Private email relay service is not working after updating the Developer certificates

Hello,


After updating the developer certificates for my developer account, an email sent from our REGISTERED domain is not properly relayed to the private address.

The email has been bounced back to our sender with a


"550 5.1.1 Relay not allowed"


Our speculation is, by updating the developer certificate will cause an direct impact on our associated domain, regarding the "apple-developer-domain-association.txt".

We need a clear answer for why our relay was not working, due to yearly updates for our certificate will always cause disruption for our service if this speculation is true and is unexpected from our end.


Thanks in advance,

y4m4p

Replies

Adding some information torwards this case.


By decoding the "apple-developer-domain-association.txt" using Ruby's Base64.decode64 method, we have gathered the following information.


domain association text includes the following information

  • your Apple TeamId, domain(service Id), date of when the text was created
  • Apple Certification Authorirty info (?)
  • Apple iPhone OS Provisioning Profile Signing (?)
  • link to Apple PKI (https://www.apple.com/appleca)
  • some policy agreements for the certification (?)


For other values, I assumed they were binaries or encoded with some other format, but it seems likely that this text information is *signed* with some other certificate[s], and by revoking or updating that certificate[s] will most likely revoke this domain authentication information as well.


I believe this behavior is still undocumented, so we would like to have a clear and understandable document for this behavior as well in the Sign in With Apple documentations.

Sorry if this is documented, and if so, please add some documentation for this in the Sign in with Apple documentations (especially https://developer.apple.com/documentation/signinwithapplejs/communicating_using_the_private_email_relay_service) as well.


Sincerely,

y4m4p