Three Months with Apple’s iCloud Mail Custom Domains

In August, Apple released iCloud+ with the ability to add a custom domain to iCloud Mail. After several months of full-time use, I wanted to share my experience, and some of the things to look out for if you’re considering making the move. In short, I’m optimistic but a bit disappointed in Apple’s progress offering custom domains to iCloud subscribers so far.

Background

I couldn’t wait to get my hands on iCloud Mail’s custom domains, silently announced as a new feature, part of the rebranded iCloud+ subscription service in June 2021. When choosing an email service few things are as important as privacy and security. I don’t want a tech company riffling through my emails to market ads to me, and it’s trivial to steal someone’s identity once you’ve gained access to their primary email account.

I also value portability; having the ability to move my domain from one provider to another without changing my address across a myriad of services. For years, I used FastMail with great success. The web interface is, well, fast and they provide fantastic security features. When HEY! was launched over a year ago, I decided to give the opinionated email service a go. I loved it initially, slowly learning to hate how heavy handed the design really was.

In July, I decided to move away from HEY and try the Microsoft Outlook Premium custom domain feature. This required me to move my name server hosting to GoDaddy of all places. While the service was rock solid, the features limited me to one domain and didn’t allow for the creation of alias addresses. I did love the security and privacy features though, such as masking image URLs and scanning and proxying links within emails to prevent phishing.

In late August, Apple released the custom domain feature in the beta version of iCloud.com. I quickly tried to configure it, but ran into issues with routing on their end. This was well documented in the beta period, and was only fixed just before the launch of iOS 15 in September. When the issue was resolve, I moved my primary domain over and haven’t (really) looked back. Through this time period, the forums over at MacRumors were a critical way for the handful of folks implementing the new feature to share what they’ve learned.

The Good, the SPAM, and the Ugly

I’ve used iCloud Mail with Custom Domains for my primary personal email since iOS 15 officially launched. Along with my primary domain, I have four “project” domains all configured as well. To be clear, I’ve had no issue with availability in this time, and no known issues with deliverability. There are some things that have me a bit annoyed, and I’m sharing this to help others before they take the leap.

The Good

1. The Apple Ecosystem — In typical Apple fashion, once configured, the service just works. When a new Apple device is configured with my iCloud account, my custom email shows up instantly. They’ve done a solid job of allowing for customization around alias/multiple emails per domain as well.
2. Privacy and Security — My iCloud account is locked down with Apple’s two factor authentication, requiring me to confirm on a device to log in. Apple doesn’t scan my emails to show me “relevant” ads, either. At the end of the day, for better or worse, I trust Apple to manage my data responsibly.
3. Pricing — iCloud+, including iCloud Mail with Custom Domains, is included in any paid iCloud storage plan and uses the storage you’ve purchased. As a 2 TB Family plan subscriber, primarily used for photo storage, email is just included. Cutting out a subscription is a huge benefit, even if the costs are relatively minimal. Each iCloud+ subscription comes with the ability to host five domains, with three address for each, and the ability to share with family members seamlessly.

The SPAM and the Ugly

1. Deliverability — [March 3, 2022: The DKIM alignment and authentication issue now seems to be resolved] There are some strange issues with the alignment of signatures for DKIM, a method used to validate the authenticity of a message. If sending from a device, alignment and authentication are completely off according to MxToolbox. If sending from iCloud.com, the authentication seems to be in place, but alignment is still off. This is something only Apple can fix. Right now this means that sometimes messages sent end upin the receiving person’s SPAM folder. Deliverability is the second most important aspect to an email provider (behind security and privacy), and this is really hurting my ability to confidently recommend iCloud’s custom email implementation to others.
2. Slow Web Interface — iCloud.com is a slow, ugly abomination. Email messages can take seconds to load, making the interface all but worthless for triaging when not using the client on a device. The design did get an upgrade recently, but it still doesn’t support threaded messages and is, again, painfully slow to load. This isn’t my primary interface for working with iCloud Mail, so I found it excusable, but would love to see Apple invest in bringing it up to snuff with the competition.
3. Search is Broken — On device search is serviceable, but can be slow when scanning older messages that are only on the server. Web search, the backstop for Gmail/Outlook/FastMail folks, is an absolute nightmare. There’s no way to search across folders, no type ahead capability, and, of course, a painfully slow interface.
4. Inconsistent SPAM Filtering — I find iCloud’s attempt to filter SPAM comical. A daily newsletter will land in SPAM 70% of the time and the inbox the other 30% with no rhyme or reason. Genuine messages may land in SPAM too, but sometimes end up in the actual inbox. Worst of all, I’ve had three terrible phishing attempts land in my inbox. After moving them to the SPAM folder, or marking them as junk, they seem to disappear as if Apple realized how dangerous the message really is.
5. One Mailbox — iCloud treats all custom domains as aliases to your iCloud email address. This means you have one, monster mailbox for all of the custom domains configured, any aliases for those domains, and the default iCloud email addresses (@icloud.com). While this is fine for my workflow, I’ve heard others consider this a deal breaker.

Finally, one last thing to note. There is a subset of folks who believe separating your email address from your Apple ID is a critical security measure. The school of thought follows the logic that, if you were to be locked out of your Apple ID, you would be unable to retrieve a code through your email to recover the account. There are two reason I don’t believe this is a substantial risk. First, when deploying a custom email address you can, at any moment, move to a new service with no intervention from the existing service. If I’m locked out of iCloud, I can log into my domain registrar and move my MX records to a new email service. Second, Apple has deployed a number of new features, include social recovery, to help those locked out of an account without resorting to email. I’ve set this up for my family, and believe others should as well.

Summary

To wrap, I’m clearly a fan of Apple and trust them with my data. I’m also excited to use my existing iCloud+ subscription to eliminate a dedicated email service subscription. With this in mind, I’m a bit bummed to see Apple missing, or botching, some pretty critical features. With their renewed investment in web services, and a fresh focus on business and education account management, I’m confident that many of these issues will be ironed out over the next year. For my use of personal email, I’m ok with iCloud’s shortcomings. If they’re not resolved by next year, though, I’ll likely look elsewhere for my email hosting needs.