Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iCloud+'s New Custom Email Domain Feature Now Available in Beta

Jeaz said:
Yeah, but you can't mix that with custom domain. It will let you add the domain, but not add emails. And if you change to an iCloud.com address, and then change back afterwards, you'll get a message that aliases aren't allowed as Apple IDs. Might change later, but that's how it seems to work for now.
Click to expand...
Works perfectly fine here
 
Weird.. just checked my domain with several DNS checker available.
Seems my CNAME isn‘t known - but MX lists fine

could this be a reason?

A7F7BAE6-2CD7-46F5-8465-1F3501048057.jpeg

8A26D079-EBAE-4E92-B7A9-90C5A12ED352.jpeg

51111A4C-91DF-41E3-93E8-8DABF4AC0702.jpeg
 
LutzRFrank said:
Weird.. just checked my domain with several DNS checker available.
Seems my CNAME isn‘t known - but MX lists fine

could this be a reason?
Click to expand...
When you look up CNAME keep in mind you don't do it on your apex domain. Look for "sig1._domainkey.yourdomain.tld"
 
Got one domain/email address working. Now I’ve tried with 3 other domains, and while I can add domains, I can’t add email addresses. I get “there was a problem adding this email address. Try again later.” No matter what address I try, on any of those domains. Even adding a new address to the domain that already is working doesn’t work. *shrug*
 
LutzRFrank said:
How can i do this? The tools i found take only the domain name
Click to expand...
Literally input "sig1._domainkey.yourdomain.tld" (just substitute yourdomain.tld for yours, and without the ") into one of these tools.
スクリーンショット 2021-08-27 23.20.06.png

This IS a domain name.
 
Has anyone seen where to add a S/MIME certificate for the iCloud domain, or iCloud based email addresses on iOS? For other accounts, you just have to import the certificate, and then it shows up under "Advanced".

For iCloud, there doesn't appear to be a way to set this up on iOS, other than configure the iCloud server as a separate IMAP/SMTP account. Am I missing something? Under MacOS, I'm able to sign messages through the hosted domain with the build-in Mail app without a problem.
 
radioactive said:
Has anyone seen where to add a S/MIME certificate for the iCloud domain, or iCloud based email addresses on iOS? For other accounts, you just have to import the certificate, and then it shows up under "Advanced".

For iCloud, there doesn't appear to be a way to set this up on iOS, other than configure the iCloud server as a separate IMAP/SMTP account. Am I missing something? Under MacOS, I'm able to sign messages through the hosted domain with the build-in Mail app without a problem.
Click to expand...
I have selected the certificate (already previously imported) by going to Settings > Your Name on top > iCloud > Mail (all the way at the bottom of that screen below all the 3rd party apps) > Advanced > S/MIME options on the bottom. There I could select the right certificate.
 
  • Like
Reactions: radioactive
ScooterComputer said:
Instead of using wildcard or catch-all on a domain, I usually recommend folks use a nonsensical (not easy to guess) alias "address" and sub-address aliasing. So, like com+apple@domain.com, where "com" is the address alias, and addresses are kind of in "reverse Java notation", only with "+" instead of ".". This makes it much easier to clamp down on all the garbage you get using wildcard/catch-all, while keeping all the benefits of filtering. Can use b2c+ or whatever. Then block delivery to messages sent only to the alias address.

HOWEVER… although iCloud allows "+" sub-address aliasing, apparently this Custom Domain feature does NOT, according to a poster over at 9to5Mac who tested it for me. Which is lamentable. A missed opportunity, IMHO.

Outlook-dot-com allows aliases and "+" sub-address aliasing; Gmail only supports "+" sub-address aliasing. (Providers using qmail will use "-" instead of "+; which I prefer, since "-" had been in use for quite a while, so truncating addresses on the "-" generally gets you a failed delivery, whereas dropping the "+" and "tag" gets you a legit Gmail address.) Really need to support both for things to work best. So Apple is supporting aliasing… but not sub-address aliasing… yet, I hope.

