Verification of email addresses and telephone numbers is an important part of online identity and has become as simple as clicking an email verification link, or receiving an SMS verification code. The aim of the Domain Verification protocol is to make it just as easy to verify a domain name.

The Domain Verification Protocol aims to automate the domain name verification process – where a domain name owner is asked to verify that they have control over a domain name. This is currently a process employed by hundreds of companies: giants like Google, Apple, Amazon, Microsoft, Adobe and Cisco, as well as startups.

TL;DR

A Domain Verification record is a DNS TXT record published to a subdomain derived from the hashed email or telephone number of an authorised party. Domain owners and DNS Providers create Domain Verification Records; Service Providers read them.

The traditional domain verification process

This is how domain verification has worked since the mid-2000s:

• A domain owner adds their domain name to a service (e.g. Google Search console, Facebook Business Manager, etc).
• The service provider asks the domain owner to verify they have control over the domain name by adding a DNS record (usually TXT or CNAME record) via their DNS provider.
• The domain owner logs into their DNS provider and creates the DNS record.
• The service provider queries the newly created DNS record to verify that the domain owner has control over the domain name. If found, the service provider allows the domain owner to add their domain to the service.

The process is repeated for each domain name added to each service provider.

Friction, dangers, inefficiencies and limitations

• Many domain owners are blocked at step 2 and 3 of the traditional process, because they don’t understand the service provide