Custom Email Domain missing DKIM records

Same problem here. No update on this?

Worst case you can use another SMTP server in the meantime. So you can use iCloud only to receive email.

Do you have the ticket ID? I'm happy to get on their case and press them to get an ETA from the developers.

Hi there. I have a support ticket open for the missing DKIM records with Apple since end of October. Not so much progress on the ticket and it was not easy to get the DKIM subject explained to support. Anyway I have had several contacts now and shared a lot of information and evidence with support and currently it sits with engineering.

To be honest, I disabled my test domain now. Apple just can’t do modern email. Even when fixing DKIM, there is just so much more as the simple IMAP protocol doesn’t really do it anymore. Then there is still this insufficient protection of my identity, 2-factor auth is awful. Then they can’t do calendars either as meeting invitations will not be sent automatically to non-Apple accounts (a real bummer, it is 2022, Apple…)

I now made a decision for my GSuite domains just last week and moved all of them to Microsoft 365 Family (Outlook.com) and Cloudflare Email (forwarding/inbound). (Note, Outlook.com does not require godaddy to be your domain registrar, google the Reddit article for this, really easy).

Outlook.com is a great alternative for families and personal emails. It is actually reasonably priced, just paid 110€ for 30 month. Totally acceptable and I already love to be able to combine the calendar with my M365 business account.

As I said above, I absolutely did give them the other ticket numbers and the link to this thread when I began the support chat. They seriously don't care. (I've had this happen many times with Apple Support). But I did insist they include it, because I know the engineering team will care.

I too work in IT (both engineer & support since 1995) and can not understand why the heck they seem to encourage duplicate tickets.

The last issue I had, I ended up with a very high level support person at Apple (shout out to Brenda!). She's the one who told me to encourage people here to report the issue via official Apple Support. She said it gets higher priority with the engineering team when more people report it. Having been both an engineer and support, this is very much true, even if you really don't want it to be. If your customers are freaking out about something, you're likely to prioritize it pretty high if there's no viable work around. Of course, how many people are freaking out, is all relative, but you know what I mean.

(Anecdotal I know, but my last issue actually did get fixed pretty quickly once I spoke with Brenda, then followed up for a couple of weeks. I know others were reporting it too. My BFF Brenda (LOL) told me so. It was a "portrait photos in Shared Albums" issue.)

That being said, they may not mind duplicate "Case IDs" as they call them. But internally they likely put all those Case IDs into one "issue ticket".

Becuase of your message I checked my domain again with an online checker tool and now for the first time I have a positive response that the DKIM for my domain and selector "sig1" is set up correctly.

OK, I tested a second domain and messages are not being signed as well. Maybe this is something Apple is rolling out and not covering all custom domains yet. In short, I have 1x custom domain working as expected and1x returning DNS record but no DKIM alignment.

Ok this is interesting... I just tested from https://www.icloud.com/mail/

It did not work properly...

Also tried using learndmarc:

So what this tells me, since it all works fine from iPhone mail and Mac mail apps, my DNS records are set up properly.

iCloud.com/mail is not adding the DKIM signature headers. Which seems odd since I'm pretty sure they were being added on Mar 8 as I tested all 3 situations then (Mac Mail, iPhone mail, iCloud.com/Mail).

I think some folks here are sending from their @icloud address and reporting positive DKIM signing and not the actual custom domain. I've tried with two domains now and they're still not signed from either Web or Apps. DNS Records are 100% correct.

I've removed and re-added a domain just yesterday and even used Apple's built-in Cloudflare verification & setup but still the same. Have you guys enabled any of the private relay stuff? Maybe there's a connection here.

So this is getting super weird — I know found that as soon as I'm connected with NordVPN and send out email, ALL checks incl. DKIM alignment pass via mail.app on Monterey. As soon as I disconnect, DKIM check fails.

Same issue here. Using CloudFlare for DNS. Even Apple is unable to verify the DKIM record.

Usually no. Just set the hostname to _dmarc.

It seems fixed and “dig sig1.dkim.[example.com].at.icloudmailadmin.com. TXT” returns a record.

Strange, as for me, messages are not being signed at all (but the DNS record exists).