Blog

How domains are verified on Portrait with Ethereum

Ryan Shahine
How domains are verified on Portrait with Ethereum

When you link a custom domain to your Portrait, you're proving ownership in a way that's verifiable by anyone, anywhere, without trusting Portrait's servers or any centralized authority.

Like most platforms, Portrait uses DNS TXT records for domain verification. But unlike traditional platforms, Portrait's verification is cryptographically signed using your onchain identity. Instead of checking a DNS record, storing the result in a database, and deciding whether you're "approved," Portrait's system lets anyone verify the connection independently.

Linking your custom domain to your Portrait is available to Portrait Plus subscribers.

How it works

Every Portrait has an associated Portrait ID, which is a unique numeric identifier stored onchain. Your Portrait ID is linked to your Ethereum wallet address.

When you link a domain to your Portrait, you're proving two things:

  1. You control the Ethereum wallet that owns the Portrait ID
  2. You control the DNS settings for the domain you're linking

The process is straightforward, but the details matter. When you link a domain to your Portrait, here's what happens:

You sign a message with your Ethereum identity

You sign a message with your Ethereum wallet. The message format is simple:

{domain}={portraitId}

For example: example.com=12345

This creates an EIP-191 compliant signature, a cryptographic proof that you control the wallet associated with your Portrait.

You add a DNS TXT record to your domain

The signature is then included in a DNS TXT record on your domain, together with your Portrait ID. This record serves as public proof that you control both the domain and the Portrait.

You add a TXT record to your domain's DNS settings with hostname @ and a value like:

"portraitId=12345 signature=0xabc123..."

This proves you control the domain itself.

Anyone can verify the connection

Here's where it gets interesting. DNS records are public by nature, so anyone can read the TXT record you added. The signature in the record can be used to verify that the domain is linked to the correct Portrait ID.

Anyone can verify the connection by:

  1. Reading the DNS TXT record from your domain by querying DNS
    • You can use standard DNS lookup tools like dig to fetch the TXT record.
  2. Extracting the portraitId and signature
  3. Recovering the signer address from the signature (using the message {domain}={portraitId})
  4. Checking onchain that this address owns the claimed Portrait ID, using Portrait's smart contracts.
    • You can interact with the PortraitIdRegistry contract to verify ownership. Smart contracts are publicly accessible and open source.
  5. If the recovered address matches the owner of the Portrait ID, the domain ownership is verified.

No need to trust Portrait's servers. The proof exists independently. Even if Portrait goes offline, the verification can still be performed by anyone.

Portrait's proxy servers that serve Portraits on custom domains will check the DNS records and signatures to ensure the domain is correctly linked.

Why this matters

Most people don't think about domain verification until something goes wrong. In 2025, a DNS hijacking attack on Aerodrome Finance and Velodrome Finance redirected their centralized domains to phishing sites.

When a domain gets hijacked, how do you prove that a bad actor controls it? And after recovery, how do you prove that you recovered control? Most common methods rely on communication via social media channels like X to announce changes. But how do users know those accounts weren't compromised too?

Domain registrars are more vulnerable than private keys, as they can be compromised, social engineered, or coerced. But your Ethereum private key is under your control.

Similar to how Vitalik used Ethereum to prove he was alive during a death hoax, you can use your Ethereum identity to prove domain ownership and control of both the domain and the Portrait, from anywhere in the world, from any social platform, without relying on centralized intermediaries.

View Portrait's contracts yourself on GitHub, and stay informed and engaged by following updates on X.