Buy
Shop SSL Now
Renew
Renew SSL
Try
Free Trial SSL
Support Desk
Domain Control Validation by Email Verification Method
With this DCV validation method, the CA (GeoTrust, DigiCert, etc.) sends emails associated with the domain to the public WHOIS contacts and a set of generic administrative email addresses (admin@, administrator@, hostmaster@, webmaster@, and postmaster@) with a link for you to verify that you “own” the domain and approve the pending certificate request.
Approved Email Addresses
When you place an SSL order and select Email Verification as the preferred DCV method, emails are instantly sent to a set of approved email addresses pulled in real-time from 3 approved sources.
1. WHOIS contacts emails
Any WHOIS contact emails publicly viewable for the domain(s) in the certificate request. The emails can come from the registrant, admin, or tech contacts in a domain’s WHOIS record. WHOIS records are largely private, redacted, or otherwise hidden from public view since the GDRP privacy laws went into effect. WHOIS emails are an unreliable source for completing SSL domain control validation.
Are you expecting to receive an email at an address published in your domain’s WHOIS record?
Verify that your domain registrar or WHOIS provider has not masked, cloaked, or removed that information from public view. If the information is masked, find out if they provide a way (such as anonymized email address, web form) for you to allow Certificate Authorities (CAs) to access your domain’s WHOIS data.
Verify that your domain registrar or WHOIS provider has not masked, cloaked, or removed that information from public view. If the information is masked, find out if they provide a way (such as anonymized email address, web form) for you to allow Certificate Authorities (CAs) to access your domain’s WHOIS data.
2. DNS TXT emails
Any emails in the DNS record for _validation-contactemail.[example.com]. Learn how to set up the Email to DNS TXT Contact DCV method.
3. Constructed Emails
Certificate Authorities (CAs) are permitted to send DCV verification emails to a set of 5 constructed or generic administrative email addresses. These addresses are constructed by joining together admin@, administrator@, hostmaster@, webmaster@, and postmaster@ to the domain(s) in the certificate request.
Suppose that you order a certificate for widgets.co.uk. Immediately after submitting your SSL order, emails are sent to admin@widgets.co.uk, administrator@widgets.co.uk, hostmaster@widgets.co.uk, webmaster@widgets.co.uk, and postmaster@widgets.co.uk.
Changing and Re-sending DCV Emails
You can re-send the approved set of DCV emails. Just login to your account and select the domain name you want where you need the emails re-sent.
Setting Up Email Aliases and Forwarding
It's perfectly fine to set up an email alias that forwards to your regular email address. For example, you can configure an emailIt’sas hostmaster@example.com to forward to jane.doe@example.com. As long as you can respond to the link in the DCV verification email it doesn't matter how it makes its way to you.
Testing your email server
- This email verification tool connects to the mail server adoesn’tks whether the mailbox exists or not.
Choosing and changing the DCV method
You choose the initial DCV method when placing an SSL/TLS order. You can change the current DCV method - for example, from Email Verification to DNS CNAME - at any time by clicking the button for any domain on the order that is not approved.
Additional Resources
- What is Domain Control Validation?
- GeoTrust & DigiCert DCV methods documentation .
- Sectigo & PositiveSSL Domain Control Validation DCV methods documentation .
Please contact our support team if you have any additional problems or questions.