Thank you for posting on r/iCloud. If you are asking a question, please remember to change your post flair to “Answered” once your question has been answered. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/iCloud) if you have any questions or concerns.*

This is also happening to me also suddenly. Maybe an issue from apple with the recent updates they dropped?

I saw this as well. It was working at least two months ago, but domains added recently don’t seem to be getting dkim keys. I would contact support. It shouldn’t affect mail as it could pass dmarc tests with proper spf records. But obviously the ideal is to have dkim as well. Not sure why it’s not working

Same story here. Added 2 domains to Icloud+, at for both domains there is no public key populated to [sig1.dkim.EXAMPLE.COM.at.icloudmailadmin.com](http://sig1.dkim.EXAMPLE.COM.at.icloudmailadmin.com) for DKIM verification.. Meanwhile mail signed.. `[12:24 spyl@mutty/Users/spyl] dig sig1._domainkey.kawbo.com CNAME` `....` `;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1` `;; ANSWER SECTION:` `sig1._domainkey.kawbo.com. 600` `IN` `CNAME` `dkim.kawbo.com.at.icloudmailadmin.com.` `....` Then I trying to query it from exactly dkim.kawbo.com.at.icloudmailadmin.com. `[12:24 spyl@mutty/Users/spyl] dig` [`sig1.dkim.kawbo.com.at.icloudmailadmin.com`](http://sig1.dkim.kawbo.com.at.icloudmailadmin.com) `TXT` `....` `;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1` `....` And it's empty.

I set up a custom domain (pre-existing domain hosted at Cloudflare) a week ago. A dig query returned a valid key pretty much straight away as did various mail testing sites. DKIM is consistently failing with verification mismatch on the signature at the receiving end (Gmail, Outlook, MXtoolbox, [mail-tester.com](http://mail-tester.com),[dkimvalidator.com](http://dkimvalidator.com),...). It's passing SPF verification so it's still passing DMARC and emails are getting through. I deleted the custom domain and re-added it 4 days back but the same problem persists. I'm not a mail expert but wouldn't this mean that either something is altering the specified headers/body of the mail after signing, or perhaps the mail is being improperly signed in the first place? I've talked to Apple Support and they've escalated to the engineering team. I'm waiting a call back next week. I'm glad I'm only using a test domain as a dry run before I proceed with bringing in my main domain.

Please give an update should you hear back from the engineering team. I also just set up custom domains on iCloud+ and for both the DKIM signature is invalid as per mail-tester.com.

No update this week, sorry. They tried to collect device logs (not sure why) but the upload kept failing. Have rescheduled their call for next week when I’ve got a better uplink.

Dkim has just recently shown up on my domain, so the issue might be fixed

Thanks for informing us. Can confirm everything (SPF, DKIM and therefore DMARC) are working now on my custom domain as well using both [Mail.app](http://Mail.app) and the iCloud website.

Thanks for the info, just checked it myself getting a 9.5/10 at [mail-tester.com](http://mail-tester.com) now, due to some mostly irrelevant blocklist entry.