Catch-all addresses are a must have for me now. I allocate unique addresses to every website as these are more robust then using the + operator because they can't be stripped off.
I've already busted one company (I presume selling) my email address to a cloud provider for them to send me marketing material.
I emailed their privacy officer and didn't even get a reply, but that's OK, if it continues, one sieve rule and I can delete any mail that arrives on that address.
I just hope the spammers don't get so advanced they start forging other web sites addresses, maybe I'll have to move to a hashed and salted version that they can't forge.
I use "-" instead of "+" with a regex: "/^name-.*@mydomain\.tld$/".
Then I block them when I get spam after they get compromised. Many spammers already know to remove anything after the +-sign.
But I must admit that the biggest benefit of this setup, was listening to my girlfriend on the the phone explaining to someone, at some company, the reason that their name was part of the email-address:
"That is because if I get SPAM, I know that I can't trust you."
...
"Just make sure that you don't sell it, or get hacked."
...
"If you are already expecting to get hacked, or sell it... why should I do business with you?"
I do something similar, it's been fun journey of issues over the years.
One company gave me a free version of their paid offering because my email address was me@them.my.domain, which triggered their "is an employee?" check. (I reported it to a friend who worked there, but they didn't prioritize fixing it. Lasted a while.)
Uber tried to make me change my email address because:
> As much as we appreciate your enthusiasm, and value you as a loyal rider, I do need to ask if you could, please, update your email to something that doesn't use "Uber" in it, as that's technically a trademark violation.
> I apologize for any inconvenience that may cause and thank you for your cooperation. If I can help further with making that change to your email, please let me know.
They backed down, but it was pretty amusing to get this email in response to a totally unrelated one.
At least one news website threatened to shut my (expensive) paid account because I was using a "generic" email address, and as such, was likely sharing my credentials.
They insisted I change the email to myname@myname.tld, which was enough in their books to prevent credential sharing.
One minor niggle: I can definitely agree with calling shenanigans if a company doesn't make it clear they have no plans to sell my email address, but honesty about planning to get hacked - from a "this is what we will do" standpoint, but also from a perspective that doesn't flat-out rule out "that will never happen" - is honestly something I would find very refreshing to hear. A lot of environments prioritize mitigating the hypothetical liability risk associated with those kinds of big words rather than communicating that type of boldness that comes across as reassuringly supportive and resilient.
This being said, I wouldn't have minded being a fly on the wall listening to that conversation :P
My own server, since 2001. Regex part since about 2003. It has been very effective, and still is.
The most effective thing back in the day was blocking based on TCP fingerprint, as "Windows XP" was different from "Windows 2003" IIRC (with OpenBSD PF). After that, greylisting gave me a few SPAM-free years, before it became the norm (OpenBSD spamd). Many OpenBSD users had quite a few SPAM-free years back then.
Because spammers know to remove anything after + or - sign, I've set up an arbitrary sequence of letters so gommmm iai + anything I want will root to gommmm@
I've CS question why I used their company email in my email address and it was fun!
Just my personal opinion, but the reason I got a domain to start with was to not be dependent on a specific provider.
Also, it's is far nicer to be able to simply sign up to a website with company@example.com than go generate a random email. Especially if you are on another device.
Using a custom domain is precisely to prevent lockin that you are getting with many of these alias providers. If you don't own the domain then you can't migrate to a different provider.
If you ever migrate away from iCloud, you lose all of those custom addresses. Using even one immediately locks you into iCloud for life. This is a sobering prospect in our age of "one wrong word and we'll ban you from our service."
I use an email like this for our ISP at home -- one time I was asked what the email on the account was. Much easier to remember and dictate something like comcast@surname.com than one of Apple's "Hide my email" emails.
It sounds great in practice, but unless you are using something psuedorandom, then I can already guess you may have a domain at chase@surname.com or facebook@surname.com. It may be convenient but certainly takes away some of the work if someone wants to target you.
No, that’s losing control. Though it’d me nice to have more email providers who support this like Fastmail does (inside their mail client iirc), or even better the way iCloud private mail seems to be doing or duck.com I’ve heard probably does. Though I doubt my provider mailbox.org will even try to do it.
