Bottom line upfront: Official Binance emails have 3 unfakeable characteristics—an Anti-Phishing Code, an official domain suffix (like @binance.com), and passed SPF/DKIM in the email header. Any "Binance email" missing even one of these is a phishing scam. When you need to log in to handle account matters, always go through the official Binance website; mobile users should use the official Binance APP, and Apple users can check the iOS installation guide.
Phishing emails are one of the biggest daily threats faced by Binance users. This article explains exactly how to distinguish real emails from fake ones.
3 Unfakeable Characteristics of Official Binance Emails
Characteristic 1: Anti-Phishing Code (Most Critical)
If you have set up a string of characters (e.g., "BiAnFox2026") in your Binance account under "Security → Anti-Phishing Code," all official Binance emails will automatically include this string. It is usually located at the top or bottom of the email.
Phishing emails cannot fake this—the attacker has no idea what code you set.
If you haven't set an Anti-Phishing Code yet, go set it up immediately today. It's free, takes 1 minute, and is the single most effective anti-phishing tool.
Characteristic 2: Official Email Suffixes
Binance only uses these official email suffixes:
- @binance.com
- @mail.binance.com
- @post.binance.com
- @ses.binance.com
Any other suffix is fake:
| Fake Suffix (Typical) | Disguise Tactic |
|---|---|
| @binances.com | Extra 's' |
| @binance-vip.com | Added descriptive words |
| @binance.io | Different top-level domain |
| @binance-support.org | Added 'support' |
| @binance.cm | Missing a letter |
| @b1nance.com | '1' replaces 'i' |
Note that the "sender name" can be faked—anyone can set their name to "Binance Official." Only look at the domain after the @ symbol to verify the true sender.
Characteristic 3: Passed SPF/DKIM in the Email Header
This is technical, but serves as solid proof. Every email has a "header" that shows:
- SPF: Checks if the sending IP is authorized to send emails on behalf of the domain.
- DKIM: Signs the email content with the domain's private key.
- DMARC: The overall validation result.
Official Binance emails will pass both SPF and DKIM. Phishing emails cannot use the real domain's private key, so their DKIM will always fail.
How to view email headers:
- Gmail: Three dots (top right) → Show original
- Outlook: Message Options → Headers
- Apple Mail: View → Message → All Headers
Seeing dkim=pass + spf=pass + dmarc=pass means it's a real email.
Common Phishing Email Scams
Scam 1: "Abnormal Account Activity"
"Abnormal activity detected on your account. Please click the link below to verify immediately."
- Bait: Panic.
- Action: Click link → Fake login page → Password stolen.
Scam 2: "Reward/Airdrop"
"You have received a 0.5 BTC reward from our latest event. Click to claim."
- Bait: Greed.
- Action: Click "Claim" → Fake link / Fake wallet authorization.
Scam 3: "Urgent Delisting"
"Binance is delisting XXX coin. Withdraw immediately."
- Bait: Urgency.
- Action: Leads to a fake withdrawal page to intercept 2FA codes.
Scam 4: "KYC Upgrade"
"Binance is upgrading its verification system. Please re-upload your ID."
- Bait: Compliance worries.
- Action: Uploading your ID to a fake platform, leading to identity theft.
Scam 5: "Customer Service Contact"
"Your issue requires a dedicated agent. Please add VIP Customer Service on WeChat/WhatsApp."
- Bait: Illusion of premium service.
- Action: Contacting the fake agent and being socially engineered into revealing passwords or sending funds.
Safely Checking Email Links
When you receive an email that looks real, never click the links directly. Even if you think it's authentic, access the site safely:
Method 1: Type binance.com Manually
Open your browser and type the URL yourself, or use a trusted bookmark. If the email asks you to do something, do it manually by logging in directly.
Method 2: Inspect the Real URL
Hover your mouse over the link (do NOT click). Your browser will display the true destination address at the bottom corner.
Typical phishing links:
https://binance-help.com/login(Not the real domain)https://binance.com.fakedomain.io/(Actually going to fakedomain.io)https://bіt.ly/3xxxxx(URL shortener hiding the real address)https://verify.binance.security/(Looks official but isn't)
Real links will only be subpaths of the binance.com domain.
Method 3: Copy to Notepad
Copy the link text and paste it into Notepad to view it safely, avoiding accidental clicks from hovering.
Method 4: Use Third-Party Checkers
- VirusTotal: Paste the link to see if security engines flag it.
- urlvoid.com: Check the domain's reputation.
- sitecheck.sucuri.net: Scan the site for malicious content.
Handling Email Attachments
Official Binance emails almost never contain attachments. All necessary information is in the email body.
- Received a "Binance email" with a
.exe,.zip, or.docx? It's 100% malware. - Received a
.pdf? 99% chance it's a phishing trap.
Never open attachments from a "Binance email."
What to Do If You've Been Phished
If you didn't enter any information:
- Close the email.
- Do not click anything.
- Report it as spam/phishing (e.g., in Gmail, select "Report phishing").
If you entered your password:
- Immediately go to the real Binance site and change your password.
- Check if your email password is also compromised (crucial!).
- Enable 2FA (if you haven't already).
- Enable account freeze.
If you fully logged in (with 2FA):
- Change your Binance and email passwords immediately.
- Reset your 2FA.
- Enable the 7-day account freeze.
- Check recent trades and withdrawals.
- Delete all API keys.
- Contact Binance Support.
If you have already lost funds:
- Follow the official Binance account compromise emergency procedures and contact support immediately.
How to Report Phishing Emails
If you want to help Binance block these scammers:
- Forward the entire email (including headers) to
report@binance.com. - State where and when you received it.
- Do not alter the original content.
Binance feeds this data into their risk control systems to protect other users.
FAQ
Q: Does Binance send marketing emails? A: Yes, occasionally for events or new features. These emails will also have your Anti-Phishing Code. The difference is they lack the "urgent action required" tone.
Q: How can I receive fewer phishing emails? A:
- Use a dedicated email address just for Binance.
- Never post your email address on public forums.
- Unsubscribe from marketing emails.
- Report every phishing email you get to your email provider.
Q: Did Binance leak my email address? A: Binance does not actively leak emails. However, if your email was compromised in a data breach on another website, attackers might add it to a list and mass-send Binance phishing emails hoping you have an account.
Q: Is Gmail safer than other providers? A: Gmail has superior anti-spam capabilities. It will filter out the vast majority of phishing attempts into your spam folder. Using Gmail for Binance significantly reduces phishing harassment.
Q: How do I protect against phone phishing? A: Binance does not have phone support. Anyone calling claiming to be Binance is a scammer. Hang up immediately.
Q: How do I protect against SMS phishing? A: Official Binance SMS messages only contain verification codes, never links. Any "Binance SMS" with a link is fake.
Q: Can I completely eliminate phishing? A: No, but doing these 3 things stops 99% of them:
- Set an Anti-Phishing Code.
- Bookmark the official website.
- Use the official Mobile APP instead of a browser when possible.
Summary
Official Binance emails have 3 unfakeable traits: the Anti-Phishing Code, an official @binance.com suffix, and passed DKIM/SPF/DMARC checks. The Anti-Phishing Code is your most important tool—set it up now. Always look for this code before reacting to any "Binance email." Never click links in emails; use your bookmark or the APP instead. Emails with attachments are 100% scams. Combining the Anti-Phishing Code, bookmarks, and the APP will shield you from 99% of phishing attacks.