Why are emails sent through Apple Private Relay going to spam?

Key findings

• Authentication rewriting: Emails sent via Apple Private Relay are signed with Apple's own SPF and DKIM records, leading to a passing DMARC authentication for Apple's domain (e.g., privaterelay.appleid.com). This rewriting of headers means the original sender's authentication is not directly visible to the receiving server.
• Shared reputation risk: Senders utilizing Apple Private Relay effectively share the reputation of Apple's relay service. If other senders using the same relay infrastructure engage in activities deemed spammy, it can negatively impact the deliverability of all emails flowing through it, regardless of the individual sender's practices.
• Inconsistent filtering: The problem is often observed when sending to specific receiving domains like Gmail, even when direct emails to the original address receive perfect inbox placement. This suggests that Gmail's filters might be reacting to the shared reputation or the specific characteristics of the relayed emails.
• Header modifications: Beyond authentication, Apple Private Relay might also modify or omit other standard email headers, such as List-Unsubscribe, which can influence spam filtering decisions by providers like Gmail.

Key considerations

• Review authentication: While Apple handles authentication for relayed emails, ensure your sending infrastructure's primary SPF, DKIM, and DMARC records are correctly configured. This ensures a strong foundational sender reputation.
• Monitor deliverability rates: Keep a close eye on your deliverability to Apple Private Relay addresses specifically, as well as your overall inbox placement.
• Communicate with users: Advise users who sign up with Apple Private Relay to check their spam or junk folders and to move your emails to their inbox. This positive interaction can help train mail filters.
• Review Apple's documentation: Familiarize yourself with Apple's guidelines for developers using Sign in with Apple's private email relay service to ensure compliance and understanding of their policies.

Key opinions

• Inconsistent deliverability: Marketers report that the exact same message, which delivers to the inbox when sent directly, lands in spam when sent through Apple Private Relay, particularly to Gmail recipients. This indicates a filtering decision based on the relay itself rather than content or sender reputation.
• Authentication appears passed: Even when examining email headers, authentication checks (SPF, DKIM, DMARC) show as passing, but attributed to Apple's relay domain, not the original sender. This makes traditional troubleshooting difficult.
• Impact on campaign analysis: The differing deliverability of relayed emails can skew campaign performance metrics, making it harder for marketers to accurately assess engagement and overall inbox placement for their subscriber base.
• Consider discontinuing Sign in with Apple: Some marketers are considering whether to continue offering 'Sign in with Apple' as a registration option if the associated deliverability issues persist and impact their ability to reach subscribers.

Key considerations

• Test thoroughly: Conduct A/B tests with relayed vs. non-relayed addresses to precisely identify the impact on deliverability. Use a deliverability tester to analyze headers.
• Educate subscribers: Inform users who sign up using Apple Private Relay that they might need to check their spam folder and mark your emails as not spam. This proactive step can improve engagement and help email filtering algorithms.
• Consider alternatives: Explore the trade-offs of offering 'Sign in with Apple' versus alternative sign-up methods if deliverability issues persist at scale, especially for critical transactional emails.
• Review list hygiene: While not directly related to Private Relay, maintaining a clean email list is always crucial. High bounce rates or complaints, even if not directly from relayed addresses, can impact overall sender reputation.

Key opinions

• Authentication ownership: Experts clarify that when Apple signs the DKIM, Apple takes ownership of the email's reputation. This transfer of ownership means the sender is largely at Apple's mercy regarding deliverability for these relayed messages.
• Machine learning challenges: Mailbox providers' machine learning filters struggle to differentiate between various legitimate senders when all emails are originating from a shared, masked relay. This lack of distinct sender signals makes it difficult for filters to accurately assess individual sender behavior and reputation.
• From address rewriting: The From: address itself is rewritten by Apple Private Relay, further contributing to the obfuscation of the original sender's identity from a reputation perspective.
• Temporary issue: Some experts believe this deliverability challenge may be temporary, expecting that machine learning filters will eventually adapt and find ways to distinguish between senders utilizing the private relay. However, this adaptation could take months.

Key considerations

• Understand the mechanism: It's critical to grasp how Apple Private Relay affects email authentication and header structure to diagnose issues effectively.
• Focus on content quality: Since direct sender reputation signals are diluted, focusing on highly engaging, relevant, and requested content becomes even more important to encourage positive user interaction.
• Monitor Apple's reputation: While you can't directly control it, Apple's relay reputation can impact your deliverability. Stay informed about any widespread issues affecting Apple's relay service.
• Advise users: It remains crucial to inform users about checking their bulk folders for your mail and explicitly pulling it out to the inbox, helping train receiving filters on legitimate content. This is one of the few actions you can take.

Key findings

• Privacy objective: Apple's private email relay service primarily aims to hide the real email address of the recipient, preserving their privacy by generating an automatically generated address that forwards mail. This core function is central to its design.
• Authentication handling: Apple employs Sender Policy Framework (SPF) to validate which email domains are permitted to send emails to the private relay email address. This means Apple is actively involved in the authentication process for relayed mail.
• Developer registration requirements: For 'Sign in with Apple,' developers must register their sending systems with Apple and are only permitted to send mail to those users from addresses registered with Apple. This control point is crucial for Apple to manage its relay's reputation.
• 'Hide my email' distinction: The 'Hide my Email' feature is distinct from 'Sign in with Apple' and allows any Apple Mail user to set up a secondary email address, which does not require the sender's address to be registered with Apple.

Key considerations

• Adhere to Apple's guidelines: Ensure your email sending practices comply with Apple's developer account settings for private relay to prevent mail from being blocked before it even attempts delivery.
• Understand header modifications: Recognize that Apple's relay actively rewrites headers, including authentication, which means your original sending domain's reputation may be less directly influential on relayed emails.
• Verify SPF configuration: Confirm that your SPF records are correctly configured, including for subdomains if you use them for sending, as Apple's developer tools may flag issues here, impacting deliverability.
• Adapt to privacy changes: As privacy features evolve, email senders need to adapt their strategies, especially concerning how email addresses like privaterelay.appleid.com are handled in marketing and transactional communications.