Jottingsme

Dashboard

TXT Record Validation: Domain Ownership Proof

6 min read Custom Domains

TXT Record Validation: Domain Ownership Proof

When you own a domain, it's yours. But how does Jottings know that the person setting up a custom domain actually owns it? That's where TXT record validation comes in—a quiet, elegant mechanism that sits at the foundation of secure domain management.

I want to walk you through why we built this system, how it works, and why it matters for your Jottings site.

The Problem We Solved

Let's say you bought the domain myblog.com. You want it pointing to your Jottings microblog. But here's the nightmare scenario: what if someone else claimed that domain first on a different service? What if they set up myblog.com pointing to their malicious site, and you had no way to prove you actually own it?

This is the domain hijacking problem, and it's real.

Without verification, anyone could claim any domain on any service. I could theoretically point techcrunch.com to my Jottings site if there were no ownership checks. The whole system falls apart on trust with no way to verify it.

DNS records are the single source of truth for domain ownership. If you can modify a domain's DNS records, you own that domain. It's not foolproof, but it's the closest thing we have to cryptographic proof of ownership in the domain world.

How TXT Record Validation Works

When you add a custom domain to your Jottings site, here's what happens:

Step 1: You request a custom domain

You add myblog.com in your Jottings dashboard settings. Our system generates a unique verification token—something like jottings-verify-abc123xyz789def.

Step 2: You add a TXT record

We show you instructions to add this TXT record to your domain's DNS:

TXT record name: _jottings.myblog.com
TXT record value: jottings-verify-abc123xyz789def

You head to your domain registrar (GoDaddy, Namecheap, Google Domains, whatever), find the DNS settings, and add that TXT record.

Step 3: DNS propagation

DNS changes don't happen instantly. It typically takes 5-60 minutes for the TXT record to propagate across the internet's distributed DNS system. This is just how DNS works—it's designed to be slow and resilient.

Step 4: Verification check

Once you've added the TXT record, you click "Check Verification" in Jottings. Our system queries DNS servers to look for that exact TXT record at _jottings.myblog.com. If we find it with the correct value, we know two things:

  1. You have DNS write access to myblog.com
  2. Therefore, you own myblog.com

Step 5: SSL certificate

Once verified, we trigger Cloudflare's SSL for SaaS system to issue an SSL certificate for your domain. Your site becomes accessible at myblog.com with full HTTPS support. The whole process is automated and happens in seconds after verification.

Why We Chose This Approach

We considered other verification methods, but TXT records won for good reasons.

Email verification? We could send you a verification email and ask you to click a link. But email ownership and domain ownership are different things. Someone could be registered as your domain's admin contact but not own the actual domain anymore.

CNAME records? We could ask you to add a CNAME pointing to our system. This works, but CNAME records have limitations (you can't add them at the root domain in some cases), and they're less flexible.

Meta tag verification? We could ask you to add a meta tag to your site's homepage. But this requires your site to already be reachable—a chicken-and-egg problem for custom domains that aren't activated yet.

TXT records are special because:

  • They're designed exactly for this use case—verification and metadata
  • They don't conflict with other DNS records
  • They work at the root domain and subdomains
  • They're widely supported by all registrars
  • They're purely informational—they don't affect your site's operation
  • They're trivial to add and remove (cleanup after verification)

Every major service that does domain ownership verification uses TXT records: Google Search Console, Microsoft 365, Slack, Zapier, and countless others. We're following the industry standard because it's proven to work.

The Security Model

Let's talk about what TXT validation actually secures.

The verification proves you control DNS, which means you own the domain. It prevents someone from randomly claiming myblog.com belongs to them. But it doesn't prevent every possible attack:

What it prevents:

  • Someone else claiming your domain on Jottings
  • Your site being accessible from a domain you don't own
  • Impersonation attacks where someone hijacks your domain identity

What it doesn't prevent:

  • Domain registration hijacking (if someone breaks into your registrar account, they can steal your domain entirely)
  • Man-in-the-middle attacks (if someone intercepts DNS traffic, though this is rare with modern DNSSEC)
  • Compromised registrar staff (if an employee at your registrar turns malicious)

This is why you should:

  • Use a strong, unique password on your registrar account
  • Enable two-factor authentication if your registrar supports it
  • Use a registrar you trust
  • Periodically audit your domain's DNS records

TXT validation is one layer of security. It's not a complete shield, but it's a critical layer that prevents casual domain hijacking and proves ownership in a way that's verifiable and tamper-evident.

The Human Element

Here's what I love about this approach: it involves you. You're not blindly trusting Jottings to verify your ownership. You're actually proving it yourself by modifying your DNS records.

When you add that TXT record, you're performing a cryptographic proof of ownership. The DNS system is distributed and operated by thousands of independent registrars and DNS providers. No single party controls it. So when Jottings verifies your TXT record, we're not just trusting ourselves—we're leveraging an entire infrastructure specifically designed for this kind of verification.

It takes a few minutes, but that friction is actually a feature. It ensures that only people who genuinely own domains can activate them on Jottings.

Set Your Domain Free

If you own a domain and want to make it the home of your Jottings microblog, custom domains are ready for you. Add your domain in site settings, follow the verification steps, and within minutes (after DNS propagation), your site is live at your custom domain with full SSL support.

The TXT record stays in your DNS indefinitely—it doesn't hurt anything and serves as a permanent record that this domain is verified with Jottings. Want to remove it later? You can delete it anytime. The verification is one-time; the TXT record is optional afterward.

Own your domain. Own your content. That's the Jottings way.

Have questions about custom domain setup? Head to your site settings and look for the custom domain section, or reach out to support. We're here to help you bring your domain home.

← Back to Blog