Every month, users have their accounts compromised because they clicked links in "Binance official" emails. How can you tell real Binance emails from fake ones? This article provides the complete list of official sender domains and a 3-minute check method to identify authenticity. To confirm your current account security status, you can log in to the Binance official website to check your notification history. On mobile, use the Binance Official APP to enable email alerts. Apple users can refer to the iOS installation tutorial to download the client.
Binance Official Email Domain Whitelist
Binance official emails are only sent from these domains; anything else is fake:
| Domain | Purpose |
|---|---|
| @binance.com | Security notifications, KYC results, account management |
| @post.binance.com | Product updates, event announcements, Newsletters |
| @directmail.binance.com | Bulk marketing emails |
| @ses.binance.com | System automated notifications |
| @mail.binance.com | Distribution domains for specific regions |
Any other sender containing the word "binance" is a phishing attempt, including:
How to Check the Real Sender
Method 1: Expand Email Header Information
The sender displayed by email clients can be forged. To see the real sender domain, expand "Details" or "Original Email" to check these two lines:
From: Binance <[email protected]>
Return-Path: [email protected]
Return-Path cannot be forged; it is the actual source server domain of the email.
Method 2: Check SPF/DKIM/DMARC
Look for these three lines in the email details:
spf=pass
dkim=pass
dmarc=pass
It is a real email only if all three are 'pass'. If any of them are fail or softfail, it can essentially be judged as forged. Gmail and Outlook automatically display this information.
Method 3: Hover to View Links
Do not directly click text links in emails. First, hover your mouse over the link. Your browser or email client's bottom bar will display the actual URL.
Real links should look like:
https://www.binance.com/...https://accounts.binance.com/...
Fake links will use various strange domains:
https://binance-verify.xyz/loginhttps://binance.support-team.net/kyc
Anti-Phishing Code is the Ultimate Defense
This is a feature specifically designed by Binance against phishing. It is highly recommended that all users enable it immediately.
How to Enable
- Log in to Binance → Profile → Security
- Find "Anti-Phishing Code"
- Set a string of text known only to you (8-12 characters, mixing letters and numbers is recommended)
- Save it, and it will take effect immediately.
Effect After Enabling
All genuine Binance emails will automatically insert this text into the email content, usually displayed in small grey text below the title or in the footer. For example, if you set it to "Tiger2024", every real email will include the line:
Anti-Phishing Code: Tiger2024
Anti-Phishing Code Verification Rules
| Condition in Email | Judgement |
|---|---|
| Displays your customized Anti-Phishing Code | Genuine Email |
| No Anti-Phishing Code | Fake Email |
| Incorrect Anti-Phishing Code | Fake Email |
| Blurred/Incomplete Anti-Phishing Code | Suspicious |
Phishers cannot know your Anti-Phishing Code because it is stored on Binance servers and not transmitted over email protocols.
Common Phishing Email Tactics
Tactic 1: KYC Anomaly Alert
Title: "Your KYC verification is expiring, please re-verify immediately"
Clicking it redirects to a fake site asking you to re-upload your ID and face scan. The goal is to steal your KYC data package.
Tactic 2: Withdrawal Confirmation
Title: "Your withdrawal request: 0.8 BTC"
They want you to click "Cancel Withdrawal". Clicking redirects to a phishing site asking you to log in and enter 2FA, allowing the attacker to instantly execute a real withdrawal using your input.
Tactic 3: Account Locked
Title: "Suspicious login detected, your account has been locked"
Asks you to click a link to "unlock," which is actually designed to steal your password.
Tactic 4: Airdrop Notification
Title: "Congratulations! You received a 1000 USDT airdrop"
Induces you to click "Claim", linking to a fake site that asks you to connect your wallet or enter your private key.
Tactic 5: System Upgrade
Title: "Binance system upgrade, please migrate assets within 24 hours"
Asks you to transfer coins to a "safe address," which is the scammer's wallet.
Characteristics of Genuine Binance Emails
Legitimate Binance emails share these common characteristics:
- Sender is a whitelisted domain.
- Subject is concise and clear, avoiding inflammatory words like "urgent" or "immediate".
- Contains your Anti-Phishing Code (if enabled).
- Links point to binance.com subdomains.
- Never asks for your password, seed phrase, private key, or 2FA code.
- Never asks you to "transfer assets to a specific address".
- Signature includes the official "Binance Team".
- Email footer contains an unsubscribe link.
How to Handle Suspicious Emails
Step 1: Do Not Click
Do not click any links, buttons, or attachments.
Step 2: Verify the Anti-Phishing Code
Recall the code you set and compare it with the code shown in the email.
Step 3: Check Directly on the Official Website
If an email claims "your withdrawal request was denied," open binance.com manually to check your withdrawal history. If it is real, you will see it in your account; if not, it is fake.
Step 4: Report and Delete
Forward the suspicious email to [email protected], then delete it.
Step 5: Check Account Status
Log in to Binance to review recent login devices and asset changes. Close the session once you confirm there are no anomalies.
Beyond Emails: Watch Out for These Channels
Binance never contacts users through the following methods:
- Proactive phone calls from customer service (Binance only uses support tickets and live text chat).
- Unsolicited friend requests on QQ, WeChat, or Telegram.
- SMS messages asking you to click links to log in.
- Discord DMs offering airdrops.
Any proactive contact claiming to be Binance customer service is a scammer.
Frequently Asked Questions
Q: If I receive an email with the correct Anti-Phishing Code, is it guaranteed to be real?
A: Yes. Phishers cannot obtain your Anti-Phishing Code. Emails with the correct Anti-Phishing Code are genuinely sent from Binance servers.
Q: How do I verify authenticity if I haven't set up an Anti-Phishing Code yet?
A: Check the sender and Return-Path domains. As long as they are whitelisted, it is genuine. Simultaneously, enable your Anti-Phishing Code immediately.
Q: Will the Anti-Phishing Code be displayed incompletely by email clients?
A: Generally, no. The code is displayed in the email body, not the subject, so it is unaffected by client truncation. Avoid special characters when setting it up to prevent any display issues.
Q: What should I do if Gmail automatically classifies real Binance emails as spam?
A: Mark them as "Not Spam" in Gmail and add @post.binance.com and @binance.com to your contacts. This will prevent future misclassifications.