Others are also reporting that Custom Domain doesn't allow single-letter addresses. Which I use. Grrrr. Not sure why that would matter.
Click to expand...

I wonder if addresses with + in them with custom domains not working is a bug right now? If I send an email to existingname+test@mydomain.com I get a ‘too many hops’ error response back. However, if I use nonexistingname@mydomain.com I get an error back that says address not found.
 
  • Like
Reactions: ScooterComputer
njmitchel0 said:
There are additional employees. Your reasoning is the limited number email addresses per domain?
Click to expand...

I don't know how many employees you have but you can only up to 5 family members I think. Regardless of the limit, you have to add those people to your Family account for them to be able to use it. If you're ok with that then by all means, go for it. But IMO, it's still too early and too buggy to use for work. You also have to be on iOS 15 Beta for it to work.
 
Last edited:
  • Like
Reactions: njmitchel0
Well, that was surprisingly painless.

They let you change the email address associated with your Apple ID now, so I was able to disassociate mine from my main email address which uses my own domain, thus allowing me to set up my own domain in iCloud.

I just added the DNS settings Apple provided and I could receive emails straight away, I had to restart my iPad to be able to send them, but now it’s working flawlessly.

I also added a dmarc entry as suggested by https://www.mail-tester.com/, now I get a 10/10 there.

For those people finding they get marked as a phishing email in gmail, it could be largely because your email was very short, that’s what happened to mine (caused a low score on mail-tester too). Add a picture or something in to your test emails and it’s fine (my first was just “test email”).
 
Last edited:
mazz0 said:
Well, that was surprisingly painless.

They let you change the email address associated with your Apple ID now, so I was able to disassociate mine from my main email address which uses my own domain, thus allowing me to set up my own domain in iCloud.

I just added the DNS settings Apple provided and I could receive emails straight away, I had to restart my iPad to be able to send them, but now it’s working flawlessly.

I also added a dmarc entry as suggested by https://www.mail-tester.com/, now I get a 10/10 there.

For those people finding they get marked as a phishing email in gmail, it could be largely because your email was very short, that’s what happened to mine (caused a low score on mail-tester too). Add a picture or something in to your test emails and it’s fine (my first was just “test email”).
Click to expand...
Thanks for this. I added the DMARC entry as well. Curious why Apple doesn’t include that step since they include SPF and DKIM.
 
  • Like
Reactions: mazz0
NightFox said:
Anyone trying this with a 1and1-hosted domain, I've discovered that 1&1 don't allow underscores in their CNAME entries, but the iCloud DKIM string includes one. It seems that people have been asking them to rectify this since at least 2018, so I'm not holding my breath for them to change this any time soon.

It looks like I'm going to have to change my domain hosting company, maybe to LCN.co.uk as I have a couple of domains with them already, but I don't want to go through the process and cost of transferring only to find it won't work with them either.

Before I do, has anyone managed to set this up with 1&1?

Edit: Having just been on a chat with 1&1 CS, they've told me they don't even support DKIM records. Time to find a new host!
Click to expand...
Move your domain to CloudFlare. They have the lowest renewal fees and the best control panel for DNS management.
 
davidventer said:
Move your domain to CloudFlare. They have the lowest renewal fees and the best control panel for DNS management.
Click to expand...
Unfortunately CloudFlare has a quite limited TLD list. Sure, all the big US ones but lots of national domains missing.
 
sniffies said:
More and more people are reporting this weird "too many hops" error when sending email to their custom domain.

The consensus is that it only affects older iCloud users who joined the service during either iTools, .Mac or MobileMe days. In other words, if your iCloud email address has either @mac.com or @me.com alias (in addition to @icloud.com), you are affected. If your iCloud email address only has @icloud.com ending, you are not affected.

