If your app or website supports Sign in with Apple, you must configure your Apple developer account. This ensures emails are delivered to users who use Apple Relay IDs (email addresses ending with @privaterelay.appleid.com). Without this configuration, Apple's private relay service may bounce or quarantine your emails, preventing users from receiving your messages in their inboxes. For more information, refer to Sign In With Apple.
Sign In with Apple
With the release of iOS 13, Apple introduced the Sign in with Apple feature. This allows users to authenticate or sign in to websites and apps using their Apple IDs. A privacy feature, called Hide My Email, is available with this release. Users who prefer not to share their actual email addresses can create unique, app-specific email addresses. These are called Apple private relay email addresses and use the format: <unique-alphanumeric-string>@privaterelay.appleid.com. For more information, refer to Hide My Email.
How do Apple Relay IDs work?
If users do not prefer revealing their email addresses to a service, they can hide them by creating app-specific email addresses, termed "Apple private relay" email addresses. In this case, the service has visibility to the Apple Relay ID alone and can use the same for email communication. When emails are sent to these Apple relay addresses, they are automatically forwarded to the user's mailboxes.
| info |
Note Suppose the sender tries to send an email to a different private relay address not associated with their service. In that case, the email will get bounced with the reason listed as 'unauthorized sender'. This ensures that spam emails do not reach the user's mailbox, even if the private relay address gets shared. |
Apple Developer Configuration
To ensure the emails are delivered to users using their app-specific email addresses, Apple has laid out a set of steps that senders/developers must perform to deliver emails successfully.
- Log in to your Apple Developer account.
- Navigate to Certificates, Identifiers & Profiles in your Apple Developer account. For more information, refer to Apple Resources.
- Click Services in the sidebar.
- Click Configure under Sign in with Apple for Email Communication.
- In the Email Sources section, click the add button (+).
- Enter a comma-delimited list of the “Individual Email Addresses” or the “return-path/envelope domains” that will be used for email communication.
- Click Next.
- Confirm the email sources entered and click Register. The table will display if the registered email source passed an SPF check.
| info |
Information If any sources show an SPF failure, review the DNS configuration. |
Find the Individual Email Addresses for SendGrid configuration
The format of the sign-in Apple address is bounces+12345@mail.example.com, where 12345 is your SendGrid account ID, and mail.example.com is the authenticated domain in your SendGrid account.
- Log in to your SendGrid account.
- Navigate to Settings > Sender Authentication > Domain Authentication.
- Copy your Sign In With Apple Address.
| info |
Information If you have multiple domains set up in your SendGrid account, you must add each. |
For a MoEngage-SendGrid account, contact your CSM or raise a support ticket for the "Sign In With Apple Address" that needs to be added to your Apple Developer account.
Find the Envelope Domains for Other Configurations
- Send an email to yourself (preferably to a Gmail ID) from all the configured domains.
- Click on the tiny inverted triangle symbol below the sender ID as shown below:
- Find the mailed-by field in the header information. This is the return path/envelope domain for your sending domain.
- Repeat this for all configured “from addresses”.
| info |
Information If there are authentication failures, configure DNS records first. |
For a MoEngage-<service_provider> account, contact your CSM or raise a support ticket for the "Sign In With Apple Address" that needs to be added to your Apple Developer account.