About “Sign in with Apple”
Since iOS 13, the “Sign in with Apple” feature allows developers to offer a new single sign-on (SSO) option. Just like Google / Facebook SSO, it allows users to create an account that will be tied to their Apple ID. In fact, developers must include that option in their app if the app already offers other third-party SSO solutions.
When logging in, users can choose to:
Share their email address (e.g. firstname@domain.com).
Or to hide it using the “Hide My Email” feature. That feature relies on Apple's private email relay service. It creates a unique, random email address that forwards emails to the users’ personal email address. Here is an example:
Sending an email to an address behind Apple’s Private Relay
Whether users decide to share their email addresses with the service or not, an additional setup is required to deliver emails to these email addresses.
You will need to declare to Apple the subdomain you are using, so Apple can whitelist it when forwarding the emails to the users.
To do so, you need to take the following steps:
Go to the Apple Developer console, click “Certificates” and then go to “Services” in the left panel.
Click “Configure” in the “Sign in with Apple for Email Communication” block.
Then, click “+”, type the list of bounce subdomains set up with Batch and save. Bounce subdomains have the following format bounce.name.domain.com (e.g. bounce.hello.mycompany.com).
From the subdomain list, click “(Re)Verify SPF” if it is not already green.
If the SPF is validated, send a test to an email address tied to an Apple account from Batch dashboard: