Apple one time email addresses

At WWDC 2019 Apple announced “Sign in with Apple.” This is a service that allows iOS users to log into different applications with private, dedicated email address. When developers send mail to that address, Apple will forward it to the email address associated with the users AppleID. App developers that offer any third party log in will be required to also offer AppleID log in.


icon of a padlock with an at sign on it

Apple has set up a private email relay service for this program. Program users must register their sending email domain and addresses and publish SPF records for that domain.


In order to send email messages through the relay service to the users’ personal inboxes, you will need to register your outbound email domains. All registered domains must create Sender Policy Framework (SPF) DNS TXT records in order to transit Apple’s private mail relay. You can register up to 10 domains and communication emails. Configure Private Relay

Not only are Apple protecting their user’s email addresses, but they’re also denying access to anyone who is not preregistered. This means any stolen apple addresses are likely to be invalid after they’re stolen from the initial sender.

I do have to wonder what deliverability will be like. This is just a forwarding service so there are questions about how this will affect marketers.

  1. When registering addresses, do you need to register the 5321.from, 5322.from or both?
  2. Will the relay server rewrite the 5321.from?
  3. If the relay server rewrites the 5321.from, how will that interact with companies using only SPF authentication for DMARC?
  4. If the relay server doesn’t rewrite the 5321.from, how will that interact with companies who use only SPF authentication for DMARC?
  5. Will the relay server make any changes that break DKIM?
  6. When forwarding to domains that have DKIM based FBLs will FBL mails reveal the recipient address to the marketer?
  7. What happens to mail coming from an unregistered email address?
  8. How do users unsubscribe from emails? Will Apple include the private email address in emails?
  9. How is Apple going to maintain the reputation of their relay IP addresses?

I’ve got mail into Apple asking if they’ll answer some technical questions about this. We’ll see if they answer.

Related Posts

Collecting email addresses

One of the primary ways to collect email addresses is from website visitors, and it’s actually a pretty good way to collect addresses. One of the more popular, and effective, techniques is through a pop-up window, asking for an address. Users need to provide an address or click a “no thanks” link or close the window. I’ve noticed, though, that many companies drop something passive aggressive in their “no thanks” button. “No, thanks, I don’t want to save money.” “I don’t need workout advice.”

Read More

I subscribed to what?

Tomorrow is GDPR day. That’s the day when the new Global Data Protection Regulations take effect in the EU. I’m sure everyone reading this blog has seen dozens, if not hundreds, of blog posts, articles, webinars, and guidance docs about how to comply. I’m not going to rehash it because, other folks know this better than me.
There are a some things I’m finding fascinating watching  this whole GDPR thing.
First, the number of companies who have my addresses and I don’t know why. Take Newsweek (yes, the magazine people). They’re sending GDPR notifications to my LinkedIn address. I can’t figure out why they’re harvesting / buying addresses from LinkedIn. Then there’s SALESmango who are some company that started spamming me a few years ago and refuses to accept unsubscribe request. They’re sending me opt-in requests. Yeah, no, go away. I told you to stop, but wow, you won’t.
Another interesting piece is just how much I’ve signed up for over the last 18 – 20 years I’ve been using this set of addresses. Wow. So much mail. And, generally, I thought of myself as relatively careful in who I gave email addresses to. I don’t normally go around dropping addresses into forms but even a couple a month adds up over 20 years.
Then there are the companies violating CAN SPAM in one way or another. Sending mail to unsubscribed addresses and refusing to include an opt-out link are the two things I’ve seen regularly. Yeah, no. I think it’s safe to say that if I’ve opted out from receiving your mail, you should probably put my data away in a dark closet and not touch it again. But.. but.. but… But nothing. Go away. As for the lack of an unsubscribe link, get over yourself. You’re not that special. I don’t think that this really is something that counts for exemption.
Also, is there an official template? So many of these emails look identical. I have to give credit to whomever did it first. Because if plagiarism is the sincerest form of praise, you have an entire industry praising you.
Finally, it’s been amusing to watch the general frustration with all the GDPR mail. It seems many people are getting tired of the deluge. That’s OK, though, it should end by Saturday. Or so we can only hope.
 

Read More

Conversations with spammers

It’s amazing how many spammers try and fool deliverability into accepting a questionable list. All too often they fall back on a story. The basic points: a company you’ve never heard of collected millions of email addresses on a website hosted on a low end VPS.

I’ve never heard of your company. We’re just that much better at marketing. This list is guaranteed 100% opt in. Subscribers are desperate to hear from us. The mail is vital and important. We had some problems at our last ESP, but that’s just because they don’t understand our business model. And we had a brief problem with complaints. But they weren’t real complaints. Our competitors are signing up for the list and complaining to hurt out business. It’s not a list problem, it’s that we’re so dominant they have to subvert us. That’s just because we’re that much better at their jobs than anyone else.
You’re looking for deliverability help. Well, yeah, sometimes Gmail delivery is bad, but that’s simply because we won’t pay Google money for advertising. Google is so afraid of us they deliberately filter all this spectacularly wanted email into the bulk folder. They have problems with us as a business. Oh, and we might, sometimes, occasionally have a minor problem with Yahoo. But, again, it’s because we threaten them and they don’t want to have to compete on a level playing field.
If they’re a potential customer, I tell them about our services and offer a proposal. Once some company I’ve never heard of tells me their bad delivery is because global companies are afraid of them, there’s really nothing I can do. They’re unlikely to listen to me explain reality to them.
Sometimes, though, this conversation happens because I’m consulting for an ESP or an Agency. They’ve brought me in to discuss deliverability with a customer or vendor. In those cases, it’s my job to keep going.
Your site doesn’t actually have a signup form. That’s because we’re in the middle of an upgrade cycle and had some problems with the back end. [Alternative: We stopped collecting new email addresses because of their deliverability problems and removed the form.] Your site has a signup form, and I signed up, but never got any mail from you. We disconnected the signup form while we handle our deliverability problems. [Alternative: That shouldn’t happen. We can forward you some messages instead.] I have received spam advertising your company. We had a rogue affiliate that we discovered was spamming and we cut them off.
No, this is direct from your IP space. Oh, well, you must have opted in and forgotten about it. [Alternative: We had a rogue sales guy, but we fired him for spamming.] Your company has only been in business for 3 years, this is an address I haven’t used since the ’90s. Oh, we probably bought a company that you opted into and so have permission that way.
That’s not really permission. Of course it is!
OK…. How can I help you. We want you to call Google / Yahoo / Hotmail and tell them we’re really a legitimate company that’s sending content and we shouldn’t be in the bulk folder.
What have you changed? Nothing! Why would we change anything? We’re great marketers. We have all these plans but need to get back to the inbox before we can implement them.
Um… there’s no filter setting for “laura says they’re a good sender.” They’re going to look for new sending patterns so let’s change a few things. Well, we recently removed 2/3 of our database, but it made no difference so we don’t know what else you think we can do.
Let’s talk about your technical setup.

Read More