Sign In With Apple

If your app or website supports Sign In With Apple, you must configure the same in Apple developer configuration to ensure your emails are delivered to users with Apple Relay IDs (ending with @privaterelay.appleid.com). Otherwise, your emails will either get bounced or quarantined by the Apple Relay Service, which means that users with the Apple Relay Email IDs will not see your email in their mailboxes. For more information, refer to Sign In With Apple.

Signing In with Apple

SignInWithApple.png

With the release of iOS 13, Apple introduced a feature called Sign in with Apple that allows users to authenticate or sign in to websites and apps that support signing in with Apple IDs. Hide My Email is a privacy feature available since this release, where users who do not prefer to reveal their email addresses to a service can hide it from the service by creating app-specific email addresses. These email addresses are called Apple private relay email addresses and are available in the following format: <unique-alphanumeric-string>@privaterelay.appleid.com> 

For more information, refer to Hide My Email.

How do Apple Relay IDs work?

If users do not prefer revealing their email addresses to a service, they can hide them by creating app-specific email addresses, termed "Apple private relay" email addresses". In this case, the service has visibility to the Apple Relay ID alone and can use the same for email communication. When emails are sent to these Apple relay addresses, they are automatically forwarded to the user's mailboxes.

info

Note

Suppose the sender tries to send an email to a different private relay address not associated with their service. In that case, the email will get bounced with the reason listed as 'unauthorized sender'. This ensures that spam emails do not reach the user's mailbox, even if the private relay address gets shared.

Apple Developer Configuration

To ensure the emails are delivered to users using their app-specific email addresses, Apple has laid out a set of steps that senders/developers must perform to deliver emails successfully. 

  1. Log in to your Apple Developer account.
  2. Navigate to Certificates, Identifiers & Profiles in your Apple Developer account. For more information, refer to Apple Resources.
  3. Click Services in the sidebar.
  4. Click Configure under Sign in with Apple for Email Communication.
  5. In the Email Sources section, click the add button (+).
  6. Enter a comma-delimited list of the “Individual Email Addresses” or the “return-path/envelope domains” that will be used for email communication.
    • Find the individual email addresses for SendGrid configuration.
    • Find the envelope domains for other configurations.
  7. Click Next.
  8. Confirm the email sources entered and click Register. The table will display if the registered email source passed an SPF check.
info

Information

If any of the sources show SPF failure, review the DNS configuration.

Find the Individual Email Addresses for SendGrid configuration

The format of the sign-in Apple address is bounces+12345@mail.example.com, where 12345 is your SendGrid account ID, and mail.example.com is the authenticated domain in your SendGrid account.

  1. Log in to your SendGrid account.
  2. Navigate to Settings > Sender Authentication > Domain Authentication.
  3. Copy your Sign In With Apple Address.
    Apple 1.png
info

Information

If you have multiple domains set up in your Sendgrid account, you must add each.

For a MoEngage-SendGrid account, contact your CSM or raise a support ticket for the "Sign In With Apple Address" that needs to be added to your Apple Developer account.

Find the Envelope Domains for Other Configurations

  1. Send an email to yourself (preferably to a Gmail ID) from all the configured domains.
  2. Click on the tiny inverted triangle symbol below the sender ID as shown below:
    Apple 2.png
  3. Look for the mailed-by field in the header information. This is the return path/envelope domain for your sending domain.
  4. Repeat this for all configured “from addresses”.
info

Information

If there are authentication failures, configure DNS records first.

For a MoEngage-<service_provider> account, contact your CSM or raise a support ticket for the "Sign In With Apple Address" that needs to be added to your Apple Developer account.

Was this article helpful?
2 out of 3 found this helpful

How can we improve this article?