Confirm your store in 10 minutes (DNS guide)

Shoppers want to know they are on your real domain—not a copy. With one TXT record at your DNS host (Cloudflare, GoDaddy, etc.) you confirm ownership in minutes in most cases. That beats claiming we own this store in the footer.

Behind the scenes it is technical—for customers it means this address is tied to the verified store. Pair with company check (CVR) and a trust badge at checkout. See live status as reference.

Why DNS proof matters for e-commerce trust

E-commerce fraud often hinges on domain deception. A scammer clones a legitimate catalog on a look-alike URL, captures payments, and disappears. SSL certificates encrypt traffic but do not vouch for business identity. Reviews and social proof lag behind new impersonation sites. DNS control is tied directly to the domain string customers must trust when they pay.

Binding verification to DNS closes a gap left by paperwork alone. Two shops might list the same company registration number copied from a public database, but only one can publish the verification TXT at the correct hostname for the domain customers actually visit. Shoppers who understand this distinction — explained further in how to check if a webshop is legitimate — can prioritize stores that offer inspectable domain proof.

DNS verification also protects merchants who legitimately rebrand. When ownership of a domain transfers with the business, updating DNS records reflects operational reality faster than scattered marketing claims. Combined with CVR company verification, it forms a chain from person to domain to public certificate.

DNS proves who controls the address bar — not just who can edit a page or paste a company ID in the footer.

How TXT records work in plain language

The Domain Name System maps human-readable names to machine resources. TXT records store arbitrary text associated with a name — commonly used for email authentication (SPF, DKIM), site verification for analytics tools, and domain ownership proofs like WebshopVerified's token.

Your dashboard displays the exact host label, record type, and value to enter. Copy them carefully: an extra space, wrong subdomain, or accidental quotes in the value field are frequent causes of failed checks. Most DNS providers offer a simple form with name, type, TTL, and content fields.

TTL (time to live) influences how quickly changes propagate. Lower TTL speeds up updates during setup; higher TTL reduces query load once stable. For initial verification, follow your provider's defaults unless you have operational reasons to tune caching aggressively.

Step-by-step setup for merchants

Propagation timelines and what to expect

Propagation is not instantaneous because resolvers cache previous answers. Your authoritative DNS may show the new TXT immediately while a resolver in another region still serves stale data until TTL expires. This behavior is normal and not a sign that verification is broken.

Use external DNS lookup tools from more than one network if you are debugging. Compare the answers to the dashboard's expected value character by character. If you use CDN or proxy services, ensure you edit DNS at the authoritative provider that actually serves your zone, not merely a secondary panel that mirrors incomplete data.

Common errors and troubleshooting

Wrong hostname is the most frequent mistake: entering the token at the apex domain instead of the specified subdomain, or omitting leading underscores when required. Double-check the dashboard string against your DNS panel before saving.

Some interfaces wrap TXT values in quotes automatically; others require you to omit quotes. If verification fails despite a visible record, try the alternate formatting your provider's documentation recommends. Remove duplicate conflicting TXT entries left from old attempts.

DNS verification plus CVR verification

DNS alone identifies domain control, not the company behind the business. WebshopVerified requires both DNS proof and CVR verification so a stolen domain cannot instantly inherit trust without account compromise, and a verified company cannot claim another company's domain without DNS access. Either condition alone is insufficient for verified widget display.

Merchants completing both steps give shoppers a coherent story on the public certificate: here is the domain we verified, here is the CVR status, here is subscription state. That narrative supports support teams and reduces back-and-forth when buyers ask for safety confirmation before large orders.

Security and operational best practices

Limit DNS admin access to trusted staff and use MFA on registrar accounts. DNS hijacking is rare but catastrophic: an attacker with zone control could redirect customers regardless of any badge. Regular audits of NS records and registrar locks reduce risk.

Document your TXT verification record in internal runbooks alongside SPF and DKIM entries so future migrations preserve trust infrastructure. When launching new storefront domains, repeat verification per domain — certificates are domain-specific by design.

Multiple domains, staging environments, and migrations

Merchants operating several country TLDs or brand domains need verification per production storefront customers use to pay. Staging subdomains used only internally should not display production widgets; keep verification scoped to live checkout domains to avoid customer confusion.

During registrar migrations, export a record inventory before changing nameservers. Include WebshopVerified TXT alongside mail and analytics entries so nothing is dropped when a new DNS host imports defaults. After migration, re-run verification even if you expect records copied correctly — automated importers sometimes strip underscore hostnames.

Agencies managing client shops should document which client owns DNS credentials. Verification tied to the merchant's account must remain under client control long term; otherwise trust signals break when agency offboarding removes records without handover.

If you operate both a marketing site and a separate checkout subdomain, confirm which hostname the dashboard expects for TXT publication. Some platforms verify the apex domain while checkout lives on shop.example.com; the dashboard always shows the authoritative target — follow that label rather than assumptions from your CMS setup.

Getting started

Create your account at signup, complete CVR verification, then follow dashboard DNS instructions. Questions about combined requirements appear in FAQ. For merchant-facing positioning of verified status, revisit the trust badge webshop guide and CVR verification guide. Most merchants complete DNS verification in a single working session once registrar access is confirmed.