Following the recent discovery of vulnerabilities in the WHOIS system, WHOIS-based domain validation via email addresses is no longer considered a secure method for verifying domain ownership. The CA/Browser Forum (CABF) is set to pass a ballot that will make WHOIS-listed email addresses unacceptable for domain validation.

Effective dates differ per Certificate Authority (CA):

May 8, 2025 - DigiCert will no longer accept automated WHOIS-based domain validations referrals for new domain validations. It will, however, still accept WHOIS protocol-based DCV and finally, in July 2025,- DigiCert will no longer allow the reuse of existing WHOIS-based domain validations of any kind, regardless of the time left in a reuse period.

June 15, 2025 - Sectigo will no longer support WHOIS-based email DCV and will invalidate any pre-existing DCV records. This means no certificates can be issued or re-issued using this unsupported methods.

If a method other than WHOIS web-based lookups was used to validate your domain— for example, DNS TXT records, file validation, or pre-constructed email (e.g., administrator@domain.com) verification — then this has no impact on you or your certificates. 

If you used a WHOIS-listed email address to validate your domain when getting an SSL Certificate, you’ll need to change validation methods when requesting a new certificate. This is true even for customers who are within the allowed prior reuse period.

The easiest method for most customers will be to use one of the pre-constructed or pre-approved validation email addresses:

  • admin@yourdomain.com
  • administrator@yourdomain.com
  • webmaster@yourdomain.com
  • hostmaster@yourdomain.com
  • postmaster@yourdomain.com

Alternative methods of domain control validation include file and DNS-based validation methods:

  • DigiCert only - DNS TXT records
  • Sectigo only - DNS CNAME (canonical name) records that link an alias to one or more other domains
  • HTTP file authentication

To find further information on alternative DCV methods, you can explore our other KnowledgeBase articles.