What is NIP-05? The Nostr address, explained

Your Nostr public key, written out, looks like npub1pf8hkx3ang2jngcgpsawtmj48c90pgqasmgpva7qhvnsty5j87yqwk3vy5. Try saying that out loud at dinner. Now try writing it on a business card, or spelling it over a phone call. You cannot. The raw key is correct and safe to share, but it is useless as a handle humans use.

NIP-05 is the fix. It lets you attach something short and email-shaped, like alice@nostr.blog or you@yourdomain.com, to the same public key. Clients verify the mapping and show the readable version next to your name. That is the whole idea.

This guide covers what NIP-05 does, how the verification actually works under the hood, what it does not give you (it is not a blue check), and the two ways to get one.

TL;DR. NIP-05 is an identifier in the form name@domain.com that maps to your Nostr public key. A domain publishes a small JSON file at /.well-known/nostr.json; clients read that file to confirm the mapping. It gives you a readable name and a light trust signal. It does not verify your real-world identity and it does not protect your account from loss.

When you're ready, grab your @nostr.blog address →

What NIP-05 is, in one sentence

NIP-05 is a standard for pointing a human-readable identifier at a Nostr public key, using DNS and a JSON file on a web server.

The identifier looks like an email address on purpose. An email address is already the shape most people recognize as "a name you can hand to someone else." Borrowing that shape skips a round of explanation.

The implementation is deliberately low-tech. No blockchain, no central registry, no fancy cryptography beyond what Nostr already uses. A domain owner publishes a plain JSON file, any client can read it, and the cryptography only enters when the client checks that the mapped public key matches the signature on the posts.

How it actually works

Here is the literal mechanism, because it is short enough to fit in an article.

You tell your Nostr client that your identifier is alice@nostr.blog. The client:

1. Parses the identifier into a local part (alice) and a domain part (nostr.blog).
2. Makes a GET request to https://nostr.blog/.well-known/nostr.json?name=alice.
3. The server responds with a JSON file that looks roughly like this:

{
  "names": {
    "alice": "0a4f7b1a3d9a1529a3080c3ae5ee553e0af0a01d86d01677c0bb270592923f88"
  }
}

4. The client reads the hex public key and compares it to the pubkey attached to your posts.
5. If they match, the client marks the identifier as verified and renders it in place of (or next to) your npub.

That is the entire dance. No OAuth, no account creation on the domain's side beyond "host this file." When nostr.blog stops listing you in that file, the identifier stops working. When the mapping is back, it starts working again.

The GET request is supposed to return CORS headers (Access-Control-Allow-Origin: *) so clients in the browser can read it. Most NIP-05 hosts including nostr.blog already do this correctly; the ones that do not are the source of most "my NIP-05 is broken" support threads.

What NIP-05 actually gives you

Three concrete benefits, in descending order of usefulness.

A name you can say out loud

This is the one everyone talks about first because it is the one that solves the most common friction. alice@nostr.blog works on podcasts, business cards, profile bios on other networks, and handwritten signage. npub1pf8hkx3ang2... does not.

Portability across clients and relays

The NIP-05 record points at your public key, not at the domain that hosts it. If tomorrow you decide to migrate from alice@nostr.blog to alice@alicedomain.com, you do it by updating both JSON files to point at the same pubkey. Your posts, follows, and reputation do not care. Compare this to Twitter, where a handle change means the platform reroutes everything for you and an account deletion means everything is gone.

A light trust signal

Not a strong one, and the distinction matters. A NIP-05 on a careful domain is evidence that whoever controls that domain decided to list your name. If the domain is known to vet its users (a company running a verified namespace for employees, for example), that vetting rubs off on the identifier. If the domain hands out names to anyone who asks, the trust signal is zero. Most clients know this and render the checkmark neutrally.

What NIP-05 is NOT

This section exists because the blue-check analogy misleads new users in three specific ways.

It is not proof you are a real person or a specific real person. NIP-05 verifies that the public key signing posts matches the public key the domain listed under that name. It does not verify that the name corresponds to an actual human named Alice. Celebrity impersonation is possible if the impersonator controls a domain that is willing to list them.

It is not a recovery mechanism. If you lose your private key, your NIP-05 cannot save you. The identifier will happily point at a pubkey whose owner has no way to post anymore. Nobody can reset it for you because nobody else has the key.

It is not a URL. alice@nostr.blog is an identifier. Pasting it into a browser will not open anything. To navigate to Alice's profile you feed the identifier to a Nostr client or a web gateway. The shape is email-like, not link-like.

How to get a NIP-05 address

Two paths, clearly different in cost and effort.

Register on nostr.blog

The fastest path. You pick a username, the identifier is live in under a minute, and the signup bundles a Lightning wallet plus a full web client on the same page. Pricing by name length:

• 1 character: $999 per year (reserved for genuinely premium single-letter handles)
• 2 characters: $499 per year
• 3 characters: $199 per year
• 4 characters: $99 per year
• 5 characters: $29 per year
• 6 to 7 characters: $9.99 per year
• 8 or more characters: $2.99 per year

Longer names are much cheaper because there are many more of them. Shorter names are scarce, memorable, and priced accordingly.

Host your own on a domain you own

If you already own a domain and are comfortable editing a file on a web server, you can run NIP-05 yourself for the cost of the domain (and nothing more).

The minimum viable setup:

1. Put a JSON file at https://yourdomain.com/.well-known/nostr.json with the shape shown earlier.
2. Make sure the server returns Access-Control-Allow-Origin: * for that file, or browser-based clients will not read it.
3. Set yourname@yourdomain.com as the NIP-05 identifier in your Nostr client.
4. Wait a few minutes for any client-side cache to clear.

The DIY path is right for people who want full independence from any third party. It is wrong for people who want "just the name, I do not want to maintain a webserver." Most users fall in the second group.

Common pitfalls

Five failure modes that account for most support questions.

• Missing CORS header. The nostr.json file returns the right data but the browser refuses to read it because of same-origin policy. Fix: configure the server to send Access-Control-Allow-Origin: * on the .well-known path.
• Wrong pubkey in the JSON. Someone hand-copied the hex and dropped a character. Compare byte by byte with what your Nostr client shows under "account settings."
• Aggressive client-side caching. After a change to the JSON, some clients hold the old mapping for up to 24 hours. Log out and back in, or switch clients briefly, to force a re-read.
• Using a CDN that rewrites headers. Cloudflare and similar edges sometimes strip the CORS header or add weird cache directives. Check the raw response, not what the browser shows.
• Putting uppercase letters in the name. NIP-05 names are supposed to be lowercase. Some clients tolerate mixed case, some do not. Stick to a-z, 0-9, dash, underscore.

Is it worth paying for?

Honest answer: depends on the name and the domain.

If the name you want is long and forgettable, the DIY path on a domain you already own is usually the better choice. You do the one-time setup and never pay anyone for the identifier again.

If you want a short name on a recognizable domain, which is itself a trust and memorability signal, paying a few dollars per year is almost always better than trying to squat equivalent names across multiple domains. Short names are scarce everywhere on the internet and Nostr is no exception.

Either way, getting some NIP-05 is better than keeping the raw npub forever. The cost of not having one is a worse impression every time you hand someone your identifier.