Always check whatemail it comes from. From there you can determine validity of emails.
If you’re enough perceptive and cautious.
Don’t ever click links, unless you’re 100% safe and sure of the validity of sender.
Apple have apple.com or firstname.lastname@example.org Never anything strange.
If you still are unsure, check with Apple direct as already stated in thread.
Return email address are absolutely meaningless. You can put anything you want there.
You cannot ascertain that a message is genuine by looking at the return email address.
There are advanced schemes using DNS records (SPF, DKIM, DMARC) that allow senders to authenticate the source of messages from their domain. They can help automated tools to alert you to potential fraudulent emails.
SPF - Sender asserts (via a published DNS record) which servers their mail might be sent from. If mail is sent by a different server, it should be considered fraudulent.
DKIM - Sender email server signs specific email headers using a private key, and publishes the public key in a DNS record. If the decrypted data doesn't match the headers, the email should be considered fraudulent.
DMARC - Sender states a policy (via a published DNS record) advising receiving servers the wishes of the sender should the receiver receive email that doesn't pass SPF or DKIM tests. (forward, drop, bounce).
This is all at the domain level, not individual email address. And it is not easy for a human to use any of this to verify the sender. It does enable filtering services and software to reject mail with domain forgeries.
A good ISP/email provider should have their own internal controls to insure that the sender's return address is legitimate, but you should not count on that, and I doubt compliance is even as high as 50%.