.

Reply

Answer 3

Jun 19, 2014 10:06 AM in response to jamauai

For what it's worth, I've also been contacted by Vladi, and have had a few exchanges with him. I believe he is a real person on the Server team. While you could forge the From: address in an email, when you reply, it's going into the apple.com servers. And look at the Received headers in your message. Mine show they come from Apple:

Received: from mail-in5.apple.com (mail-out5.apple.com [17.151.62.27])

(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

(No client certificate requested)

Reply