Bad error messages is kind of an institutional problem at Apple. Somehow there’s a push to “simplify” the error process and it invariably means that some part of e pipeline has good error info that is, if you’re lucky, dropped in a log somewhere and just completely swallowed if you’re not. In the UI you’ll just get a generic “something went wrong” or a “translated” error that isn’t bijective at all, or sometimes not even an indication that something went wrong (particularly around ambient operations like syncing). It’s really quite frustrating how often I need to go through a truly awful amount of spelunking just to figure out what a “user friendly” message means, which is pretty much the opposite of user friendliness.
I get user friendliness for non tech-savvy users, but they should definitely have something like "details" that you can expand for power users, especially somewhere like custom domain management/DNS record checker where there are probably power users using it.
Like many, I got bit by the end of legacy free Google Workspace so I've been figuring out my options.
One related issue is how to get email off of Google Workspace. After checking out various options, I've settled on using imapsync (https://github.com/imapsync/imapsync).
Protip for those moving to iCloud+ custom email domains, you HAVE to temporarily set the SPF record to exactly match what Apple wants to see during the initial setup. Else it will complain that setup cannot be completed. You can revert it to whatever you had it set to previously (plus include:icloud.com) once the setup is complete.
FYI for anyone seeking to download all their emails (or any other data stored by Google) they now have a handy tool developed at the behest of the EU: Google Takeout: https://takeout.google.com/
Google Takeout predates GDPR by several years. I'm not sure if there was any other legislation in place in 2011 that required Google to provide something like this. My recollection is that it was not directly related to any actual legislation at the time.
Having to exactly match records -- SPF included -- is one of the grievances outlined in the article. What I should probably have also mentioned is I also reported these using Apple's iCloud feedback form [1], and it might be helpful if others did as well. Unlike Radar / Developer Feedback, Product Feedback doesn't reply back with an ID you can use to track the feedback status :-(
I would say another main issue is that while they ask you to setup DKIM records, they do not actually DKIM-sign your emails. Hence your mails may be more easily flagged as spam. Several people have reported this to Apple, but AFAIK it still hasn’t been fixed.
This sounds bad, does it have practical implications? Have people switched to apple hosted custom domains for email and suffered deliverability problems?
You're right -- this is something I missed mentioning. As of right now, it's still only the web-based iCloud Mail that makes use of DKIM. Using any other client/app will deliver your emails unsigned.
Would you mind if I updated the article crediting you for the DKIM addendum?
Unfortunately not, DKIM doesn't work on either Apple's desktop or iOS/iPadOS Mail.app (aka. Apple Mail). OTOH, at least they set the correct Return-Path unlike some others that leak your Apple ID through the header instead.
I'm optimistic that Apple is working on most of these issues (especially catch-all) right now and this is just representative of their new offering.
Like many things I've seen from Apple it will take a release cycle or two (of 1-2 years per cycle) to bring in this arguably basic functionality - as is tradition we'll groan about other issues being held back in favour of fancy new features.
I have no doubt they intend to fully compete with the email services from Google and Microsoft. Following on from last year we should see VPs taking us through the updates to iCloud+ alongside device launches as it expands into a fundamental service offering.
I would fear that Apple forgets about the feature after a few years and then just drops it. This is not central to their business and Apple trims such things very agressively.
I would always buy a domain-email from somebody who has this as their main business, and I would never couple my email to Apple which could lock me out of my account if they think I "behave suspiciously".
Not with online services, they've at least rebranded if not recoded them a few times. mac.com, MobileMe/me.com, icloud.com. It's true that the market is now much more stable, though.
Anybody on any macOS > Catalina? Can you still delete/select multiple messages in Messages app the way you can do on iPhone? Because I can’t on Catalina.
Do the deleted messages on one device syncs and gets deleted on another? No luck here as well. Support replied saying “they’ve checked and their systems are working fine and they can’t do anything about it more”.
This may not help, but here goes. Deleting SMS messages on one device never gets synced to another device for me. I rarely use iMessage, but I expect SMS to also be handled the same way (since I have SMS forwarding setup and get the same messages on multiple devices, with all of them tied to a single Apple ID).
I'm trying to remember any services that Apple has trimmed, and can't seem to come up with any. I'm sure I'm just not remembering. Do you have examples?
