Domain validation with custom email address

Domain verification is a part of the verification process of each TLS-certificate. You can make this process easier for you by setting your own email address in DNS of the verified domain. This way you can easily perform the email verification for domains that don’t have any mail.

By default, the validation email is sent to the admin, administrator, hostmaster, postmaster, and webmaster mailboxes on the verified domain (whether they exist or not). Such a mailbox may not always be available, just as a domain may not have mail at all.

Another problem for the email vetting is the GDPR anonymisation due to which the majority of addresses in the domain registers have vanished and you cannot use them anymore. But you have an option to set any email address to the domain on your own.

You can add your own email address to the TXT records of the verified domain and use that address for validation. The new feature extends domain validation by email (DCV) with any email you define in your domain's DNS.

For the validated domain, create the subdomain _validation-contactemail in the TXT records and use the email address you want to use for validation as its destination. The record in the DNS zone looks like this:

_validation-contactemail.domain.com IN TXT joe@gmail.com

After extending the DNS record, DigiCert loads the email address and sends there the DCV approver for the verified domain (as well as to the 5 standard addresses).