At long last, and without much fanfare but a mere byline in the new macOS Monterey website, Apple has launched support for custom domains in iCloud+. For those who did not watch the keynote, iCloud+ is just a new name for the paid tiers of iCloud. If you've bought extra storage, then you've got iCloud+ and it also includes some neat new features like Private Relay, a sort of VPN that will stop ISPs from tracking you, Hide My Email, which allows you to create unique, random email addresses that forward to your personal inbox, and HomeKit secure video, to store footage from HomeKit compatible cameras.
While Gmail and Microsoft have allowed you to use a custom domain for a while now, Apple had notoriously not supported it on their email offering. It is a welcome addition for those fully in the Apple ecosystem who are already paying for iCloud and want to consolidate providers. It is also great for families, as you can give email addresses to family members via Family Sharing. Now, it is worth mentioning it is not a service for power users; while you can add up to five domains and three addreses per user, that's about the extent of the customizability. There are no distrbution lists, catch-all support or any advanced features. One feature I do forsee being a great fit, is the ability to have shared mailboxes via Family Sharing, however this does currently exist.
How do you actually set it up? The steps are pretty much the same as any other provider.
First, log into icloud.com on a web browser.
One you've logged in, go to Account Settings and scroll down until you see the new Custom Email Domain section:
If the email you want to add already exists as an Apple ID alternate contact, you must remove it first from appleid.apple.com, as Apple will add it when you create the mailbox, so it cannot already exist in your Apple ID.
If this is a new domain or you do not have any existing email addresses, skip Step 2. If you try to add the addresses here, it will send a verification email that will never arrive as they do not exist yet. Go straight to Step 3 and add the DNS records in your DNS provider.
This step should be familiar to anyone who has configured an email service before. You will add the MX records, a TXT to verify you own the domain, the SPF record and the DKIM key pointer. You should add a total of five records. The DNS records that you need to add are as follows, but keep in mind the verification TXT and the DKIM CNAME are unique to you:
|MX||@ (or your domain)||mx01.mail.icloud.com||10||3600|
|MX||@ (or your domain)||mx02.mail.icloud.com||10||3600|
|TXT||@ (or your domain)||apple-domain=your_string||3600|
|TXT||@ (or your domain)||v=spf1 redirect=icloud.com||3600|
|Type||Hostname||Destination / Points to||TTL|
Since this service is aimed at devs with personal domains or family domains, it is not expected one will send emails from other sources, hence the redirect mechanism in the SPF. If you do have other sending sources, place them before the redirect, as anything after will not be considered and remove the ~all, like this:
v=spf1 include:spf.example.com redirect=icloud.com
It will then ask you what email do you want to send as by default in iCloud your new custom domain or your icloud.com address. Pick an option and continue. If you did not add any pre-existing addresses, just continue.
Once the setup is done, you can manage your domain addresses and add or remove as needed. Here is where you would add the addresses if you skipped that section while setting up the domain. The addresses should sync down to your devices soon afterwards and will be available as options when composing an email.
Once you're setup I have not experienced any issues with delivery, either inbound or outbound. There is currently an issue with DKIM alignment on outbound emails, but it should not affect anyone as it would only be a problem if the SPF lookup fails and you have a restrictive DMARC policy (which I'd wager most people setting this up won't have).
If you run into any issues, feel free to shoot me an email or tweet - happy to help troubleshoot!