Emails to privaterelay.appleid.com bouncing

Hi,


We are using "Sign in with Apple" to onboard users to our system. We need to send instructions to the user using the email provided at signup. We use Mandrill in the backend to send emails. I have configured the sender email in "Individual Email Addresses" under "Certificates, Identifiers & Profiles" in developer account (& it shows a green check mark). The emails sent to private relay addresses (e.g. xxxxxprm23@privaterelay.appleid.com) bounces.


I have verified another email using gmail & it works fine.


Am I missing some settings?



-------------Bounce message from Mandrill-----------------------------------

Received: from mail178-28.suw51.mandrillapp.com (unknown [198.2.178.28])

by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id C5BCA20EF5

for <bounce-md_31096458.5d52843d.v1-61f4bb207bb443e7a3d9e4482eb7beb3@mandrillapp.com>; Tue, 13 Aug 2019 09:34:54 +0000 (UTC)

Date: Tue, 13 Aug 2019 09:34:54 +0000

From: postmaster@mail178-28.suw51.mandrillapp.com

Subject: Delivery report

To: bounce-md_31096458.5d52843d.v1-61f4bb207bb443e7a3d9e4482eb7beb3@mandrillapp.com

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

boundary="report5D52843E@mail178-28.suw51.mandrillapp.com"





--report5D52843E@mail178-28.suw51.mandrillapp.com

Content-Type: text/plain



Hello, this is the mail server on mail178-28.suw51.mandrillapp.com.



I am sending you this message to inform you on the delivery status of a

message you previously sent. Immediately below you will find a list of

the affected recipients; also attached is a Delivery Status Notification

(DSN) report in standard format, as well as the headers of the original

message.



<xxxxxprm23@privaterelay.appleid.com> delivery failed; will not continue trying



--report5D52843E@mail178-28.suw51.mandrillapp.com

Content-Type: message/delivery-status



Reporting-MTA: dns;mail178-28.suw51.mandrillapp.com

X-PowerMTA-VirtualMTA: mail178-28.suw51.mandrillapp.com

Received-From-MTA: dns;pmta05.mandrill.prod.suw01.rsglab.com (127.0.0.1)

Arrival-Date: Tue, 13 Aug 2019 09:34:53 +0000



Final-Recipient: rfc822;xxxxxprm23@privaterelay.appleid.com

Action: failed

Status: 5.1.1 (bad destination mailbox address)

Remote-MTA: dns;smtp4.privaterelay.appleid.com (17.57.8.145)

Diagnostic-Code: smtp;550 5.1.1 bad mailbox name

X-PowerMTA-BounceCategory: bad-mailbox



--report5D52843E@mail178-28.suw51.mandrillapp.com

Content-Type: text/rfc822-headers



DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mandrill; d=oya.world;

h=From:Subject:List-Unsubscribe:To:Message-Id:Date:MIME-Version:Content-Type; i=welcome@oya.world;

bh=Ops6f/AgWvI27tyFlbRhsYYWTqOPpMm/99FtJ/vbAkU=;

b=ZyT9AzPQ4TJM+s0zXmp9FZyQOLWH2g8FF424o84vD9z3gaNgBL8UuTt9ZLVqDUvpNT4Zgl1lx2Zt

s1l++42QqfiKzNs/k+EEkhukc4wO6aO0N/ETiVx88HPDO5L3sHnaFh7AR/7ibvcepdgi/wLu1Oi2

kwRyG1yYZeoKbgMxFQo=

Received: from pmta05.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail178-28.suw51.mandrillapp.com id haa23s22s10h for <xxxxxprm23@privaterelay.appleid.com>; Tue, 13 Aug 2019 09:34:53 +0000 (envelope-from <bounce-md_31096458.5d52843d.v1-61f4bb207bb443e7a3d9e4482eb7beb3@mandrillapp.com>)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;

i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1565688893; h=From :

Subject : List-Unsubscribe : To : Message-Id : Date : MIME-Version :

Content-Type : From : Subject : Date : X-Mandrill-User :