Ping probably shouldn’t have started in the first place, and while I miss the sleek, professional feel of Aperture and its own workflow I’m not sure of any features it had that modern Apple Photos doesn’t have
This happened to me with EndJunk and it was absolutely devastating trying to recover and reset the email address on all of my accounts. Some were straight-up locked out after too many failed password attempts and required email access on the original email address (which I no longer had access to as EndJunk had gone silently under), so I just lost those. Some let me change email addrs if I remembered the password, others required verification at the original and new addr, which again was impossible as EndJunk was just gone.
In fact I am planning to create accounts for my yet to be born children just so that they will be able to have that <fancy short id>@icloud.com. Because like you I also have faith in Apple and I’m pretty sure they would take 10-15 WWDCs stage announcements to get all of these things right unless they deemed these features as “nobody wants it and we know what they want instead”.
> “nobody wants it and we know what they want instead”
I would feel much more comfortable if they said this; it almost gaurantees that the feature in question that nobody wants will be the headline act at the The Apple Event 2025.
Apple reimagining email - catchall email addresses now available in iCloud+ 25 (now works with copy and paste in iCloud+ 26)
> I have no doubt they intend to fully compete with the email services from Google and Microsoft
Both Google and Microsoft's email services are aimed at large enterprise customers. Apple is targeting theirs towards individual end users and their families. They aren't competing in the same space.
I moved my emails to iCloud plus email domains less than a month ago. The import of existing emails was excruciatingly slow. I mean, 1 email per second on average, then failing with some random error halfway down the line (120k emails), even on retries, causing your migration agent to give up.
I spent the better half of a week trying to get it to work, ended up moving to Google Workspace instead.
I reckon some people have an inherent need to keep things inside Apple’s walked garden. I often see it becoming nothing short of an obsession.
For the rest I’d, as someone who gave it a try - almost their entire services suite including TV etc a thorough try, highly recommend to stay out.
Stay out even if they improve it (which I doubt) from its current state i.e. pathetic.
- Apple is a weird company but they are weird because they can afford to be weird in the way they are because they know their fan base (their majority/core users)
- Their software and services have revisions/major updates/upgrades tied with OS versions.
- Even across OS versions they so deliberately don’t add the most essential features and literally “hold back” as if they go completely deaf on user needs
- I believe it stems of a inferior software engineering prowess and a lack of confidence - that “let’s keep it for the next OS release” so that we announce on stage “For the first time in any iOS - you can control two SIMs separately - TrueSIM™ - or named something ridiculously absurd.
- They have repeatedly shown they’re not callous about user needs or feedback but they’re openly hostile to it.
- The “just works” smoke is very much cleared by now and they’re either just too incompetent or stupidly adamant still trying to ride the fan wave of “they know what we want” and fans giddily shoving everything down their own throats claiming as the best whatever Apple churned out. I skew towards the former though.
- Also they do not have real competition with other softwares, more so on iOS and iPadOS, unlike Android (which I develop for but am not a user of) you literally don’t have options of softwares for many basic usage.
- Now one can argue they like it that way - I don’t. They have anyway such a locked down App Store - not letting users choose browser, SMS apps etc is just a poor excuse that they can somehow get away with.
I would just treat them as a device seller and keep my software and services from other competent places. Besides I like my eggs in various baskets.
The last thing I want is my email from a provider which 100% coupled with devices from one manufacturer that is locked down like never before in history and their locking users out puts Google’s famous locking out to shame.
If you believe the things you wrote - weird, institutionally dishonest, hostile to its customers and grossly incompetent why would you buy anything ever from them?
If it's just for custom domain and email, then Infomaniak is yet another choice, on a price to features, unlimited storage (for email) and hosting country (privacy concerns with Apple and US, anyone?!?) ratio solution. I have recently moved my custom domain hosting from a more expensive service, to Infomaniak, and I got the first email address for free (the main from my Google workspace), to which I may add some more, if all works as expected, in the next month or so.
I took a glance at their website. Does it do all the things the original article mentioned? Like setup catchall email, route email to specific addresses (like I have 3 people in my family, Jane, Akbar, Jeff, jeff@mydomain.com goes to him, but everyone@mydomain.com goes to all of us, yet parents@mydomain.com goes to just the 2 parents). I want that, plus it's part of the current hodge podge of email verification standards so it won't be blocked as spam when I send from there.
That's the most valuable feature of goggle mail and domain hosting to me.
