Click here to sign up for the Spam Resource newsletter

Apple: Private Relay vs Private Relay vs Hide my Email


Time to clarify a bit of confusion that I know people are having with Apple's private/hiding methodology for email privacy: Private Relay versus Private Relay versus Hide my Email.

Apple's got a couple ways that they let an end subscriber hide their email address from an email sender, while still allowing communication to go through. Let's review them.

  1. Apple Private Relay -- let's get this one out of the way first. Apple Private Relay can relate to both email sending and web browsing. On the web browsing side, Private Relay, a feature that comes with the paid iCloud+ service, "hides your IP address and browsing activity in Safari and protects your unencrypted internet traffic so that no one -- including Apple -- can see both who you are and what sites you're visiting. Learn more about that here. TL;DR? This particular bit doesn't have anything to do with email.
  2. "Hide My Email" addresses created automatically when you use Apple's "Sign in with Apple" functionality. Some email marketing senders end up calling this Apple Private Relay, because the email addresses are created under a specific Apple subdomain called privaterelay.appleid.com and for senders to be able to send email to these addresses, the sender has to be appropriately registered with Apple. If not, all mail attempts to privaterelay.appleid.com subscribers will be rejected. You should only ever have "privaterelay.appleid.com" email addresses on your list if they come from "Sign in with Apple" website/app registrations. There's no other way that such an address would legitimately come into an email sender's list. Senders register to be able to send mail to those subscribers via a process described here.
  3. Manually created "Hide my Email" addresses for iCloud+ users. Apple describes one way to configure them here. Another: Go to System Settings on your Mac. Click on your profile image/name at the top. Find the "Hide My Email" section under iCloud+. Click on the + sign and Apple will offer you up an alias address (example: devices.pruner.0v@icloud.com), let you label the alias, and let you specify where the mail should be forwarded to. (More on that process can be found here.) These aliases will always be icloud.com addresses, and anyone can send to them -- they don't require pre-registration, like with the "Sign in with Apple" hidden email address mechanism. Meaning that a user can give this alias address to company X, but if company X sells that email address to companies Y, Z, A and B, then you can disable the alias and prevent those folks from spamming you.

Addendum: Hey wait, doesn't this page say "privaterelay.appleid.com OR icloud.com"? Does that mean that there's a scenario where a company has to register with Apple to send to certain icloud.com addresses? From what I can tell, no. Send to icloud.com as you would normally do. I think Apple's just referencing both types of hidden addresses; user-initiated ones on icloud.com and "Sign in with Apple"-initiated ones (which are the only ones that use the privaterelay.apple.com domain). I wasn't able to find any way to create my own privaterelay.appleid.com email alias, nor was I able to find any way to end up with an icloud.com alias in a "Sign in with Apple" scenario (though a user certainly still can provide an icloud.com alias to a registration or signup form).

Correction: The private relay domain is "privaterelay.appleid.com," not "privaterelay.apple.com."

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

Previous Post Next Post