Hosted Discourse email deliverability to iCloud users using Hide My Email

One of our visitors had trouble with getting the confirmation email delivered to their usual email address.

Emails come through apparently without any sender email address, causing them to encounter an error in Cloudflare.

I don’t have enough access to confirm any of this. Any help?

I had a few minutes to try and help, plus I tend to raise an eyebrow when someone claims “bug”.

Hope it helps.

It sounds like it’s not iCloud, but icloud “Hide My Email”.

You can try turning off normalize emails site setting. it turns out that making up bogus email addresses to keep Discourse from knowing your real email address is exactly the same as making up bogus email addresses so that you can create hundreds of accounts.

You’ll need to decide whether you want to allow people to create accounts with email addresses that aren’t their real email address, it seems.

1 Like

Okay, I actually have iCloud+, so I tried using Hide My Email (ntrdl-2025), and it worked fine. It turns out that’s not the problem, either.

Anything else that I should try?

If we can get a clear explanation of the problem, we can look into it.

e.g. how does Cloudflare figure into this?

This means that only emails sent from designated email addresses by the app or website will be automatically forwarded to the verified email address set on your Apple Account.

Does sending to the hidden email work only from a single sender? How does iCloud key on this? Does it use From? Envelope-From? Sender?

For any hosted sites we can look up delivery records for individual emails via the outgoing queue ID from /admin/email-logs. Any self-hosted sites will need to do the same with their mail provider.


I took a look at the logs to see if I could figure out Dir’s problem - everything below is anonymised.

In Dir’s case there were three emails sent from the rust site that got delivered:

timestamp,queueid,message
2025-06-29T19:54:24.000Z,60Axxxxxxxx,client=unknown[2602:fd3f:3:112:0:242:ac11:10]
2025-06-29T19:54:24.000Z,60Axxxxxxxx,message-id=<c39588c5-xxxxxxxxxxxxxxxxxxxxxxxxxxx@users.rust-lang.org>
2025-06-29T19:54:24.000Z,60Axxxxxxxx,"from=<incoming+verp-e5bxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@rust-lang.discoursemail.com>, size=4556, nrcpt=1 (queue active)"
2025-06-29T19:54:28.000Z,60Axxxxxxxx,"to=<dxxxxxxxxxxxxxxx@icloud.com>, relay=mx02.mail.icloud.com[17.57.154.33]:25, delay=4.1, delays=0.01/0/0.55/3.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D2xxxxxxxxx)"
2025-06-29T19:54:28.000Z,60Axxxxxxxx,removed
2025-06-29T19:56:20.000Z,2A7xxxxxxxx,client=unknown[2602:fd3f:3:108:0:242:ac11:1f]
2025-06-29T19:56:20.000Z,2A7xxxxxxxx,message-id=<d72180b5-xxxxxxxxxxxxxxxxxxxxxxxxxxx@users.rust-lang.org>
2025-06-29T19:56:20.000Z,2A7xxxxxxxx,"from=<incoming+verp-ea8xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@rust-lang.discoursemail.com>, size=4556, nrcpt=1 (queue active)"
2025-06-29T19:56:23.000Z,2A7xxxxxxxx,"to=<dxxxxxxxxxxxxxxx@icloud.com>, relay=mx02.mail.icloud.com[17.57.156.30]:25, delay=3.4, delays=0.01/0/0.41/3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B9xxxxxxxxx)"
2025-06-29T19:56:23.000Z,2A7xxxxxxxx,removed
2025-06-29T20:24:33.000Z,C8Cxxxxxxxx,client=unknown[2602:fd3f:3:104:0:242:ac11:1f]
2025-06-29T20:24:33.000Z,C8Cxxxxxxxx,message-id=<c5db2547-xxxxxxxxxxxxxxxxxxxxxxxxxxx@users.rust-lang.org>
2025-06-29T20:24:33.000Z,C8Cxxxxxxxx,"from=<incoming+verp-9bfxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@rust-lang.discoursemail.com>, size=5589, nrcpt=1 (queue active)"
2025-06-29T20:25:36.000Z,C8Cxxxxxxxx,"to=<dxxxxxxxxxxxxxxx@icloud.com>, relay=mx02.mail.icloud.com[17.57.156.30]:25, delay=63, delays=0.01/60/0.4/2.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DAxxxxxxxxx)"
2025-06-29T20:25:36.000Z,C8Cxxxxxxxx,removed

and also bounces for each of these in the Bounced log, e.g.:

From: Mail Delivery System <mailer-daemon@icloud.com>
To: incoming+verp-e5bxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@rust-lang.discoursemail.com
Message-ID: <20250629195443.xxxxxxxxxxxx@outbound.ms.icloud.com>
Subject: Undelivered Mail Returned to Sender

This is a system-generated message to inform you that your email could not
be delivered to one or more recipients. Details of the email and the error are as follows:


<exxx@actualemaildomain.com>: host route1.mx.cloudflare.net[162.159.205.13] said:
    550 5.7.1 missing or invalid address in From: header. tUExxxxxxxxx (in
    reply to end of DATA command)

Ah. That explains how Cloudflare comes into it - it’s the actual MX for Dir’s email domain.

Setting aside the laughable result of iCloud forwarding a bounce message containing the user’s actual email address to the sender, it seems the problem is between iCloud and Cloudflare.

iCloud is, at a guess, probably using SRS to wrap the actual Envelope-From address when sending to Cloudflare, but Cloudflare is rejecting it.

I don’t see how Discourse could possibly do anything different here - it’s doing everything asked of it? The problem evidently lies elsewhere.

2 Likes

Yes, this seems like a non-working email setup. Thank you for helping diagnose it!

1 Like