Email to DNS TXT contact DCV method
For the Email to DNS TXT Contact DCV method, an authorization email is sent to the email addresses found in the DNS TXT record on the _validation-contactemail
subdomain of the domain to be validated.
To use the Email to DNS TXT Contact DCV method, you place the DNS TXT record on the _validation-contactemail
subdomain of the domain you want to validate. The value of this text record can be one or more valid email addresses.
How to set up your Email to DNS TXT contact record
For this tutorial we'll be using AWS Route 53 to add a new TXT record for our fastssl.com domain. The principles will be the same for all DNS management systems.
- From the the AWS management console go to Route 53 > Hosted Zones > fastssl.com
- Select Create Record
-
From the Create Quick Record form type
_validation-contactemail
into the Record name box. Be sure to include the leading underscore. Select Record type TXT and then enter one or more valid email addresses in the Value box. The emails can be ANY valid email and do not have to be @ the domain you're creating the DNS record for. When you're done, click Create records.
- Now we have a new TXT record with our emails set to the subdomain of _validation-contactemail.fastssl.com.
Verify your new DNS TXT record is live
Once you've gotten your new TXT setup at your DNS management console, you'll want to see if the world sees it. One way to check is via Google Admin Toolbox DIG .
Selecting the Email to DNS Contact DCV method at order time
The Email to DNS TXT Contact DCV method is a subset of the DCV by Email Verification method where allowed email addresses can come from three resources:
- The WHOIS record for the domain (unreliable).
- Generic constructed emails (e.g., postmater@mydomain.com)
- Emails from a DNS TXT record at the
_validation-contactemail.mydomain.com
(preferred).
When placing a new, renewal or reissue request choose Email Verification as your Domain Control Validation (DCV) method.
When you submit the order, multiple DCV approval emails will be sent instantly to any emails in the domain's WHOIS record, all five of the generic emails, and any emails pulled from the DNS TXT record for _validation-contactemail.fastssl.com.
Choosing and changing the DCV method
You choose the initial DCV method when placing an SSL/TLS order. You can change the current DCV method - for example, from Email Verification to DNS CNAME - at any time by clicking the button for any domain on the order that is not approved.
Additional Resources
- What is Domain Control Validation?
- GeoTrust & DigiCert Email to DNS TXT Contacts DCV method documentation .