FAQ/HowThePingTestWorks

How the ping test works

The CAcert system uses two methods to build the list of possible email addresses for sending the ping test mail for the domain verifications:

Build the Email address list

Whois email address lookup
- Whois Lookup of email addresses searches the whois database for possible email addresses of registrant, tech-c and admin-c. If multiple Email addresses exists, it will be unified
defaul set of email alias + testdomain
- To the results of the Whois Lookup email address list, additional 5 default alias names at test domain will be added. The default alias names are:
  - root
  - hostmaster
  - postmaster
  - admin
  - webmaster

 Sample:  testdomain.tld

 Whois testdomain.tld
   will result in:   administrator@provider.tld

 So the resulting list to send ping test mails to will be:

  * administrator@provider.tld  -> address from the Whois lookup
  * root@testdomain.tld         -> 1st default alias
  * hostmaster@testdomain.tld   -> 2nd default alias 
  * postmaster@testdomain.tld   -> 3rd default alias
  * admin@testdomain.tld        -> 4th default alias
  * webmaster@testdomain.tld    -> 5th default alias

Users selection of one Email address to send the test ping email to

At least one of above email addresses _must_ be activated to succeed on the email ping test and to verify a domain. This means: an internet gateways MTA (MX record or A record for the domain) has to accept the delivery of a test ping email for the selected email alias (at least postmaster@ has to be in a good working order and active by internet RFC's).

The user now has to select one of these addresses build from the system, he will use for the CAcert system to send the test ping email to.

Additional Infos

Additional notes can be found under CPS 4.2.2 Verifying Control - Domain Control
I cannot add my domain name to CAcert (No Domain Name)

Typical configuration problems on the receivers side

I did not receive the confirmation email

Does your domain has an MX record defined?
Does this MX record point to the correct smtp receiving server defined?
Do you have greylisting enabled on your MX server?
- retry sending email about 2-5 minutes later, dependent on the retry interval set on your gateway server
Is your enabled greylisting on receiving side misconfigured with the wrong response code 5.x.x instead of 4.x.x?
- Greylisting has to answer with a 4.x.x smtp response code (temporarily not available, retry later)
Have you checked that the host name is configured on your receivers side MTA correctly?
- Postfix mail loops on senders side caused by misconfigured receivers Hosts
- Mail loops back to sender caused by receiving Host misconfiguration
Does the host name match in your MTA configuration with the host name defined under your MX record for your domain?

Is the selected mail alias configured under your MTA configuration? and/or is the returns alias defined in your MTA configuration as acceptable receiver?

Mail loops back solution

 Sample:  yoursubdomain.testdomain.tld

 Whois yoursubdomain.testdomain.tld  refers to Whois testdomain.tld
   will result in:   administrator@provider.tld
   administrator@provider.tld is not an option to you

 So the resulting list to send ping test mails to will be:

  * root@yoursubdomain.testdomain.tld         -> 1st default alias
  * hostmaster@yoursubdomain.testdomain.tld   -> 2nd default alias 
  * postmaster@yoursubdomain.testdomain.tld   -> 3rd default alias
  * admin@yoursubdomain.testdomain.tld        -> 4th default alias
  * webmaster@yoursubdomain.testdomain.tld    -> 5th default alias

  where an individual MX record is set for yoursubdomain.testdomain.tld

  Other email alias doesn't work.

  Solution: Create an email alias from the list above.

Does exist a Whois record for your domain in question?

By default there exist no own whois records on subdomains

Then your choice is limited to the alias list of 5 "known" alias names (see above)