iCloud / Apple Mail
Apple requires an app-specific password for any third-party app that needs to send mail through iCloud. Your regular Apple ID password will not work, even if you don’t have 2FA on consciously — Apple effectively requires 2FA across the board now.
1. Make Sure Two-Factor Authentication Is On
iCloud doesn’t allow App-Specific Passwords unless Two-Factor Authentication is on for your Apple Account.
If you haven’t already, on any signed-in Apple device:
- iOS / iPadOS: Settings → tap your name → Sign-In & Security → Two-Factor Authentication → turn it on.
- macOS: System Settings → tap your name → Sign-In & Security → Two-Factor Authentication → turn it on.
Don’t disable 2FA after you’ve generated App-Specific Passwords. Turning 2FA off revokes every App-Specific Password you’ve ever created. Existing SMTP connections will start failing.
2. Generate an App-Specific Password
- Sign in at account.apple.com.
- In the left sidebar (or Sign-In and Security section), select App-Specific Passwords.
- Click Generate an app-specific password (or the “+” icon).
- Enter a label such as
XenoceptorXenocept Desktop. Apple shows this label in the future so you can revoke just this password without affecting other apps. - Click Create. Apple shows the generated password — a 16-character value with hyphens like
abcd-efgh-ijkl-mnop. - Copy it immediately. Apple won’t show it again.
3. Configure the Email Destination in Xenocept
Open the Xenocept Settings UI → Destinations → New Destination → Email. Fill in:
| Field | Value |
|---|---|
| SMTP Host | smtp.mail.me.com |
| SMTP Port | 587 |
| Security | STARTTLS |
| Username | Your full iCloud Mail address (e.g. [email protected]). Don’t strip the domain — you alone won’t authenticate. |
| Password | The App-Specific Password from step 2. Include the hyphens; Apple’s prompt shows it that way. |
| From | Same as Username |
| To | Where you want sessions delivered |
Save the destination and submit a test session.
Custom domains via iCloud Mail. If you use iCloud’s custom-domain feature, the Username is still your full iCloud-managed address. The From can be your custom-domain address if you’ve verified the domain in iCloud — but authentication is always against your iCloud login.
Revoking Access
If you ever want to disconnect Xenocept from your iCloud account:
- Return to account.apple.com → App-Specific Passwords.
- Find the entry labeled
Xenocept(or whatever you named it). - Click the Revoke or trash icon next to that entry.
That single password becomes invalid immediately; your other app-specific passwords keep working.
Common Issues
- “Authentication failed.” You used your regular Apple ID password instead of the app-specific password. Generate one and use it.
- “User has no permission to send mail through this server.” Some new iCloud accounts have a brief warm-up period during which SMTP sending is throttled or blocked. Wait a few hours and try again. If it persists, contact Apple Support.
- Two-factor was turned off. Re-enable 2FA and generate a fresh app-specific password.