Email from Google Workspace not reaching some/all accounts on icloud.com

[130s]

Found by a user's report in the org I volunteer.

CoS

• [x] Confirmed the issue.
• [ ] Determine whether repairable or not

[130s]

I created icloud email address following https://support.apple.com/guide/icloud/create-a-primary-icloudcom-email-address-mmdd8d1c5c/icloud Then I WAS able to send an email from my org's account to my icloud w/o any issue.

Important detail received from the reporter. This is the error s/he receives:

メールのブロック xxxxxxxx@icloud.com へのメールはブロックされました。詳しくは、下記の詳細な技術情報をご覧ください。 詳細 警告 このリンクは第三者のサイトに移動します

リモート サーバーからの応答: 554 5.7.1 [HM08] Message rejected due to local policy. Please visit https://support.apple.com/en-us/HT204137

[130s]

I was hoping Google Workspace would have already taken care of this by default, but that might not be the case. In 2021 thread someone recommends adding SPF and DKIM setting. I'll try doing this.

[130s]

Related, I got the following in my inbox that is on the domain on question and forwarding to another account on gmail.com.

Message blocked Your message to xxxxxxx@gmail.com has been blocked. See technical details below for more information.

The response was: 550 5.7.26 Your email has been blocked because the sender is unauthenticated. Gmail requires all senders to authenticate with either SPF or DKIM. Authentication results: DKIM = did not pass SPF [gjls.org] with ip: [209.85.220.41] = did not pass For instructions on setting up authentication, go to https://support.google.com/mail/answer/81126#authentication 5b1f17b1804b1-4316f589dfesor17547745e9.1 - gsmtp

[130s]

I call it done. Issues seen with gmail.com and icloud.com seem to be resolved so far.

DKIM is set on wix.com (DNS provider. I know...wix is probably more popular for web site hosting but apparently it also provides domain services, which this org uses), and email authentication is started on Google Workspace (pitfall: On the TXT entry on the domain provider, the Host value must include google._domainkey.%DOMAIN% (e.g. google._domainkey.aaa.org), which is not clarified on any instruction I've looked at).

Announcement to the group I manage.