Custom Email Domain missing DKIM records

Phone support will not facilitate conversations with engineers about ticket status either. This has been in escalation since early December, and all tier 2 support will say is “I talked to engineering and they are still investigating,” which they tell me every 2 weeks or so.

To be honest, I disabled my test domain now. Apple just can’t do modern email. Even when fixing DKIM, there is just so much more as the simple IMAP protocol doesn’t really do it anymore. Then there is still this insufficient protection of my identity, 2-factor auth is awful. Then they can’t do calendars either as meeting invitations will not be sent automatically to non-Apple accounts (a real bummer, it is 2022, Apple…)

I now made a decision for my GSuite domains just last week and moved all of them to Microsoft 365 Family (Outlook.com) and Cloudflare Email (forwarding/inbound). (Note, Outlook.com does not require godaddy to be your domain registrar, google the Reddit article for this, really easy).

Outlook.com is a great alternative for families and personal emails. It is actually reasonably priced, just paid 110€ for 30 month. Totally acceptable and I already love to be able to combine the calendar with my M365 business account.

I’ve been looking at the changes in 15.4 and it looks like they are adding functionality to set up custom domains from within iOS. Maybe with this update they will actually complete the product and add DKIM. I’m going to call again today and push for an update.

Hopefully! It would be fairly contradictory to roll out the iOS configuration capability without getting the underlying functionality working first but thanks for offering to call - it's more than likely that these 'details' will get missed otherwise.

UPDATE:

This thing seems to be working now. I think they sorted it out. I also followed the insructions in different messages on this thread about turning off the Proxy setting and also removing the double quotes and going with single quotes. (Instead of " " use ").

I had to wait about 5 minutes then voila! It started working.

Also still having same issues.

Testing using https://www.learndmarc.com/

When sending from iPhone or Outlook :

>> Running DKIM

------------------

I see you haven't included a DKIM signature. Therefore, I am unable to authenticate the email and determine if the message was altered during transit. The Auth Result is none

When sending mail from icloud.com :

DKIM-Signature: d=icloud.com s=1a1hai

>> Running DKIM

------------------

I see you've included a DKIM signature. I've retrieved the public key from 1a1hai._domainkey.icloud.com

The signature passed validation. The Auth Result is pass.

But in this case the warning:

DKIM domain does not align with RFC5322.From domain (icloud.com != mydomain.com ). Alignment mode: relaxed.

--

So, still not solved.

(i.e. when using Google Workspace on another domain, I get all PASS. But Google allows you to create your own DKIM keypair for your domain, so you actually have a public key in your DKIM TXT record instead of CNAME pointing to icloud )

Yep, same here as well.

Where should we report this and, for those who have already reported, what do you suggest we say in the report? I want to be clear what the issue is, but yet at the same time, not have to jump through a million hoops just for them to eventually say "yeah, known problem, we're working on it."

This is incorrect @Nick_WGD. Case IDs are personal. You can't even look it up unless you know Case ID AND Last Name. I've worked with Apple support many times. It is always best to raise duplicate issues via support. I have been flat out told that by support agents. The more who report, the higher priority it gets. In other words, the squeaky wheel gets the oil.

I've just reported this issue too. Use the Get Support Link above. Be prepared to answer a lot of ridiculous questions. (i.e "does this happen on wifi or ethernet?") They really aren't great when it comes to "hey I have this issue too".

Hahaha! That’s good entertainment - thanks for spending the time. I run a software development business, have done for 25 years. Defects are triaged and and assigned a priority that determines how quickly they’re fixed - there are many factors that determine priority. Duplicate issues are the bane of develop teams because they occupy more development resource than consolidated issues.

Give them the link to this thread. It contains not only the link to the case that’s been raised, but most of the interested parties and details of all follow up comment.

As for IT advice, I’m good for now, thanks.

As I said above, I absolutely did give them the other ticket numbers and the link to this thread when I began the support chat. They seriously don't care. (I've had this happen many times with Apple Support). But I did insist they include it, because I know the engineering team will care.

I too work in IT (both engineer & support since 1995) and can not understand why the heck they seem to encourage duplicate tickets.

The last issue I had, I ended up with a very high level support person at Apple (shout out to Brenda!). She's the one who told me to encourage people here to report the issue via official Apple Support. She said it gets higher priority with the engineering team when more people report it. Having been both an engineer and support, this is very much true, even if you really don't want it to be. If your customers are freaking out about something, you're likely to prioritize it pretty high if there's no viable work around. Of course, how many people are freaking out, is all relative, but you know what I mean.

(Anecdotal I know, but my last issue actually did get fixed pretty quickly once I spoke with Brenda, then followed up for a couple of weeks. I know others were reporting it too. My BFF Brenda (LOL) told me so. It was a "portrait photos in Shared Albums" issue.)

That being said, they may not mind duplicate "Case IDs" as they call them. But internally they likely put all those Case IDs into one "issue ticket".

I've been keeping an eye on my CNAME record for DKIM and today there is a DKIM key at sig1.dkim.[domain].uk.at.icloudmailadmin.com! However, when sending from icloud.com, the message is not signed at all (previously it was signed by icloud.com). But this is definitely progress and it would seem that Apple are going to have this sorted pretty soon.

Becuase of your message I checked my domain again with an online checker tool and now for the first time I have a positive response that the DKIM for my domain and selector "sig1" is set up correctly.

Hi guys - I'm holding off transferring my domain to iCloud until the DKIM issue has been resolved in entirety. Looking at the posts today it seems like there has been progress in terms of the DKIM record being created but messages aren't being signed correctly yet - is that a fair representation of where we're at?

As I say I don't have first hand experience of switching to iCloud yet and as such nothing to check on my side.

I just sent a test email from Mac Mail app using my custom domain to a Gmail account.

The summary at the top of the "show original" now has this entry:

SPF:PASS with IP 17.58.63.177

DKIM: 'PASS' with domain mydomain.tld 

Where are few weeks ago, only the SPF line was there.

Additionally, there's also the "DKIM-Signature" line further down.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.tld; s=sig1; t={redacted}; bh={redacted}; h=From:Content-Type:Mime-

This wasn't there a few weeks ago either.

When you send from an iCloud address, though, you get this:

SPF:PASS with IP 17.58.63.184 

DKIM:'PASS' with domain icloud.com

DMARC:'PASS'

So things are looking better for sure.

Hi guys - an observation to share.

I've been considering moving my Apple ID email domain to Apple to have things more consolidated, but there's a shortcoming. There used to be the option to specify a 'Notification Email Address' that's used notify you when there's a login from an unknown browser / device. Apple have done away with this and those notification emails can only be sent to your Apple ID email address. This means that if you moved your Apple ID email account to iCloud and your Apple ID got hacked then the notification of the suspicious login would be sent to your iCloud account and the hacker could potentially delete the email before you had a chance to see it.

FYI.