Official Binance emails only come from two sender domains: @binance.com and @post.binance.com. The anti-phishing code you set is displayed at the top of the email—a "Binance email" without an anti-phishing code is 100% phishing. 5 methods to identify phishing emails: sender domain, anti-phishing code, link URL, sense of urgency in content, and attachment type. Register an account from the Binance Official Site, get the APK via the Binance Official App, and see the cross-platform process in the Download Center.
Characteristics of Official Binance Emails
Sender Domain
There are only two legitimate domains:
[email protected]- System notifications[email protected]- Customer support replies@post.binance.com- Marketing / Announcements
Any other domains (such as [email protected], @binance.support) are fake.
Anti-Phishing Code
If you have set up an anti-phishing code:
- The string you set (e.g.,
Coffee2024) is displayed at the top of the email - Automatically added by the system, phishing emails cannot forge it
- Not displayed = 100% phishing
Email Structure
The standard structure of official Binance emails:
[Anti-Phishing Code: Coffee2024]
Dear User,
[Body text]
If you have any questions, please contact us via "Customer Support" in the app.
Binance Team
Links
Links in Binance emails:
- Domain: binance.com or accounts.binance.com
- HTTPS (not HTTP)
- With anti-phishing parameters
Links in phishing emails usually:
- Use spoofed domains (like binance-secure.com)
- Use short links (like bit.ly to mask the real URL)
- Use HTTP instead of HTTPS
5 Common Types of Official Emails
Type 1: Registration Confirmation
Subject: Welcome to Binance
Content: Thank you for registering with Binance. Please verify your email to activate your account.
[Activate Button]
Type 2: Login Notification
Subject: New Device Login Notification
Content: We detected a login to your account on [Device] from [Location]. If this wasn't you, please immediately...
Type 3: Withdrawal Confirmation
Subject: Withdrawal Request Confirmation
Content: You have initiated a withdrawal. Please confirm or cancel it within this email.
[Confirm Button][Cancel Button]
Type 4: Security Setting Changes
Subject: Account Security Settings Changed
Content: Your [Password / 2FA / Email] was modified at [Time].
Type 5: KYC Review Results
Subject: Identity Verification Review Complete
Content: Congratulations, your KYC Level 2 verification has passed.
5 Methods to Identify Phishing Emails
Method 1: Check the Full Sender Domain
Don't just look at the display name (phishing emails can spoof the display name):
- Expand the "Sender" details in your email client
- Look at the real email address
- Must be
@binance.comor@post.binance.com
Phishing example:
- Displayed: Binance Support
- Real: [email protected] (Wrong domain)
Method 2: Check the Anti-Phishing Code
If you have enabled the anti-phishing code:
- The string you set should be at the top of the email
- Not there = 100% phishing
- This is the most reliable identification method
Method 3: Hover Over Links to See the URL
- Hover your mouse over the link (do not click)
- The browser/email client will display the real URL
- The domain must be binance.com
Phishing example:
- Link display text:
https://binance.com/login - Real URL:
https://binance-fake.com/login(Not the same)
Method 4: Be Wary of Urgency
Phishing emails frequently use a sense of urgency:
- "Your account will be frozen within 24 hours"
- "Click to verify immediately or lose your assets"
- "Abnormal activity, you must handle this right away"
Official Binance emails typically do not use threatening language—they are just notifications, letting you act as needed.
Method 5: Attachment Types
Official Binance emails almost never send attachments:
- They do not send .exe files (absolutely never!)
- They do not send .zip / .rar files
- Occasionally send PDF notices (related to compliance)
Any "Binance email" with a .exe / .zip attachment is 100% malicious.
Common Phishing Email Tricks
Trick 1: Account Freeze Threat
"There is an anomaly with your account. It will be frozen if not verified within 24 hours."
[Click to Verify]
After clicking:
- Redirects to a phishing page
- Asks you to input your account password + 2FA
- Attackers get your information and immediately transfer away your assets
Trick 2: Deposit Confirmation
"You have a pending deposit of 5 BTC to confirm."
[Confirm Deposit]
Lures you into clicking a link, jumping to a phishing page demanding login.
Trick 3: Reward Notification
"Congratulations on receiving an airdrop. Please log in to claim it."
[Claim Reward]
A phishing page tricking you into logging in.
Trick 4: Password Reset
"Your password has been reset."
[View Details]
Lures you into clicking a link to "recover password," actually taking you to a phishing page.
