[mortenjorck]

> Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.

Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?

[w10-1]

Before, the emails were "me@icloud.com", the default for all apple users. There was no way to distinguish normal emails from generated private emails.

Now, they will be "blah@private.icloud.com", so it will be easy to ban the generated/private email that reduces the ability to associate logins across services.

Unclear why Apple would shoot themselves in this way; I hope it's not Ternus complying with anti-privacy.

[utilize1808]

maybe to avoid getting their legitimate email servers banned by other servers since they host (i.e. being exploited) a growing number of spam accounts.

[SXX]

You cant send mail from Hide My Email aliases. They are only work one way.

[nielsbot]

You can send from Hide My Email addresses:

https://support.apple.com/guide/icloud/use-hide-my-email-in-...

I think I've also seen this in Mail.app but that's not shown on this page.

[SXX]

Wow my bad I wasnt aware its possible. I remember someone in HN comments complaining about it being one way only back in 2024.

UPD: apperently this supposedly only work if someone message you first. So you still cant spam from aliases.

[mortenjorck]

I see – somehow the Apple UI for this gave me the mistaken impression that privaterelay.appleid.com was the domain used by the alias, but I see now that it was always just icloud.com.

[snowe2010]

But it’s not? Like if they block that subdomain, they will completely block Sign in with Apple.

[pokstad]

You can use Hide My Email independently from Sign in with Apple.

[snowe2010]

I know that, but in doing so you prevent yourself from ever using Sign in with Apple

[reaperducer]

Now, they will be "blah@private.icloud.com"

I've been in the ecosystem long enough to have .iCloud.com, .me, .mobileme.com, iTunes.com, and probably one or two more addresses all assigned by various Apple services over the years before they started unifying the systems.

They all work, and independently of one another.

I wonder if all the domains will be migrated, and how namespace collisions will be handled.

[SXX]

Apple stated legacy aliases will work as is:

> Existing addresses on the legacy domains will continue to work and forward mail to users without interruption.

[gobip]

Apple was generating (something)@icloud.com whenever you used that service. Now, it will use (something)@private.icloud.com instead. So you can ban this subdomain instantly, knowing people will be "hiding" with this service by default.

It's like blocking anondaddy, simplelogin etc but not protonmail.

[BoorishBears]

I guess their thought process is, both alias and non-alias accounts use @icloud.com

You were always able to reserve a normal icloud email address just like you would a GMail account, so banning all icloud email addresses would be banning non-alias Apple customers

That being said, I'm not convinced anyone who wanted to ban aliases couldn't have already. The alias emails look weird enough I'm guessing you could ban them with few false positives.

[SXX]

> The alias emails look weird enough I'm guessing you could ban them with few false positives.

While this is true not all of them been weird. Some can be just word + number + word without dots or underscores.

Also blanket banning whole domains is just much easier and already done for temporary emails. No false positives.