How do I check if an email is officially from OKX via EML file?

Julkaistu 24.11.2025Päivitetty 24.11.2025Lukuaika: 5 minuuttia

How do I check if an email is officially from OKX via EML file?

With the increase in phishing attempts where scammers impersonate official OKX email addresses, you may receive emails that appear legitimate but are actually forged.If you are unsure about an email's authenticity, you can verify it through OKX's official channels and by checking its EML file using the steps below:

1. Verify the sender's email address

Verify the sender's email address on www.okx.com.

  • If the verification result shows that the address is not an official domain, the email can be considered fraudulent.

  • If the address is valid but the email content appears suspicious (e.g., contains instructions to withdraw funds, scan QR codes, or click links), proceed to Step 2.

2. Verify the email's authenticity using the EML file

If the verification result shows the address is official, but the content appears suspicious:

  • Proceed to use the EML file to verify the authenticity of the email.

  • By reviewing the technical authentication fields in the EML file (such as SPF, DKIM, and DMARC), you can determine whether the email was truly sent from OKXs official servers.

How do I download and verify through the EML file?

Step 1: Download and open the EML file

  • Download the EML file on your desktop.

  • Log in to your email account.

  • Export or download the message as an .eml file.

Step 2: Open the EML file with any text editor on your desktop

  • Right-click the file > select "Open with" > select any of your text editors (e.g., Notepad, TextEdit, etc).

Step 3: Check authentication fields inside the EML file

  • Search for the authentication results:

    • spf=fail

    • dkim=fail

    • dmarc=fail

  • If any of these fields show fail, the email didn't pass validation and is likely not sent by OKX.

    • dmarc=fail means the email is unauthorized and shouldn't be trusted.

      Failed the authentication checks

  • spf=pass;dkim=pass means the email passed the authentication checks.

    Passed the authentication checks

How do I interpret each field?

1. "From" (the sender)

This is the sender address shown in your inbox, which can be easily forged.

Example:

From: noreply@okx.com

2. Return-Path / smtp.mailfrom (server-observed sender)

  • Return-path is the address used by the email server to send the message. It is more reliable than what you see from "From" but may also be spoofed.

    Return-path is the address used by the email server

  • If this domain differs from the "From" address, it is a major warning sign.

3. Authentication Results

This section shows whether SPF, DKIM, and DMARC validations passed. If any of these validations fail, the email is not from an authorized source.

4. Summary

  • If SPF, DKIM, or DMARC show fails, the email is likely forged.

  • If "From" and "Return-Path" don't match, the sender may be spoofed.

  • Don't click suspicious links or attachments.

  • If you are unsure, submit the EML file to OKX Customer Support for verification.

Why can scammers make an email look real to you?

Scammers can modify parts of an email's header to make the message appear as if it was sent from a legitimate domain, including an official address. This is possible because the email delivery protocol (SMTP) doesn't verify the true identity of the sender. As long as a sender can technically connect to an email server, they can set the "From" address to look like it came from another domain, even when it didn't.

What happens when a fake email is sent to you?

Whether a faked email is delivered, rejected, or sent to the spam folder depends on the security settings of the recipient's email provider.

If the email provider has strict security policies (e.g., Gmail, Outlook)

  • The system will check SPF, DKIM, and DMARC records.

  • If the sender isn't authorized, the email may be rejected, marked as spam, or labeled as a "suspicious sender" in the user interface.

If the email provider has more lenient rules (e.g., QQ Mail, some corporate mailboxes)

  • The email may still be delivered even if SPF/DKIM fails, and the warning indicators may be less visible.

  • This can make it easier for some users to mistake a faked email for an official message.

Vastuuvapauslauseke
Tämä sisältö on tarkoitettu vain tiedotustarkoituksiin ja se voi sisältää tuotteita, jotka eivät ole käytettävissä alueellasi. Sen tarkoituksena ei ole tarjota (i) sijoitusneuvontaa tai sijoitussuositusta, (ii) tarjousta tai kehotusta ostaa, myydä tai pitää hallussa krypto-/digitaalisia varoja tai (iii) taloudellista, kirjanpidollista, oikeudellista tai veroperusteista neuvontaa. Krypto-/digitaalisiin varoihin, kuten vakaakolikkoihin ja NFT:ihin, liittyy suuri riski, ja niiden arvo voi vaihdella suuresti. Sinun on harkittava huolellisesti, sopiiko krypto-/digitaalisten varojen treidaus tai hallussapito sinulle taloudellisen tilanteesi valossa. Ota yhteyttä laki-/vero-/sijoitusalan ammattilaiseen, jos sinulla on kysyttävää omaan tilanteeseesi liittyen. Tässä viestissä olevat tiedot (mukaan lukien markkinatiedot ja mahdolliset tilastotiedot) on tarkoitettu vain yleisiin tiedotustarkoituksiin. Vaikka nämä tiedot ja kaaviot on laadittu kaikella kohtuullisella huolella, mitään vastuuta ei hyväksytä tässä ilmaistuista faktavirheistä tai puutteista. Sekä OKX Web3 Walletiin että OKX NFT -markkinapaikkaan sovelletaan erillisiä palveluehtoja osoitteessa www.okx.com.

© 2025 OKX. Tätä artikkelia saa jäljentää tai levittää kokonaisuudessaan, tai enintään 100 sanan pituisia otteita tästä artikkelista saa käyttää, jos tällainen käyttö ei ole kaupallista. Koko artikkelin kopioinnissa tai jakelussa on myös mainittava näkyvästi: "Tämä artikkeli on © 2025 OKX ja sitä käytetään luvalla." Sallituissa otteissa on mainittava artikkelin nimi ja mainittava esimerkiksi "Artikkelin nimi, [tekijän nimi tarvittaessa], © 2025 OKX." Tämän artikkelin johdannaiset teokset tai muut käyttötarkoitukset eivät ole sallittuja.