Recently, we have detected malicious actors impersonating BingX customer support and system notifications. These attackers spoof sender addresses and send phishing emails designed to trick users into clicking malicious links or authorizing sensitive actions such as withdrawals. These emails may look like they come from a "BingX official email address", but they are fraudulent. We strongly recommend that you follow the steps in this article to verify the email source.

I. Verify the email address through official channels

First, visit the BingX Verify to confirm whether the sender's email address belongs to an officially registered domain.

  • If the verification result shows the email address is a [non-official domain], treat it as a scam. Do not click any links or take any action.
  • If verification passes, continue to the second step to further verify the email source.

II. Even if the email address is verified as official, still check the EML file

An EML file is the raw email file. It contains the full email source, including the headers, sending route, digital signatures, and metadata.

Even if the sender address passes official verification, fraud risk is not completely eliminated. Scammers can forge official domains. If the email asks you to do sensitive actions like withdrawals, scanning a QR code, or clicking a link, we strongly recommend checking the EML file's technical fields (e.g.: spf, dkim, and dmarc) to confirm whether the email originated from BingX official servers. The detailed steps are as follows:

  1. Download and open the EML file

  • Download the EML file

On a computer, sign in to your email account (for example, Gmail or Outlook). Find the email, then export or save it as a .eml file. Using Gmail as an example: Open the email, click the "⋮" menu in the top-right, and select "Download message" to save the email as an .eml file.

*Note: This operation is only available on a computer.

Official verification 1.pngOfficial verification 2.png

  • Open the EML file

On your computer, find the downloaded .eml file and right-click it. Select "Open with" and choose a text editor (Notepad, TextEdit, VS Code, etc.). The file opens as plain text and shows the email's full technical information.

  1. Perform technical verification using the EML content

Open the file and use the search function (Ctrl+F or Cmd+F). Search for the following three fields: spf, dkim, and dmarc.

Determine the email's authenticity based on the search results:

⚠️ Scenario 1: Any of the fields shows "fail"

If any of the following appears, the email failed authentication and is likely from an unauthorized source.

  • spf=fail
  • dkim=fail
  • dmarc=fail

Example: In the downloaded EML file's search box, enter "dmarc". If the results show "dmarc=fail" or "dmarc:fail", the email failed authentication.

verity-en-3.PNG

✅ Scenario 2: All three fields show "pass"

If all of the following appear, the email was very likely sent by BingX Official Channels and the source is trustworthy. If you still have questions about the email, contact BingX customer support for confirmation.

  • spf=pass
  • dkim=pass
  • dmarc=pass

verity-en-4.PNG

 

III. Summary and security recommendations

  • If any spf, dkim, or dmarc authentication result shows "fail", be highly alert.
  • Do not click any suspicious links or download attachments.
  • If you cannot determine this yourself, submit the EML file to customer support for authentication.
 

Ⅳ. FAQs

  1. Why can an email domain be spoofed?

The Simple Mail Transfer Protocol (SMTP) does not verify the sender's identity. Attackers can easily forge the "sender email address" and make a message look like it came from BingX Official Channels.

  1. Why can spoofed emails still be delivered successfully?

Whether delivery succeeds depends on the security level of your mailbox:

  • Mailboxes with higher security, such as Gmail and Outlook, automatically check the sender's identity using spf, dkim, and dmarc. If authentication fails, the email is usually blocked, moved to spam, or labeled as a "suspicious email".
  • Mailboxes with lower security (such as QQ Mail or some corporate mailboxes): Even if authentication fails, the email may still be delivered and may not show a clear risk warning. This makes it easier to mislead users.