Not really. You could allow private.icloud.com only if they're using Apple's SSO. If someone tries to create an account not using Apple's SSO, then you don't allow private.icloud.com email addresses.