Seems like the email service is only available if you buy the domain from them or transfer the domain to them. I couldn’t find how one could use an existing domain that one owns without transferring to them.
Incorrect. One FREE address is only available if moving the domain. Paid emails are available no matter where the domain is registered. Read the https://www.infomaniak.com/en/support/faq/admin2
I use ProtonMail because of their good support for custom domains. Their higher focus on privacy and security is nice, but it has little to do with why I chose them vs competitors. The only downside is you have to use the ProtonMail app or website on mobile, because of the way they do mailbox encryption.
What put me off from ProtonMail was their ridiculous "pay us money for extra domains" charge which makes it obvious to me they are not as honest as I initially thought they were. Allowing me to connect other domains to my one mailbox shouldn't cost them anything beyond the initial costs of developing the code to support multiple domains which they've obviously already done.
That's true for the desktop - they provide an app called the Bridge that logs into your inbox, decrypts the mail and exposes an email service on localhost that you can point your mail client to.
This was something I was hoping to get around with using a separate relay like ImprovMX or Cloudflare's Email Routing -- that'd allow you to have a bunch more assuming you didn't need to use them for outbound emails -- discovering issue #2 in the process. And issue #6, if you did want to use them for outbound emails :-)
I’ve switched from my Gmail domain to CloudFlare + iCloud. Initially, I set MX records and the txt record to iCloud for verification, and then added the CloudFlare MX records at a higher priority. So far, the setup seems to be working well.
With the way that Apple prevents you from reusing Apple IDs, does it mean that if my Apple ID is blah@mydomainname.com and I migrate mydomainname.com (currently using G Suite free) over to iCloud that I can't set up blah@mydomainname.com?
You can. However, if you switch your Apple ID to a different address before you set up both the domain and the blah@mydomainname.com address to route to your account, you won't be able to set up blah@mydomainname.com for any account under your iCloud subscription for a year.
22 years and counting. 99.999% of my spam comes to emails in various leaks.
I get possibly a dozen or so emails a year to catch-alls that I dont recognise as having been given out - its incredibly rare that it is every anything other than someone mistyping my name.
I also get a monumental quantity of spam so not exactly a small sample but still just one example.
I haven't really been analysing my spam thoroughly to be perfectly honest, it is possible this has happened to me and I didn't notice it because the Gmail spam filter caught it.
I do pop in every now and again and don't recall seeing anything akin to what the parent to your post is suggesting (many emails following the same format but to different addresses and I guess names).
tbh I thought it would be a problem when I set up - <trillions of combinations of letters and numbers>@mydomainname.com - thats going to be a lot of email. It turns out that nobody knew I existed so didnt get all that much spam for years. Back then slapping your email on your site / forum footer etc was the way to get on the spam mailing lists.
Then along came web facing databases with no auth defaults, and you can have a billion active, in use email addresses with a living breathing human at the other end (and their username, password and dob) for free.
Back in the 1990s, a spammer who knew example.com existed would bulk e-mail a dictionary of prefixes - andy@example.com, bob@example.com, claire@example.com etc etc in the hopes that some would get through.
As such, a catch-all e-mail address was a sure way to get hundreds of copies of the same spam e-mail. And since most people who wanted a catch-all address were doing it as part of a strategy to get less spam, that was the opposite of what they were aiming for.
Yeah valid complaints but none of them I’ve noticed myself. It works really well for me.
I suspect apple will be producing another subscription model or extension to it to support these features once they’ve proven it in production for a bit.
Another problem that I have is iCloud+ storage limit of 4TB. My family will very soon get very close to this limit with all our photos, videos and other stuff. Is anyone aware of any plans for an increase in near future?
Great resumé. With luck Apple will address these: I’ve been curious about moving my domains from Google and Apple seemed like a good choice for me, but these would be show-stoppers for me as well.
Thanks! Appreciate the feedback, glad I was able to provide some relevant insight.
I'm hoping shining a light on these pain points turns some heads at Apple so we end up with a better service and one more good competitor in the hosted email space -- if you don't mind it being Apple, of course. :-)
After the end of legacy G Suite was announced, I tried using iCloud+ to forward my personal domain to Gmail. However, because iCloud does not seem to support ARC for forwarding, Gmail was sending too much to Spam.
