How to get verified on Nostr: a practical guide

"Get verified on Nostr" does not mean buying a blue checkmark. It means getting a NIP-05 identifier that cryptographically binds a human-readable name to your public key.

This guide covers what verification actually means, how to get it in under two minutes, and what it does and does not prove.

TL;DR. Nostr verification is a NIP-05 identifier like alice@nostr.blog. It proves that whoever runs the domain listed your name as pointing to your specific public key. That is a weaker claim than "is the real Alice" and a stronger claim than "used the right hex string." Get one by signing up on nostr.blog or hosting a JSON file on your own domain.

When you are ready, grab your @nostr.blog address →

What verification means on Nostr

A NIP-05 identifier (the verification mechanism) tells other clients: the public key posting under this name is the one listed in the domain's JSON file at /.well-known/nostr.json.

The client fetches the file, verifies the mapping, and displays a small checkmark or highlights the identifier in the UI. If the mapping fails (domain offline, pubkey mismatch, file missing), the checkmark does not appear.

This is the "verification." It is cryptographic and automated. No platform employee reviews applications.

What verification proves

Specifically:

Cryptographic binding. The pubkey you are seeing posts from matches the pubkey listed under this name at this domain. Nobody can fake this; the verification would fail.

Domain claim. Whoever controls the domain decided to list this name under this pubkey. A careful domain (like nostr.blog, which takes payment and registers names only once) has listed it deliberately.

Continuity. If the same domain has been listing the same name for the same pubkey for months, that is a stronger signal than a brand-new entry. A persistent verified identifier accumulates reputation.

What verification does not prove

Equally specifically:

Not real-world identity. Nothing about a NIP-05 verifies that "Alice Smith" in the verification is the Alice Smith who is famous on Twitter. Impersonation is possible at the domain level; someone could register alice@somedomain.com and claim to be a celebrity.

Not trust. A NIP-05 on a domain that hands out names to anyone for free is worth less than one on a domain that vets applicants. The checkmark looks the same either way; the context matters.

Not account recovery. Losing your private key ends your account. The NIP-05 cannot save you; it cannot re-derive the key from the public identifier.

Not moderation. A verified user can still post anything they want. Verification is an identity feature, not a content feature.

Two paths to verification

Either one gives you a working verified identifier.

Path 1: Managed service (nostr.blog or similar)

Fastest, cheapest to start, no technical requirements.

1. Go to nostr.blog/create.
2. Pick a username.
3. Pay the annual fee for the length you chose ($2.99 to $999).
4. The verification is live immediately.

You now have yourname@nostr.blog. Every Nostr client that supports NIP-05 shows the checkmark next to your display name.

Pricing:

• 1 character: $999/year
• 2 characters: $499/year
• 3 characters: $199/year
• 4 characters: $99/year
• 5 characters: $29/year
• 6-7 characters: $9.99/year
• 8+ characters: $2.99/year

Most users pick a 6-10 character name; the cost is $2.99 to $9.99/year. Premium short names are scarce and priced accordingly.

Path 2: Self-hosted on your own domain

Full control; more setup effort.

1. You already own a domain (or register one; ~$12/year).
2. Create a JSON file at https://yourdomain.com/.well-known/nostr.json with the mapping {"names": {"yourname": "your-hex-pubkey"}}.
3. Configure the server to return Access-Control-Allow-Origin: * on that path.
4. In your Nostr client, set yourname@yourdomain.com as your NIP-05 identifier.
5. Within a few minutes, clients fetch the file and display the verification.

Works for technically comfortable users. Full walkthrough: how-to-get-nostr-address.

Which path for whom

Use a managed service if:

• You want verification in under two minutes
• You do not own a domain
• You are not comfortable editing server configurations
• You want a short memorable name (managed services have the inventory)

Self-host if:

• You already own a domain you like
• You are comfortable with DNS and web servers
• You want complete independence from any third-party provider
• You plan to keep the domain for years (one-time setup amortizes over time)

For most users, managed is faster and cheaper in year one. Self-hosting pays off over many years if you keep the domain anyway.

What happens after verification

Three things change.

Your display in clients. The raw npub gets replaced or supplemented by the readable identifier. Some clients show both; some show only the NIP-05 after verification.

Other people can find you by name. Instead of passing around a 63-character hex string, you share alice@nostr.blog. Easier to include in business cards, podcast show notes, and cross-platform bios.

Zaps to the identifier work. If your NIP-05 service also runs a Lightning address at the same identifier (nostr.blog does this automatically), senders can zap you using the human-readable name.

None of this is world-changing, but all of it is meaningful quality-of-life improvement.

Maintaining your verification

For a managed service, maintenance is zero. You pay the annual fee; the service keeps the record live.

For self-hosted, maintenance is minimal:

• Keep the domain renewed (the domain registrar's annual fee)
• Keep the web server reachable (uptime monitoring helps)
• Keep the CORS header correct through any server migrations
• Update the JSON file if you ever rotate your pubkey (rare)

Total time commitment: a few minutes per year unless you are migrating your whole server.

Verification levels in the wild

Different domains project different trust signals.

Professional-ish domains. A name at a bitcoin.com, primal.net, or similar accumulates some trust because the domain is associated with a known operation. The domain vets entries to varying degrees.

Personal domains. alice@alice.xyz is "me, on my own domain." Fine for the individual; the trust signal comes from Alice's own reputation, not the domain.

Community domains. Some communities (music scenes, academic fields) run domains that only list community members. Being at such a domain signals community membership.

Random domains. Anyone can register any domain and hand out any names. A NIP-05 at a domain you have never heard of gives no trust signal beyond "cryptographically valid."

The shape of your verification reflects the domain you chose. A user picking a free-for-all domain gets the "verified" check but no reputation boost; a user picking a reputable domain inherits some of that reputation.

Common verification issues

Three problems that come up.

"My verification shows up on one client but not another." Client-side caching. Different clients fetch the /.well-known/nostr.json at different intervals. A new verification might be visible on one client immediately and take 24 hours on another. Log out and back in to force a recheck.

"My verification was working and now the checkmark is gone." Most often: your domain is temporarily unreachable. Clients cannot fetch the JSON file, so verification fails gracefully (show the identifier without the checkmark). Usually resolves when the domain is back up.

"I registered but never set my NIP-05 in my profile." Registration and profile setup are separate steps. After registering your identifier on nostr.blog or similar, you still need to add it to your Nostr profile so clients know to check for it.

The realistic takeaway

Verification on Nostr is cheap, fast, and useful. It does not come with superpowers; it is a simple convenience that makes your identity portable and memorable.

For most users, $2.99 per year is a no-brainer. For users who own a domain, self-hosting is a good alternative. For users who want to skip it, the raw npub still works; the checkmark is optional polish, not required.