[concinds]

iMessage has no concept of a "verified user account" (iMessage for Business is separate), so there's zero indication this message is genuinely from Apple, except an email address that can possibly be faked. It's strange Apple hasn't built-in visible confirmation that this specific Threat Notifications sender is legitimate.

[diebeforei485]

> iMessage has no concept of a "verified user account" (iMessage for Business is separate), so there's zero indication this message is genuinely from Apple

According to this screenshot, it appears they do: https://twitter.com/norbertmao/status/1463364241688305664

[gruez]

Looking at that screenshot, now I'm interested in how you can sign imessages with certificates. Even being able to have a certificate and look at the fingerprint, is much better than the current state of affairs where you just have to trust apple didn't swap out the keys.