Domain Control Validation by Email Verification Method

With this DCV validation method, the CA (GeoTrust, DigiCert, etc.) sends emails associated with the domain to the public WHOIS contacts, and a set of generic administrative email addresses (admin@, administrator@, hostmaster@, webmaster@, and postmaster@) with a link for you to verify that you "own" the domain and approve the pending certificate request. 

Approved Email Addresses

When you place an SSL order and select Email Verification as the preferred DCV method, emails are immediately sent to a set of approved email addresses that are pulled in real time from 3 approved sources.

1. WHOIS contacts emails

Any WHOIS contact emails that are publicly viewable for the domain(s) in the certificate request. The emails can come from the registrant, admin, or tech contacts in a domain's WHOIS record. WHOIS records are mostly private, redacted, or otherwise hidden from public view since the GDRP privacy laws went into effect. This is a very unreliable source for completing SSL domain control validation.

2. DNS TXT emails

Any emails in the DNS record for _validation-contactemail.[example.com]. Learn how to set up the Email to DNS TXT Contact DCV method.

3. Constructed Emails

Certificate Authorities (CAs) are allowed to send DCV verification emails to a set of 5 constructed, or generic, administrative email addresses. These addresses are constructed by joining together each of admin@, administrator@, hostmaster@, webmaster@, and postmaster@ to the domain(s) in the certificate request.

Suppose that you order a certificate for widgets.co.uk. Immediately after submitting your SSL order, emails are dispatched to admin@widgets.co.uk, administrator@widgets.co.uk, hostmaster@widgets.co.uk, webmaster@widgets.co.uk, and postmaster@widgets.co.uk.

Changing and Re-sending DCV Emails

You can re-send the approved set of DCV emails. Just login to your account and select the domain name you want where you need the emails re-sent. 

Testing your email server

Setting Up Email Aliases and Forwarding

It's perfectly fine to set up an email alias that forwards to your regular email address. For example, you can configure an email alias hostmaster@example.com to forward to jane.doe@example.com. As long as you can respond to the link in the DCV verification email it doesn't matter how it makes its way to you.

Please contact our support team if you have any additional problems or questions.

Oct 30, 2018 Scott Rogers