diff --git a/src/services/identity/UsersService.ts b/src/services/identity/UsersService.ts
index 0541e3bbb..192ea8c78 100644
--- a/src/services/identity/UsersService.ts
+++ b/src/services/identity/UsersService.ts
@@ -159,7 +159,7 @@ class UsersService {
     // raw query because ORMs suck!
     const records = (await this.sequelize.query(
       `
-        SELECT 1 AS found
+        SELECT email AS found
         FROM whitelist
         WHERE
           (expiry is NULL OR expiry >= NOW())
@@ -170,9 +170,21 @@ class UsersService {
         replacements: { email: normalizedEmail },
         type: QueryTypes.SELECT,
       }
-    )) as { found: 1 }[]
+    )) as { email: string }[]
+
+    if (records.length >= 1) {
+      logger.info({
+        message: "Email valid for OTP by whitelist",
+        meta: {
+          email,
+          whitelistEntry: records[0].email,
+        },
+      })
+
+      return true
+    }
 
-    return records.length >= 1
+    return false
   }
 
   async sendEmailOtp(email: string) {
diff --git a/src/services/identity/__tests__/UsersService.spec.ts b/src/services/identity/__tests__/UsersService.spec.ts
index 29dc8b3f4..bdfd0f3fe 100644
--- a/src/services/identity/__tests__/UsersService.spec.ts
+++ b/src/services/identity/__tests__/UsersService.spec.ts
@@ -125,7 +125,7 @@ describe("User Service", () => {
     it("should return true when the db query returns a record", async () => {
       // Arrange
       const expected = true
-      MockSequelize.query.mockResolvedValueOnce([{ found: 1 }])
+      MockSequelize.query.mockResolvedValueOnce([{ email: ".gov.sg" }])
 
       // Act
       const actual = await UsersService.canSendEmailOtp(mockEmail)