Only Apple can fix this. There's nothing you can do, except report it.
Click to expand...
I have .mac and .me and I’m able to receive email to my custom domains just fine. However, the first custom email I’ve added won’t allow me to send from the address. All subsequent domains and addresses I’ve set up since can both send and receive, and they also appear as “send as” options in Apple Mail on all my Apple devices.
 
if I dig my domain, I get :

; <<>> DiG 9.10.6 <<>> domain.de CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56457
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.de. IN CNAME

;; AUTHORITY SECTION:
domain.de. 600 IN SOA ns1045.ui-dns.org. hostmaster.1und1.com. 2017060187 28800 7200 604800 600

if I dig the sig1-key, I get

<<>> DiG 9.10.6 <<>> sig1._domainkey.domain.de CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25584
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sig1._domainkey.domain.de. IN CNAME

;; ANSWER SECTION:
sig1._domainkey.domain.de. 2135 IN CNAME sig1.dkim.domain.de.at.icloudmailadmin.com.


is this expected behaviour?
 
LutzRFrank said:
if I dig my domain, I get :

; <<>> DiG 9.10.6 <<>> domain.de CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56457
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.de. IN CNAME

;; AUTHORITY SECTION:
domain.de. 600 IN SOA ns1045.ui-dns.org. hostmaster.1und1.com. 2017060187 28800 7200 604800 600

if I dig the sig1-key, I get

<<>> DiG 9.10.6 <<>> sig1._domainkey.domain.de CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25584
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sig1._domainkey.domain.de. IN CNAME

;; ANSWER SECTION:
sig1._domainkey.domain.de. 2135 IN CNAME sig1.dkim.domain.de.at.icloudmailadmin.com.
Click to expand...
Same here but I still wonder how you can get the actual value from that CNAME. I used to think that DKIM records should be TXT.
 
just for fun, analyzed a "too many hops" emails raw format and it shows "only 26 Received entries"
Is this already too much?

Return-path: <address@icloud.com> Received: from tcp-daemon.ms60012.mac.com by ms60012.mac.com (Oracle Communications Messaging Server 8.0.2.5.20200127 64bit (built Jan 27 2020)) id <0QYJ00C06H0QXO00@ms60012.mac.com>; Sat, 28 Aug 2021 07:34:02 +0000 (GMT) Received: from pv33p00im-smtpin003.me.com ([17.142.194.139]) by ms60012.mac.com (Oracle Communications Messaging Server 8.0.2.5.20200127 64bit (built Jan 27 2020)) with ESMTP id <0QYJ00GBAH0QCP70@ms60012.mac.com> for name@domain.de; Sat, 28 Aug 2021 07:34:02 +0000 (GMT) Received: from mr85p00im-zteg06012001.me.com (mr85p00im-zteg06012001.me.com [17.58.23.197]) by pv33p00im-smtpin003.me.com (Postfix) with ESMTPS id 2163045356 for <name@domain.de>; Sat, 28 Aug 2021 07:34:01 +0000 (UTC) ...
 
cube4ever said:
Same here but I still wonder how you can get the actual value from that CNAME. I used to think that DKIM records should be TXT.
Click to expand...
You would need to look up the TXT record, yes. CNAME isn't specific to a single record or record type, it's just the canonical name of that other name. If you have an A record of x.x.x.x at example.com and you specify that example.com is the CNAME for hello.example.org, then looking up the A record of hello.example.org will give you x.x.x.x -- even though hello.example.org does not (and cannot have) its own A record.

LutzRFrank said:
just for fun, analyzed a "too many hops" emails raw format and it shows "only 26 Received entries"
Is this already too much?
Click to expand...
For beer brewing, 26 hops is not too much. But for sending email, well it depends on how the servers in-between are configured. Old sendmail version had 17 as max hop count, I think now it's 25. So seeing an error after 26 makes sense.

And I just looked it up: http://www.faqs.org/rfcs/rfc2821.html If you would follow RFC, then mail servers should allow at least 100 hops! (section 6.2) But the real world begs to differ I guess.
 
  • Like
Reactions: LutzRFrank
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back