We're unable to send email to private relay address.
The server we're sending from is also the MTA, the domain is verified (with a checkmark) in and we're using (correctly configured) DKIM, DMARC (set to reject unauthenticated mail), and SPF (set to reject mail that doesn't match), but we're still getting this error:
550 5.1.1 Relay not allowed for <firstname.lastname@example.org
What could be wrong?
Our SPF record looks like this:
"v=spf1 a mx ip4:... ip4:... ip6:.../64 ip6:.../64 include:servers.mcsv.net include:_spf.google.com -all"
(again, the email is actually sent from the server matching 'a', not mailchimp or google)
I'm also able to verify that all the headers look right: Return-Path, From, and the smtp from all match both the verified domain and I've added it as an individual email address, Authentication-Results says "dkim=pass", "spf=pass", and "dmarc=pass (p=REJECT sp=REJECT dis=NONE)", the "d" value in the DKIM signature matches the domain, in short, everything seems to be set up properly.
Please see the documentation here: https://help.apple.com/developer-account/?lang=en#/devf822fb8fc
Your emails must pass either SPF or DKIM validation and then they must match a registered email source for your developer team in the WWDR portal.
It is not sufficient to simply pass SPF or DKIM. Your email sources must be registered to get through.