We're unable to send email to private relay address.
The server we're sending from is also the MTA, the domain is verified (with a checkmark) in and we're using (correctly configured) DKIM, DMARC (set to reject unauthenticated mail), and SPF (set to reject mail that doesn't match), but we're still getting this error:
550 5.1.1 Relay not allowed for <xxxxx@privaterelay.appleid.com
What could be wrong?
Our SPF record looks like this:
"v=spf1 a mx ip4:... ip4:... ip6:.../64 ip6:.../64 include:servers.mcsv.net include:_spf.google.com -all"
(again, the email is actually sent from the server matching 'a', not mailchimp or google)
I'm also able to verify that all the headers look right: Return-Path, From, and the smtp from all match both the verified domain and I've added it as an individual email address, Authentication-Results says "dkim=pass", "spf=pass", and "dmarc=pass (p=REJECT sp=REJECT dis=NONE)", the "d" value in the DKIM signature matches the domain, in short, everything seems to be set up properly.