Having a clear list of all phishing domains and all valid domains would be a good idea.
In the first post of this thread, there's the list of our official domains (excluding exch.net which is not in service yet). Any other active domains you might find will be phishing links.
[Onion]MAIN DOMAIN: exch
.cxRESERVE DOMAINS: exch
.pw exch
.is On eXch main page there are two valid links posted for .cx and.pw domain, but I would always suggest .onion link first.
You can find the onion address by clicking on Questions & Answers:
https://exch.cx/faq#onion_address