List-Unsubscribe; bh=Ops6f/AgWvI27tyFlbRhsYYWTqOPpMm/99FtJ/vbAkU=;

b=j7KbsqOEd5ne5OxhO1V1d3jrClWzwhaQ+i6PVGLzgM7MoOYiSBRhK5PCmPIJsxSiigqDhx

RlVQBLmcKVo0f/m+/qtxV0cU0oODP4YsZnc8b4uDhxjSKQBG0kUiFg5FTagNWmqKAAfdVEmL

FVL780ppE+A+W+FoMVMEW3Bvk7H74=

From: "[TEST] OYA" <welcome@oya.world>

Subject: [TEST] Download OYA Data-only eSIM using this QR code

Return-Path: <bounce-md_31096458.5d52843d.v1-61f4bb207bb443e7a3d9e4482eb7beb3@mandrillapp.com>

List-Unsubscribe: <mailto:unsubscribe-md_31096458.5d52843d.v1-61f4bb207bb443e7a3d9e4482eb7beb3@mailin1.us2.mcsv.net?subject=unsub>

To: <xxxxxprm23@privaterelay.appleid.com>

X-Report-Abuse: Please forward a copy of this message, including all headers, to abuse@mandrill.com

X-Report-Abuse: You can also report abuse here: http://mandrillapp.com/contact/abuse?id=31096458.61f4bb207bb443e7a3d9e4482eb7beb3

X-Mandrill-User: md_31096458

Message-Id: <31096458.20190813093453.5d52843d50edc9.32051422@mail178-28.suw51.mandrillapp.com>

Date: Tue, 13 Aug 2019 09:34:53 +0000

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="_av-aFtqyPtvVIKqh7D4k70iuw"



--report5D52843E@mail178-28.suw51.mandrillapp.com--

Answers

I've had similar problems, and I haven't received an effective response from Apple. Have you solved it?

No, waiting for a reply from Apple.

Prasanth-


Thank you for this report.


It's important to understand that the email address given to the developer (you), in this case: xxxxxprm23@privaterelay.appleid.com

may only be used from the email domains (with SPF records) or full email addresses registered in the Developer Portal. It is not currently possible for you as a developer to hand that email address to a third-party and expect to be able to route through the privaterelay.appleid.com MTAs. Unfortunately, it's also not possible to register any third-party domain such as mandrillapp.com as one of your email source domains.


At this time, mail API services that send email from their own MTAs on behalf of their developer customers do not work through privaterelay.appleid.com. The only available workaround currently is to setup your own MTA and emit mail from one of your registered domains.


We are aware of this issue and are working on a solution that would allow developers to use these mail API services.


Stay tuned...

Post not yet marked as solved Up vote reply of lnb Down vote reply of lnb

Hi,


Thanks for the answer.


Bit more explanation about our setup:


We have registered our own doamin (e.g oya.world). We have configured "Mandrill" as our email sending server using the SPF records in our domain. The SPF entry in "oya.world" is "

v=spf1 include:spf.mandrillapp.com ?all
", which clearly says to expect emails from the IP addresses listed in the SPF record for "spf.mandrillapp.com


References:

1) https://mandrill.zendesk.com/hc/en-us/articles/205582267-About-SPF-and-DKIM

2) https://www.dmarcanalyzer.com/spf/spf-record/

We have a similar issue (configured DNS to use mailgun), but because we cannot authenticate a mailgun server with Apple, we trued instead to register complete specific email address under the "Individual Email Addresses" setting.


That setting does not seem to work either.


I registered my own gmail address, as well as emails from few other providers, and NONE of them can deliver to the relayed email. Yahoo, Gmail, Zoho - every individual email address I tried is getting blocked.


Is the "Individual Email Addresses" option - not functional?


We have completed the "sign in by aple id" feature, for all platforms: web, mobile safari, and native ios. Yet without the email relay feature working we cannot release it.


Apple, please advise the status of that. Either configuration with Mailgun for all emails coming from a custom subdomain on a mailgun server (i.e. "mg.xxxxxxx.com") OR using the "Individual Email Addresses" which seems not to be working at all.


Thank you,

Z.

Any update on this?


I too cannot get the individual email address list to work either.

Hi, we are facing the exact issue, with Mailgun and Zoho in the picture. Can you shed some light on how you worked around this?

We have also the same issue with mailgun.

Hi,


Given that the deadline for implementing Sign in with Apple is approaching, it would be good to know if and how this issue could be fixed.

Does anyone have any update on this?

And does anyone know if it applies to emails sent through Zendesk for support? where the domain would be company.zendesk.com;


Thanks,

Kind regards

Solution:
  1. Head to "Certificates, Identifiers & Profiles" section at developer.apple.com

  2. Click "More" in the left sidebar, then "Continue".

  3. Click "Email resources +" and add your domain and email.