Unable to Send Emails to Private Relay Service

We have registered the full email addresses on the developer portal and they have green ticks next to them but are unable to send emails from them still, they just bounce back. We have also published a spf record for our domain, does anyone else have this problem? How can we fix it?

Up vote post of gemmaPerigee Down vote post of gemmaPerigee
17k views
Posted by
gemmaPerigee
Reply

  • hi I have solved this issue please checkout my solution, if it works for you, give me some credit then haha

    https://medium.com/@nmpyt21/mandrill-send-to-apple-private-email-e7514f74d8be

    cherylsmart
Add a Comment

Accepted Reply

Please make sure that you're actually sending your emails from the domains you have registered.

If you use a third-party mail service (like AmazonSES, SendGrid, or MailChimp), it does not work yet.


Also, if you have an example <anonymousUserId>@privaterelay.appleid.com, we can try looking in the logs.

Posted by
lnb
Up vote reply of lnb Down vote reply of lnb
Post marked as solved
Add a Comment

Replies

Hey there, finally got sendgrid to work (problem was the mail address had been added to Drop list and would not resend mail - fyi unblock from "supression" in sendgrid).

But we have the same problem as @shreyafromncr, we have thumbs up by apple for our domain, individual email address, added txt gsuite gmail line but apple relay doesn't receive the email. help?
Posted by
renderpolygons
Up vote reply of renderpolygons Down vote reply of renderpolygons
Add a Comment
Hey there

A user with a relay email address does not receive our emails from gmail in gsuite. We have thumbs up by apple for our domain, individual email address, added txt gsuite gmail line but apple relay doesn't receive the email.

I am trying to understand out whether the messages in this thread asking Apple to add 3rd party support also means Gmail/Gsuite is currently not supported to send email to apple's relay email addresses?

Please help us understand
Posted by
renderpolygons
Post not yet marked as solved Up vote reply of renderpolygons Down vote reply of renderpolygons
Add a Comment
In order to send email messages through the relay service to the users’ personal inboxes, you will need to register your outbound email domains. All registered domains must create Sender Policy Framework (SPF) DNS TXT records in order to transit Apple’s private mail relay. Please ensure the source emails and domains are properly registered for your developer account, and that you have Private Email Relay notification enabled to detect misconfigurations and receive periodic emails of failed deliveries.

All outbound emails sent through the Private Email Relay service must be authenticated with the Sender Policy Framework (SPF) and/or DomainKeys Identified Mail (DKIM) protocol. This is to prevent spam and ensure that messages sent to your users only come from your registered source email addresses and email domains. We recommend authenticating outbound emails using both SPF and DKIM, if possible.

For additional information, please see Developer Account Help: Sign in with Apple - Configure Private Email Relay Service > Authenticating Your Domains

Using SPF Authentication
The domain in the envelope sender (also known as the MAIL FROM, bounce, or Return-Path address) must be registered in the Domains section of Certificates, Identifiers & Profiles. This domain must pass SPF validation, and the registered domain and envelope sender domain must match exactly to pass the private relay service SPF check.

Using DKIM Authentication
If you use an email service provider that uses their domain in the envelope sender of your outbound emails, you must sign your emails with DKIM to meet the private relay’s email authentication requirements.
The DKIM domain (the d= value in your DKIM signature) will be matched against the domain used in your email’s From: address (aka the header From: address) that is registered in the Domains section Certificates, Identifiers & Profiles. To pass the private relay’s DKIM check, the DKIM signature must pass verification, the DKIM signature must include the From: address, and the DKIM domain and the domain in the From: address must match exactly.

Registering Valid Source Domains and/or Emails
After the private relay authenticates inbound emails with either SPF or DKIM, it will also match the source email or domain against your registered email domains or email addresses.

You must register and validate every source email domain or subdomain you intend to use. If you do not own a domain configured for email, you can register individual source email addresses. For example, if you want to send emails from “john@example.com” and “john@sales.example.com” you must choose to register source email domains as “example.com” and “sales.example.com” or you may choose to register individual source email addresses as “john@example.com” and ”john@sales.example.com”.

If you want to send email addresses from any other source (for example, “john@help.example.com”) you must also register “help.example.com” or “john@help.example.com” as a separate source.

If you do not register all the source domains or emails that you use, email sent to the private relay service will result in a bounce message.

Configuring Your Email Service Provider (ESP) Account
If you send outbound emails with email service providers such as Amazon SES, Mailchimp, or SendGrid, the SPF record you publish for your email sending domain should look similar to examples below. The “include” mechanism in the SPF record authorizes your email service provider’s mail servers to send on behalf of your domain.

  • SPF TXT Record for example.com to support using SendGrid example.com. IN TXT "v=spf1 include:sendgrid.net ~all"

  • SPF TXT Record for example.com to support using Amazon SES example.com. IN TXT "v=spf1 include:amazonses.com ~all"

  • SPF TXT Record for example.com to support using Mailchimpexample.com. IN TXT "v=spf1 include:servers.mcsv.net ~all"

Posted by
ppinkney
Post not yet marked as solved Up vote reply of ppinkney Down vote reply of ppinkney
Post marked as Apple Recommended
Add a Comment
Hello @ppinkney

Thanks a bunch for your instructions. After adding DKIM (SPF wasn't enough) users receive our emails !

Cheers!
Posted by
renderpolygons
Post not yet marked as solved Up vote reply of renderpolygons Down vote reply of renderpolygons
Add a Comment
if we use "gmail.com"? It's necessary SPF record? How i can configure it? Can someone make an example?
Posted by
Nicotp
Up vote reply of Nicotp Down vote reply of Nicotp
Add a Comment
Has anyone gotten Mailgun to work with these DKIM instructions? If so do you have any advice? Per the instructions in Domain settings > DNS records, we have a TXT record with host=mx._domainkey.somedomain.site, value='k=rsa; p=<long base64 data>' and there is a green check indicating it matches on the Mailgun settings. We also have the SPF record. On the Apple portal side, the page where we 'Configure Sign in with Apple for Email Communication' (https://developer.apple.com/account/resources/services/configure), it shows a green check for SPF, no mention of DKIM.

We have not received the failure report from Apple yet.

We're using nodemailer to issue the mail to Mailgun.
Posted by
bnvyekldfg
Up vote reply of bnvyekldfg Down vote reply of bnvyekldfg
Add a Comment

We use Mailchimp and Mandrill. We've followed the instructions here and at https://help.apple.com/developer-account/#/devf822fb8fc. We've setup SPF:

v=spf1 include:servers.mcsv.net include:spf.mandrillapp.com ~all

But nothing is working.... Is there any other details that we should be aware of?

Posted by
akao
Up vote reply of akao Down vote reply of akao
Add a Comment

hi I have solved this issue please checkout my solution, if it works for you, give me some credit then haha https://medium.com/@nmpyt21/mandrill-send-to-apple-private-email-e7514f74d8be%C2%A0%E2%80%94%C2%A0%C2%A0cherylsmart%C2%A02 minutes ago Edit this post

Posted by
cherylsmart
Up vote reply of cherylsmart Down vote reply of cherylsmart
Add a Comment