Apple's developer docs on the Private Email Relay Service are relevant to those evaluating the technicals of AnyList's position. Three specific highlights from that doc are relevant when considering AnyList's objections:
After the user has shared a private relay email address with your app, they can find, view, and manage it in their account settings at Settings > Apple ID > Password & Security > Apps Using Your Apple ID.
The relay server transforms your email address so it’s readable to the user. For example, sales@xyz.com may become sales_at_xyz_com_<something>@privaterelay.appleid.com instead of a random email address. Replies from the user are still routed back through the service to preserve the user’s privacy.
To send emails to users with private email addresses, you must register your outbound emails or email domains and use Sender Policy Framework (SPF) to authenticate your outbound emails.
https://developer.apple.com/documentation/sign_in_with_apple...
After the user has shared a private relay email address with your app, they can find, view, and manage it in their account settings at Settings > Apple ID > Password & Security > Apps Using Your Apple ID.
The relay server transforms your email address so it’s readable to the user. For example, sales@xyz.com may become sales_at_xyz_com_<something>@privaterelay.appleid.com instead of a random email address. Replies from the user are still routed back through the service to preserve the user’s privacy.
To send emails to users with private email addresses, you must register your outbound emails or email domains and use Sender Policy Framework (SPF) to authenticate your outbound emails.