Skip to main content

Validate domains using email validation methods

WHOIS-based DCV email methods

On May 8, 2025, DigiCert ended support for WHOIS-based DCV email methods. DigiCert no longer queries WHOIS to find email addresses for domain validation. To continue using email validation, use the DNS TXT record contact, DNS CAA record contact, or constructed email addresses method. Learn more about the end of life for WHOIS-based DCV methods.

Use email validation when domain contacts receive authorization messages at approved email addresses associated with the domain. DigiCert sends an authorization email and the recipient must follow the instructions in the message to complete validation.

Using email-based DCV methods involves two steps:

  • Set up the email contact one time.

  • The email recipient responds to the confirmation email to demonstrate control over the domain.

Important

Email-based DCV methods are the most vulnerable to future industry changes defined in the TLS certificate baseline requirements. When industry requirements change, you must switch to another DCV method. The industry ended support for the WHOIS-based DCV email method in May 2025 as one example of this risk.

DigiCert supports three email-based domain control validation methods. When validating a domain using any of these methods, select the Verification email DCV method in CertCentral.

  • Add and validate a domain using email to DNS TXT record contact

  • Add and validate a domain using email to DNS CAA record contact

  • Add and validate a domain using constructed email addresses

Before you begin

Before using email validation, confirm the following:

  • A valid MX record exists for the recipient domain

  • You have at least one organization in your CertCentral account. For OV, EV, Private TLS/SSL, and Secure Email certificates, the organization must be submitted for organization validation before you add the domain

  • The email allowlist is configured to receive messages from digitalcertvalidation.com. DigiCert sends all DCV confirmation emails from no -reply@digitalcertvalidation.com.

  • The recipient can access the authorization message and follow the validation instructions

  • Use a monitored distribution list rather than a personal email address.

    Why?

    A distribution list allows you to create a non-expiring email address to which you can add or remove people as needed. This ensures the authorization message is never missed due to staff changes.

Related topics

Domain validation requirements and reuse periods for details on validation reuse rules for each certificate type

In questa sezione: