Chuq Von Rospach, on the question of whether it was easy to send a bogus email through Apple’s internal announcement mailing list:
Well, I wrote the listserver used to distribute groups internal to Apple, so I can comment on this (a bit). The easy answer is “hell, no, Apple’s not an idiot”. But that doesn’t mean the server can’t be spoofed; any email system can be spoofed if you understand email and study the system. Someone here clearly did. It’s even somewhat possible that the message originated offsite (depending on how the list was configured), but one thing I can guarantee — wherever it originated, there was someone on the inside of the company who put time and energy into understanding how to spoof the system to make this work.