I tried many other mainstream forwarding options and settled on Pobox as the best overall option, and moved my personal domain over. It's working pretty well, flowing to my regular Gmail account and having aliases set up in Gmail.
When I got burned by the legacy G Suite announce, I had similar bad experience with Microsoft 365 for Families. They - for some reason - only support custom domains that were registered/moved to GoDaddy (there is unsupported 3rd party guides on how to bypass checks but anyone with the requirement of stable email reachability will obviously not rely on that). Too bad you find that out after you setup your account, billing, mailbox etc.
My mum's work email address changed and we changed the email address associated with her apple ID. She had no end of tiny bugs pop up - especially in the first couple of weeks after the change.
Apple's systems in general don't seem to cope well with email addresses changing or being deleted. I think lots of software engineers use email addresses as if they're an immutable primary key. This just isn't the case.
The claimed one-year period from deletion to when it becomes available for use as custom domain actually makes me think that it is on purpose. I just don’t understand what that purpose would be. I would think it was a bug if it just wouldn’t let you use an email currently or formerly used as another Apple ID, no matter how long ago.
Could it be that they're trying to make sure that any old online accounts on the old email address isn't able to be hijacked? In most tech workplaces when you leave, your email address is being put in a holding place and not reused - i.e. I never got daniel@ as an email address in any of my companies because there was always a Daniel before me, and once they leave they don't want me to reuse the address because I could reset the password for any of their accounts that had used that email address.. Less likely scenario in families but you could still imagine some family conflicts or falling outs and then someone goes and does bad stuff with accounts? Just a thought.
It's a reasonable policy for Apple-owned Apple IDs on their public domains (@icloud.com, @mac.com, @me.com), but I don't see how it makes sense for privately owned domains you're already in control of the DNS for. You could use any other mail provider or routing service and get access to any emails that way -- then do a password for any other service where the address used was on the domain you were in control of.
My biggest problem with it is I cannot sign up to iCloud+ because I don't have an apple device or a windows pc I could install the iCloud app onto.
I suspect if I was to borrow one trying to use the mail on an android device would be fairly miserable making it not worth it but would be nice to have the option to try without needing to jump through hoops.
Apple designs services to cater to its own hardware, first and foremost. The intent is to get more people to buy Apple hardware. Any apps or services available on other platforms are usually poor efforts from the company (like iCloud or iTunes on Windows or Apple Music on Android).
With Apple focusing more on growing its services business to compensate for any saturation in the hardware market space, there’s some chance that the situation might improve for other platforms (but those would be Windows and Android, not Linux). But Apple already has about a 70% profit margin on its services. So it’s unlikely that other platforms will be prioritized in the next few years (it’s not in Apple’s DNA).
+1 Been with Migadu since 2017 with no complaints. Lost some mails on an account due to a migration of sorts on their end though that was eventually restored after a ticket.
Fastmail is not a good replacement for family needs because it’s quite expensive at one mailbox per person. Those who need multiple mailboxes should look at other options.
What are they supposed to do when their own government has a warrant? Ignore it and let the government shut down the whole site? This way they followed it without breaking anyones encryption, no back door, … this is a positive aspect in my view.
I jumped onto iCloud emails as soon as it became available this past fall and immediately ran into #6. I set up test email accounts in my iCloud account including my wife's just to see if it would work - Evidently that was a mistake because when I removed then attempted to reregister her email under her iCloud account (same "Family") it blocked her with the same opaque error message mentioned. I reached out to Apple support and after going back and forth for 1-2 months, they finally said it was "by design." Because my iCloud account first set up her email address (then subsequently removed it) it was permanently tied to my iCloud account even though we were in the same family. The support rep said there was nothing more that could be done other than moving to another email provider.
tl;dr; Emails can only ever be registered with one iCloud account ever, even in the same Apple family
I switched my domain to iCloud+ the first day it was offered. It took over an hour to get working, but I am happy enough with the service. I did switch to using Apple’s e-mail client apps for iOS, iPadOS, and macOS.
Like using all e-mail services, I make periodic local backups in case I ever want to switch my domain to another service.
