I’ve moved a domain name to iCloud and using the iCloud+ Custom domain. It seems to be working fine but today I’ve come across an issue with Worldpay. I’ve placed an order with a website, but used my Gmail address - which is forwarded to my iCloud email.
However, this one was blocked by Apple. I can’t tell if this issue was with Google forwarding on. I assume from the message is that this would an issue with Worldpay, and if it wasn’t going to my Gmail account, I’d have never have received it?
The response from the remote server was:
554 5.7.1 Your message was rejected due to [worldpay.com](http://worldpay.com/)'s DMARC policy. See https://support.apple.com/en-us/HT204137 for info
The aim was to replace Fastmail (as I’m paying for two services) but if I’m going to run in to issues using Apple’s servers, it’s probably not going to be worth it.
Note that the stated reason for that rejection is “worldpay.com's DMARC policy.” As explained in the linked Apple Support document, Apple supports DMARC policies. In other words, when receiving an email with a valid policy, Apple will honor that policy. You can find more about DMARC at https://dmarc.org/.
I suspect the issue is that you are forwarding the email from your Gmail account. As Apple is seeing it as coming from an unauthorized sender, it fails the requirements of the policy so Apple rejects it (which is what the policy instructs them to do). See this FAQ regarding forwarded emails.
In other words, Apple is doing what they should be doing. They are properly honoring the policy set by wordplay.com. The issue is that wordplay.com has set a policy which does not allow their emails to be forwarded. Therefore, you will need to provide wordplay.com with the final email address which you want to receive emails from them.
You may find other email providers who ignore DMARC policies and allow your forwarded email through. However, those providers could begin supporting DMARC as any time and then you would have the same problem again. It is better to address the issue by honoring the policy rather than trying to get around it.
That makes sense. A shame, as I’ve been used Gmail as my catch all email address and I guess I could continue to do so. I mainly use Gmail as a primary email and then it would forward on to Fastmail , basically making Fastmail a backup of my Gmail - which to now has never had a problem.
However, I guess it’s time to move away from Gmail, in that instance and just use the iCloud email address or my custom one (which was generally reserved for friends/family/jobs and not shops).
This would be a great use-case for Apple’s Hide my Email service. Apple would still be handling receipt of the email from the original sender, so the policy shouldn’t obstruct it and the sender doesn’t have your personal email address.
I’d forgotten that feature - even though Apple bring it front and centre every time I try and use an enter an email on iOS. Certainly does sound like the ideal use case!
This is correct. I want to add that the reason why DMARC is failing on forwarded mail is because Apple hasn’t implemented support for RFC 8617, which is supposed to show an authentication chain and prevent authentication failures on forwarded mail that would otherwise pass authentication. Google, Microsoft, and Fastmail support this, and with a bigger push for authenticated mail these last few years, it’s a matter of time before Apple adds support too.