Can't send email to private relay addresses: 550 Relay not allowed

We're unable to send email to private relay address.


The server we're sending from is also the MTA, the domain is verified (with a checkmark) in and we're using (correctly configured) DKIM, DMARC (set to reject unauthenticated mail), and SPF (set to reject mail that doesn't match), but we're still getting this error:


550 5.1.1 Relay not allowed for <xxxxx@privaterelay.appleid.com


What could be wrong?


Our SPF record looks like this:


"v=spf1 a mx ip4:... ip4:... ip6:.../64 ip6:.../64 include:servers.mcsv.net include:_spf.google.com -all"


(again, the email is actually sent from the server matching 'a', not mailchimp or google)


I'm also able to verify that all the headers look right: Return-Path, From, and the smtp from all match both the verified domain and I've added it as an individual email address, Authentication-Results says "dkim=pass", "spf=pass", and "dmarc=pass (p=REJECT sp=REJECT dis=NONE)", the "d" value in the DKIM signature matches the domain, in short, everything seems to be set up properly.

Accepted Reply

Please see the documentation here: https://help.apple.com/developer-account/?lang=en#/devf822fb8fc


Your emails must pass either SPF or DKIM validation and then they must match a registered email source for your developer team in the WWDR portal.

It is not sufficient to simply pass SPF or DKIM. Your email sources must be registered to get through.

Replies

Please see the documentation here: https://help.apple.com/developer-account/?lang=en#/devf822fb8fc


Your emails must pass either SPF or DKIM validation and then they must match a registered email source for your developer team in the WWDR portal.

It is not sufficient to simply pass SPF or DKIM. Your email sources must be registered to get through.