I know this is an old thread, and I don't use catch-all addresses (well I did back in the wild-west of the web, but we're talking over 20 years ago), however it's funny to see how many people are like "Gmail spam filter caught it" or "several domains with Google workspace and had no problems". I've used other email systems; which for example, use SpamAssassin; and the amount of shit that comes through. So yes, catch-all is all the rage, if you're using Google, however if you're not, expect a bunch of spam, right? I hear more and more people wanting to getting off the "G" ecosystem, so I guess it'll be different responses to this in the near future.
iCloud+ seemed like a great value proposition for people migrating from Workspace, but there are quite a few hangups. Seems like Microsoft hits a good middle ground.
Completely off topic, but why do people think having a sticky header indicating how far "through" an article is, is worth disrupting the content for?
Valid point -- sorry the header is getting in your way. Out of the available theme for Ghost I found this one taking away the least from the actual content - I'll look into getting rid of the header bar as traffic subdues not to break anything now :-)
Microsoft does hit a great middle ground -- but there's still far too little players IMO. Would enjoy if we also had Apple as a contender -- especially if they'll remain as big on their service businesses as they claim.
We just went down the rabbit hole of trying to migrate to Microsoft 365 Family with custom domain. You (officially) need to move your domain to GoDaddy, which was unfortunately a blocker for us as they don’t support our domains TLD.
From what I read DKIM also isn’t offered on Family which is disappointing. Business plans get expensive quickly when you want Office apps as well.
I found some info on setting up DNS for other providers, but it isn’t officially supported and for something as important as email I don’t want them randomly breaking it one day, which they could since they expect all customers to be configured through their API integration with GoGaddy. No need to advise in advance of MX host changes etc when it’s supposed to be entirely managed by them.
I understand their target demographic here might not be super technical, so the deep integration with godaddy makes sense, but would be nice for a supported advanced user pathway too.
OP, not that this may yield any quick results, but this post should be emailed to Eddy Cue (cue@), the SVP of services, and Tim Cook (tcook@) at Apple. Some of the emails sent to them do get responses.
I'm surprised Apple supports custom email domains to any extent. Apple is a consumer electronics company. Hosted email on custom domains is very distinctly not a typical consumer behavior.
It fits in great with the privacy narrative Apple has been pushing for and marketing for a while now. With their announcement of focusing on services, I think it makes perfect sense. Definitely not an easy problem for them to tackle, especially with what must be decades of legacy systems and various relays (Mac.com, Me.com, iCloud.com, ...).
For as long as iCloud existed, people have been clamoring for custom domains. I think it might have been possible back in the iTools or MobileMe days? Maybe I'm mis-remembering.
Me, I've experimented with migrating some of my domains from self-hosted to iCloud+, simply for the ease of management and reducing the headache from SPF, DKIM, DMARC, etc. It turns out I have a spurious DNS record that was causing all my headaches, which I had forgotten to remove from older experiments, and I didn't need to migrate to solve this.
In either case, it's a nice convenience feature. Despite the trend, and the HN-think, Apple DOES do things for power-users sometimes.
I suspect it is because Google suite threatens Apple’s office web offering.
Offering custom domains for personal can link up to office documents and this can make its way into business use.
For small businesses already standardizing on Mac hardware, it’s natural they should want to get the privacy and in-ecosystem utility of an apple version of Gsuite.
They have been moving to services, but all of their other services are distinctly mass consumer oriented; e.g. TV+, Music streaming, Fitness+ videos, Arcade, News+, iCloud photo backup, Card
I was irrationally hoping Apple would offer a service that allowed for custom domains with accounts outside the family group. E.g. so I could let my extended family enjoy the benefits of our custom domain, but also have them manage their own billing direct with Apple.
I'm just going to switch over to Fastmail (currently on an end-of-life'd gsuite setup).
Hey Email looks to have some great features, but at $12/user/month it's more expensive than Exchange Online or Google Workspace, which means it's more a choice about whether a user values Hey's nifty features (and they do look nifty) than an easy option for email domain hosting vs the OP's issues with iCloud+.
For my family's email needs, $12/user/month is a bit of a non-starter given the competition.
I've already busted one company (I presume selling) my email address to a cloud provider for them to send me marketing material.
I emailed their privacy officer and didn't even get a reply, but that's OK, if it continues, one sieve rule and I can delete any mail that arrives on that address.
I just hope the spammers don't get so advanced they start forging other web sites addresses, maybe I'll have to move to a hashed and salted version that they can't forge.