Summary

Partners must check the re-validation status of customer domains. If the domain re-validation has not been done, messages requiring new or renewed certificates will be rejected starting December 11 2025.

Details

seppmail.cloud customers who use user certificates from Swisssign (all customers with Sign and/or Encrypt) have to re-validate their domains with Swisssign on a yearly basis. Administrators receive notifications from SEPPmail with the new random value which needs to be published in as a DNS TXT record.

We notice that these updates to DNS are often not done. While there is no immediate impact (certificates issued during the validity of the first random value remain valid), no new certificates can be issued and renewal of certificates will fail. This often leads to significant effort on all sides under time pressure to fix.

In order to ensure a proper setup, the seppmail.cloud will start to reject messages if a certificate would be required but the domain is not validated at Swisssign any more starting on December 11 2025.

Actions are required by partners

• If you as a partner have already performed all re-validations, no action is required.
• In any case, please check the notifications you received from seppmail.cloud (either by e-mail or in the “Tasks” menu in the seppmail.cloud Portal). In the “Tasks” menu, you also find a list of pending re-validations at the top of the page (if there are any).

We inform partners on multiple channels (Statuspal, partner webinar, news item in the cloud portal) about the coming change.

If you have any questions, please contact our service desk at [email protected].