Trick 5: Customer Support Reply
"Re: Your Ticket ID 12345"
[View Reply]
Disguised as a customer support reply to lure you into clicking.
What to Do Upon Receiving a Suspicious Email
Step 1: Do Not Click Any Links
Even if they look real.
Step 2: Check Sender + Anti-Phishing Code
- Is the sender domain @binance.com / @post.binance.com?
- Is there an anti-phishing code at the top?
Step 3: Log into the App to Verify
- Not through the email link
- Directly open the app / binance.com (typing in the address bar or via bookmark)
- See if there is a corresponding notification in the app
Step 4: Report Phishing
- Forward to [email protected]
- Help Binance block phishing sources
- You might receive an anti-phishing reward
Step 5: Delete the Email
Delete it after confirming it's phishing. Don't leave it in your inbox.
What to Do If You Already Clicked a Phishing Link
Step 1: Immediately Check Your Account
- Log into the app (not via the email link)
- See if your assets are intact
- See if any security settings have changed
Step 2: Change Security Credentials
- Change your password
- Reset your 2FA
- Change your anti-phishing code
Step 3: Check Your Email Account
- Your email itself might have also been phished
- Change your email password
- Enable 2FA on your email
Step 4: Contact Customer Support
- Report the phishing incident
- Request an account risk assessment
- Support might require additional verification
Step 5: Monitor for Anomalies
- Keep a close eye on your account for the next 7-30 days
- Handle any anomalies immediately
Setting Up the Anti-Phishing Code
How to Enable
- App "Account → Security → Anti-Phishing Code"
- Set a 4-20 character string
- Takes effect after verification
Setting Principles
- Only you and Binance's servers know the string
- Don't make it too simple (e.g., "1234")
- Do not include personal information (birthdays / names)
- Recommended examples:
Coffee2024X,Sunset_QX
All Subsequent Emails
- Will display this string at the top
- Phishing emails cannot forge it (the attackers don't know it)
- 1 minute to set up = blocks 99% of phishing emails
Security of the Email Account Itself
The email account bound to your Binance account must also be protected:
1. Independent Email Password
- Different from your Binance password
- Different from passwords on other platforms
- A strong password
2. Email 2FA
- Both Gmail and Outlook support 2FA
- Enable Google Authenticator or a hardware key
3. No Email Forwarding
- Check email settings → Forwarding rules
- Delete all suspicious forwarding rules
- Attackers might steal your Binance emails via forwarding
4. Be Wary of "Password Recovery" Emails
- Genuine "Forgot Password" emails come from binance.com
- Phishing "Password Recovery" emails pretend to be from Binance
Identification in Different Email Clients
Gmail
- The real sender is displayed at the top of the email
- A warning banner will flag suspicious emails
- Hovering over a link displays the real URL
Outlook
- "External emails" are marked
- Strong phishing detection
- Also supports hovering to see links
Apple Mail
- Displays the sender, but requires expanding to see the full address
- Hovering over links on macOS displays the URL
Mobile Email Apps
- Most support long-pressing a link to view the URL
- Don't easily tap links on small screens
Frequently Asked Questions
Q: Will Binance send SMS notifications? A: Yes, but limited to: login verification codes and withdrawal verification codes. Regular notifications use emails + app push notifications.
Q: Can I stop Binance from sending emails? A: You can turn off some notifications ("Account → Notification Preferences"). But security-related emails cannot be disabled.
Q: How can I tell if a customer support reply email is real or fake? A: The sender is [email protected], and the reply should include the ticket ID.
Q: Is the "Cancel Withdrawal" button in the email safe? A: If both the sender + anti-phishing code are correct, it is safe. Clicking it will redirect to the binance.com cancellation page.
Q: Can a phishing email tell me my password? A: No. Phishing aims to trick you into providing it, not leaking it. If "an email tells you your password," it's a trick to make you click a link.
Q: If I haven't set an anti-phishing code, can I no longer identify any emails? A: You can still identify them via sender + link URLs, etc. But the anti-phishing code is the simplest and most reliable method; it is strongly recommended to set it up.
Conclusion
Official Binance emails only come from the sender domains @binance.com and @post.binance.com—anything else is phishing. The anti-phishing code is the most reliable identification method—the string you set is displayed at the top of the email, and phishing emails cannot forge it. 5 identification methods: check the full sender domain + anti-phishing code + link URLs + watch out for a sense of urgency + attachment types. Absolutely never log in via an email link—open the app directly / type binance.com into your address bar. If you've already clicked a phishing link, immediately change your password + reset 2FA + contact customer support.