Hi there, I have been using deSEC for some time now as a handy way to access services on my home server behind a reverse proxy but I ran into an issue today when I decided to start using iCloud as a custom email domain.
Make a subdomain then use that for the CNAME.
However maybe that would make the iCloud custom email domain be the subdomain, not sure how iCloud works.
The CNAME for DKIM must be set on the sig1._domainkey subdomain. For reference, see
Setting a CNAME for that host/subdomain does not change the values for any other subdomain covered by the wildcard. The wildcard covers all subdomains that do not exist explicitly or implicitly through other records. You can have a CNAME for * and a different CNAME for a specific subdomain. The CNAME for sig1._domainkey overrides the wildcard CNAME only for that subdomain.
You can’t set multiple CNAMEs on the same hostname, but you can set one on the wildcard * hostname and a different one on a different hostname (sig1._domainkey in this case). The second configuration is correct, just add a * CNAME back for your self-hosted services.