At WWDC 2019 Apple announced “Sign in with Apple.” This is a service that allows iOS users to log into different applications with private, dedicated email address. When developers send mail to that address, Apple will forward it to the email address associated with the users AppleID. App developers that offer any third party log in will be required to also offer AppleID log in.
Apple has set up a private email relay service for this program. Program users must register their sending email domain and addresses and publish SPF records for that domain.
In order to send email messages through the relay service to the users’ personal inboxes, you will need to register your outbound email domains. All registered domains must create Sender Policy Framework (SPF) DNS TXT records in order to transit Apple’s private mail relay. You can register up to 10 domains and communication emails. Configure Private Relay
Not only are Apple protecting their user’s email addresses, but they’re also denying access to anyone who is not preregistered. This means any stolen apple addresses are likely to be invalid after they’re stolen from the initial sender.
I do have to wonder what deliverability will be like. This is just a forwarding service so there are questions about how this will affect marketers.
- When registering addresses, do you need to register the 5321.from, 5322.from or both?
- Will the relay server rewrite the 5321.from?
- If the relay server rewrites the 5321.from, how will that interact with companies using only SPF authentication for DMARC?
- If the relay server doesn’t rewrite the 5321.from, how will that interact with companies who use only SPF authentication for DMARC?
- Will the relay server make any changes that break DKIM?
- When forwarding to domains that have DKIM based FBLs will FBL mails reveal the recipient address to the marketer?
- What happens to mail coming from an unregistered email address?
- How do users unsubscribe from emails? Will Apple include the private email address in emails?
- How is Apple going to maintain the reputation of their relay IP addresses?
I’ve got mail into Apple asking if they’ll answer some technical questions about this. We’ll see if they answer.
I guess this is good for those who are willing to share their Apple sign-in with various sites/applications. Personally, I sign into each and every site individually, siloing my Internet experience as much as possible (not very much, but I do what I can).
It does not seem right to me for Apple to take that level of control, but I am an outlier in many things, so I expect that others feel differently.
It sounds like this will only be compatible with icloud email addresses. So the relay might not even be a true relay.
I am really worried about people who shut off the email address because they don’t like the marketing getting shut out of receipts (for any purchases made outside of the app). I’m also worried about people calling in to customer service with an account tied to an email address that they might not even know.