If you have recently implemented Apple Sign In and you are wondering why automated emails in the @privaterelay.appleid.com are bouncing then you are in the right place. I recently had exactly this issue and struggled to find a simple explanation of a solution to the problem.
Why have Apple implemented Apple Sign In?
Apple implement Apple Sign In to protect users real email addresses from being misused. They do this by handing over a relay email address when a user signs up to a platform rather than a users actual email address.
Then by knowing what websites a user has signed up to using Apple Sign In, they are able to gate-keep what emails the user is sent. So for example, if an email was sent to a users @privaterelay.appleid.com email address from a domain that they never created an account with, then the email will be blocked and not relayed onto the users actual email address. This is a really neat way to keep their users emails private and protect them from spam!
So how do I set it up?
So, there are a couple of reasons why emails from your domain to the users Apple ID relay email address are bouncing. Here is a step-by-step guide on how to ‘stop the bounce’
Step 1: Using your own ‘MAIL FROM’ Domain
If your emails are being sent from something like Amazon Web Services, MailChimp or SendGrid, then they are probably being send using a ‘Mail From’ domain related to your email provider rather than your domain.
You can resolve this by adding your own ‘Mail From’ domain. In Amazon Web Services Console, do the following:
- Open Simple Email Service (SES)
- Click on ‘Email Addresses’ in the left hand menu
- Click on the email address that needs a custom Mail From Domain.
- Create a Mail From Domain. This is a subdomain of your main domain e.g. email.yourdomain.com
- If you are using another email provider for your personal emails, then from what I understand, you cannot use the same ‘mail’ for your subfomain if it is already used. E.g. I used email.yourdomain.com rather than mail.yourdomain.com as the latter is already used for my personal emails.
- Then leave other default settings and click the ‘Set Mail From Domain’ button.
When you click the ‘Set Mail From Domain’ button as described above, the following screen loads with all the DNS setting you will need to add to your domains DNS records.
If you use AWS Route 53, then you may be given the option to automatically add the records to your domains DNS settings. If not, then copy these records and add each of them .
Copy the MX and TXT records as follows:
Adding the SPF and DKIM records to your domains DNS records is really important because Apple requires these before it will relay any emails from a users @privaterelay.appleid.com onto their actual email address.
Here is the AWS documentation if you need any more information: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/mail-from.html
Step 2: Configuring Sign in with Apple for Email Communication
This step basically registers the email address and domain of the email address with apple. When you do that, Apple checks that your SPF and DKIM records have been correctly configured in your domains DNS records.
- Open your Apple Developer Account and then click on Certificated, IDs & Profiles
- Next you need to click on ‘More’ in the left hand menu and the the blue Configure button in the centre of the screen
- Then add your domain and subdomain. The subdomain is the ‘Mail From Domain’ (e.g. email.domain.com) that you created earlier.
- Next you need to add the email address that your emails are sent from via Amazon Web Services, MailChimp or SendGrid etc.
If all of your SPF and DKIM setting have been correcly added to your domain’s DNS records, then you should get a green tick icon next to each email address and domain registered.
When you have completed the above, Apple will be able to recognise and validate emails being sent from your domain to a specific @privaterelay.appleid.com email address and the bouncing emails will hopefully come to an end 🙂