Account Security on WebNotes

How to verify whether an email is genuinely from Zerodha

Sat, 20 Jun 2026 00:00:00 +0000

An email is genuinely from Zerodha only if its sender domain is zerodha.com or one of the ten mailer subdomains Zerodha publishes on its verify-genuine-email support page, and even a genuine email never asks for your password, OTP or PIN. The sender domain, the part of the address after the @ sign, is the one signal a fraudster cannot fake past your email provider’s authentication checks. The logo, the formatting, the tone, the client ID in the body: all of these are copied from real emails and prove nothing.

Zerodha login from a different city alert

Sat, 20 Jun 2026 00:00:00 +0000

The Zerodha login from a different city alert is an email, accompanied by a Kite app notification, that Zerodha sends when you log in to Kite from a city or IP address it has not seen on your account before. Zerodha judges location from the IP address of the login request, not from your physical position, so the alert is a prompt to confirm the login was yours, not a statement that someone has broken in. The decision you have to make on receiving it is binary: do you recognise this login, or not?

Zerodha new device login notification

Sat, 20 Jun 2026 00:00:00 +0000

The Zerodha new device login notification is an alert sent to your registered email and your current device the moment your correct Kite password is entered on a device Zerodha has not seen before, sent before two-factor authentication is completed. It tells you that your login credentials have been entered on a new device, so you can confirm the login was yours or act quickly if it was not. The notification keys on the device, which is what separates it from the login-from-a-different-city alert that keys on IP location.