Apple Unifies Sign in with Apple and iCloud+ Hide My Email Under New Domain: private.icloud.com

Apple Is Consolidating Its Private Email Domains Under private.icloud.com

Apple has announced a significant change to the way it handles privacy-focused email addresses for two of its most widely used features: Sign in with Apple and iCloud+ Hide My Email. Later this summer, Apple will unify both features under a single, shared email domain — private.icloud.com. This move simplifies Apple's email relay infrastructure and has important implications for developers, businesses, and email service providers who interact with Apple's private email relay system.

If you run a website, app, or email platform that interacts with Apple user addresses, this is a change you cannot afford to ignore. Here is a comprehensive breakdown of what is changing, why it matters, and what steps you need to take before the new domain goes live.

What Is Changing and Why It Matters

Apple currently issues private relay email addresses across two separate domains depending on which feature a user is taking advantage of. Sign in with Apple generates addresses on privaterelay.appleid.com, while iCloud+ Hide My Email generates addresses on icloud.com. Although both features serve a similar privacy purpose — masking a user's real email address — they have historically operated under different domains, which has sometimes caused confusion for developers and email administrators managing allowlists and routing rules.

Starting this summer, all newly generated addresses for both features will be issued on the new unified domain: private.icloud.com. This means that when a user signs up for a service using Sign in with Apple or creates a new Hide My Email alias, the address they receive will now end in @private.icloud.com rather than the previous domain variations.

The consolidation under a single domain is a logical step forward for Apple's privacy ecosystem. It creates a cleaner, more consistent identity for Apple's private relay addresses and reduces the fragmentation that developers and email providers have had to account for. It also signals Apple's long-term commitment to positioning iCloud as the central hub for its privacy-related services.

What Happens to Existing Email Addresses?

One of the most reassuring aspects of this announcement is that existing addresses will not be disrupted. Any private relay address already issued on privaterelay.appleid.com or icloud.com will continue to work exactly as before. Apple has confirmed that these legacy domain addresses will continue to forward mail to users without any interruption.

This means that if your users signed up for your service using Sign in with Apple before the domain change, their existing relay addresses will remain valid. You do not need to ask them to re-register or update their contact information. However, any new users who sign in with Apple or generate a Hide My Email alias after the change goes into effect will receive an address on the new private.icloud.com domain.

This is precisely why proactive action on the part of developers and email service providers is critical. Failing to account for the new domain could mean new users are blocked, filtered, or unable to receive transactional emails from your platform.

What Developers Need to Do Right Now

If you have built an app or website that integrates Sign in with Apple, you need to audit your account system and email handling logic as soon as possible. Specifically, there are several key areas to review and update before the new domain rolls out.

• Email validation logic: Many systems use regex patterns or domain whitelists to validate email addresses during registration. If your validation logic does not recognize private.icloud.com as a valid domain, new Sign in with Apple users could be blocked from creating accounts entirely. Update your validation rules to accept addresses on this new domain alongside the existing ones.
• Allowlists and accepted domain lists: If your platform maintains an explicit list of accepted or trusted email domains, add private.icloud.com to that list now. Keeping only privaterelay.appleid.com and icloud.com on your allowlist will cause new users to fall through the cracks.
• Account systems and deduplication logic: Some systems try to detect duplicate accounts by domain patterns. Ensure that your deduplication or fraud-detection logic treats private.icloud.com addresses the same way it currently treats the legacy Apple relay domains — as legitimate, privacy-preserving email addresses and not as suspicious or disposable ones.
• Communication templates and documentation: If your internal documentation or developer guides reference Apple's relay domains explicitly, update those references to include the new domain so your team is aligned going forward.

What Email Service Providers Need to Do

Email service providers (ESPs) and deliverability platforms also have a responsibility to update their infrastructure ahead of this change. Apple's private relay domains are commonly referenced in domain-based filtering rules, suppression lists, and routing configurations — and the arrival of a new domain means those configurations need to be refreshed.

• Domain-based filtering rules: If your ESP applies specific filtering behavior to known Apple relay domains — such as skipping certain engagement tracking or adjusting deliverability scoring — extend those same rules to cover private.icloud.com.
• Suppression list logic: Some suppression systems flag relay domains differently from standard email domains. Review your suppression logic to ensure private.icloud.com is treated consistently with the existing Apple relay domains.
• Routing rules: Any routing rules that explicitly enumerate Apple relay domains should be updated to include the new domain. Missing this step could result in misrouted or undelivered messages for users with new-format Apple relay addresses.

The Bigger Picture: Apple's Privacy Strategy

This domain consolidation is part of a broader, ongoing effort by Apple to make its privacy tools more coherent and user-friendly. Sign in with Apple and Hide My Email are two pillars of Apple's privacy-first approach to identity and communication on the internet. By unifying them under private.icloud.com, Apple is reinforcing the iCloud brand as the home of its privacy services while also simplifying the technical landscape for everyone involved.

For end users, the change is largely invisible — their privacy protections remain intact, and their existing addresses keep working. For the developers and platforms that serve those users, however, this is a meaningful infrastructure update that requires deliberate action. The good news is that the required steps are straightforward and well within reach before the summer rollout.

Key Takeaways

• Apple is unifying Sign in with Apple and iCloud+ Hide My Email addresses under the new domain private.icloud.com starting later this summer.
• All newly generated relay addresses will use the new domain; existing addresses on legacy domains will continue to work without interruption.
• Developers must update email validation logic, allowlists, and account systems to accept addresses on private.icloud.com.
• Email service providers must update filtering rules, suppression lists, and routing configurations to include the new domain.
• Taking action now ensures a seamless experience for new users signing up via Sign in with Apple after the change goes live.

Apple's shift to private.icloud.com is a clean and forward-thinking change. By preparing your systems ahead of the rollout, you protect your users' experience, maintain your platform's deliverability, and stay aligned with Apple's evolving privacy infrastructure. Do not wait until the change is live — review your systems today.