You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

đź“° Apple Fitness+ unveils an exciting lineup of new ways to stay active and mindful in 2025

Offerings include new programs for strength, pickleball, yoga, and breath meditation, and a new collaboration with Strava. Learn more >

User profile for user: Lammiwinks
Lammiwinks Author
User level: Level 1
8 points

Mail cannot function in IOS 18.2 if iCloud Private Relay is blocked at a network level

Hi Team,


As many of you are aware there are many use cases for blocking iCloud Private Relay at a network level. Most notably if using a DNS Filter like NextDNS, Pi-hole etc, or if on an enterprise network performing traffic inspection - as having private relay on bypasses these security controls.


According to Apple's own documentation the best way to force devices to disable private relay is as follows:

The fastest and most reliable way to alert users is to return either a "no error no answer" response or an NXDOMAIN response from your network’s DNS resolver, preventing DNS resolution for the following hostnames used by Private Relay traffic. Avoid causing DNS resolution timeouts or silently dropping IP packets sent to the Private Relay server, as this can lead to delays on client devices.


On these two addresses:

mask.icloud.com
mask-h2.icloud.com


However there is an issue. Ever since IOS 18.2 if you block these addresses the Mail App will not connect properly or download messages. Whitelisting these restores mail functionality but enables devices to use private relay / bypass security controls.


It's a poor experience for Apple Mail users, especially those who aren't aware of this, who just assume Mail is working poorly.


Apple - can you fix in a software update? I assume some recent change is loading part of mail through these - but it's painful for those of us trying to run a secure network!

Posted on Jan 5, 2025 2:27 PM

Reply
1 reply
User profile for user: 3JB
3JB
User level: Level 1
8 points

Jan 6, 2025 9:13 PM in response to Lammiwinks

We experience the same issue. Mail is using the domains even with everything related to private relay and hiding IPs turned off.


Mail seems to try downloading categories per sender domain. Thus we turned categories and showing contact photo's off (contact photo's is also showing category by icon). To no avail.


For every email received or sender domain Apple services are contacted in order to lookup this information. If this fails mail because the aforementioned domains are blocked Mail gets stuck downloading x messages.


Apple has tied itself this decentralized communication channel in inacceptabel way to make something like categorizing possible. It puzzles me how this idea has become reality.

Reply

Mail cannot function in IOS 18.2 if iCloud Private Relay is blocked at a network level

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up