If it's not *.apple.com it's not Apple.
Problem is, even if it is from apple.com, it can still be spam / fishing / malware.
Fake "from" addresses are trivially easy to create.
Even if it seems to be from a legitimate source you should still not trust it.
SD