Home / server / Questions / 1084643
Accepted
Synchro
Asked: 2021-11-27 00:44:02 +0800 CST

What are the IP ranges of Apple's privacy protection proxies?

  • 772

Apple introduced privacy protection measures in macOS Monterey and iOS 15 which use a network of randomly assigned IPs to act as proxies when loading (amongst other things) email content. Does anyone know, or know how I can find out, what the network ranges of these services are?

networking proxy privacy apple

1 Answers

  1. Best Answer

    When Apple users allow the settings

    • Maintain General Location allows sites to show you localized content in Safari, while your IP address stays hidden
    • Use Country and Time Zone uses a broader location for your IP address, still within your country and time zone

    Apple currently publishes the IP-address ranges they use (for the purpose of populating Geo-IP databases) on their API here:

    https://mask-api.icloud.com/egress-ip-ranges.csv

    (Source: https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay)

    To prevent users in your network from using Apple's privacy protection proxies Apple does not publish the IP-address ranges in use (as far as I know) and instead they recommend:

    The fastest and most reliable way to alert users is to return either a "no error no answer" response or an NXDOMAIN response from your network’s DNS resolver, preventing DNS resolution for the following hostnames used by Private Relay traffic.

    and block in your DNS

    • mask.icloud.com
    • mask-h2.icloud.com
    • 2