There are imposters on any social networking site. You probably remember when the stock price of Eli Lilly temporarily crashed due to a fake Xitter account tweeting that insulin would now be free. Oops. And Xitter doesn’t actually verify accounts anymore. And yes, there are most definitely fake accounts on Bluesky too, like https://bsky.app/profile/sfmta.bsky.social .
But you make your Bluesky accounts verified ones by associating them with your organization’s domain name. That is why you often see Bluesky handles such as @skibu.helpbluesky.me instead of the generic @skibu.bsky.social . And if you don’t already have a domain name that you can configure then you can easily purchase a name from Bluesky and they will setup everything for you.
Every account associated with an organization should do this to show that your account is verified!
There are two ways to verify an account, both involving changes to DNS for the organizations website. Doing this is easy for someone who is familiar with DNS, but complicated if one is not. If you are like most people where this is too complicated you can purchase a domain name from Bluesky and they will set it up. But if Bluesky sets up the domain, a new domain name like @yourName.xyz doesn’t actually verify your Bluesky handle since anyone can setup such a domain name through them. To have a real, verified handle you need to use an organizations domain name, like example.com so that an individual’s full handle would be something like @yourName.example.com .
And you can do this for a Bluesky account that is for the entire organization instead of for an individual. In this case the organizations Bluesky handle would be simply like @example.com .
Also, it is important that if you are changing your handle from @yourName.bsky.social to your own domain such as @yourName.example.com , your original @yourName.bsky.social will become available for others to grab. My suggestion is that after making the change, reserve your old @yourName.bsky.social handle again and just sit on it. In the description you should simply state that your handle is now @yourName.example.com .
For small number of accounts: adding TXT record to DNS for website
If there are only a few Bluesky handles that need to be created for your organization you can do it by just adding a TXT record to the DNS configuration of your organization’s domain. This allows Bluesky to do verification by doing a TXT DNS request to the address _atproto.yourName.domainName, e.g. _atproto.janesmith.example.com for a Bluesky handle @janeSmith.example.com and website domain example.com . If the account is for the entire organization instead of just an individual at the organization, then the address would be _atproto.example.com . The DNS for the organization’s website then returns a simple text snippet per account that verifies the account.
If this is beyond you then you are best off purchase a domain name from Bluesky and having them set it up.
First step is to select Settings and then Account, or go to https://bsky.app/settings/account, in order to get the Account page.
In the Account page select Handle to get to the Change Handle page.
In the Change Handle page click on the I have my own domain button.
Then enter the full handle, including your domain name, you want to use on Bluesky. If you are just going to have a single Bluesky account for the domain name then you can just use the domain name, like @example.com . But if you are going to have several Bluesky accounts associated with the domain name then you should enter @yourName.example.com .
Next step is to add the DNS record info displayed in the Change Handle window to your domain. This needs to be done via the website where your domain is registered (namecheap.com , godaddy.com, cloudfare.com etc). If you happen to be using namecheap.com then you need to go to your cPanel site and then to the Zone Editor in order to add the TXT DNS record, as shown in the figure below:
Then go back to your Bluesky Change Handle page and click on the Verify DNS Record button. If the configuration is correct the Change Handle page will tell you. It can take a minute or two for the new TXT record you created to be in effect so you might need to try a coupe of times. Note that for the example below used the handle name synthbu.helpbluesky.me in order to use a working domain name.
Then go to your Profile Page again and you will see that the handle is updated to synthbu.helpbluesky.me as desired.
For larger number of accounts: allow traffic to all subdomains and create special webpage that provides verification text for any account
For a good sized organization that is going to have large number of Bluesky handles associated with a domain name, it is easier to just make a single DNS change to your domain name. This DNS change can be done by adding the wildcard subdomain * to your domain name by adding an A and an AAAA DNS record. You also need a SSL wildcard certificate that allows for secure communication for all subdomains of your organization’s website. If you don’t already have a wildcard SSL certificate for your website, this will cost you some money, $40 – $120 per year. Together, this allows any subdomain, such as _atproto.janesmith.example.com for the website example.com, to be used to successfully access your web server.
Bluesky can then use their standard protocol to access a page that you need to create. The URL for the page you need to create is https://_atproto.somename.example.com/.well-known/atproto-did . That web page needs to return content-type text/plain, an HTTP 200 OK status value, and the text value specified during the Change Handle procedure, using the same process above shown for adding a TXT DNS record. The text will be similar to did=did:plc:lsekjflsd8sd8s8d88sf8sd8df .
You need to create the atproto-did webpage using the technology used for your website. This might be PHP, python, or some other language. The page should determine the user name from the domain name used. As an example, the webpage should determine that for the domain _atproto.janesmith.example.com that the user name is janesmith. Then the webpage should look through its configured user accounts and return the verification text associated with that user.
Official Bluesky instructions:
Bluesky provides instructions on how to setup up verification via domain configuration. The instructions are somewhat out of date and confusing, but listed here for completeness.
https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
Leave a Reply