In the comment section of the 404media article Joseph Cox writes when asked whether it reveals the icloud address the email is forwarded to or the apple id [0]:
> It reveals the email linked to the Apple ID.
So I assume you are right that it has nothing to do with the email itself, but prob some other service that links the obfuscated email to the appleid of the user.
[0] https://www.404media.co/apple-hide-my-email-vulnerability-re...