How to Report Spam Email: Providers, Authorities, and What It Changes

There are two ways to report spam email, and they do different things. Reporting inside your mail app (Gmail, Outlook, Yahoo) trains your provider's filter and routes future mail from that sender to the spam folder. Reporting to an authority (the FTC in the US, the NCSC in the UK) feeds enforcement and takedown work, but it will not clean your inbox.

Most people only need the first route, most of the time. The second route matters when the email is a scam or a phishing attempt, because authorities aggregate those reports to spot patterns, shut down malicious sites, and build cases.

This guide covers the exact steps for each provider, the official reporting channels that actually work in 2026 (several addresses you will find in older articles are dead), and an honest look at what your report does once you send it.

How to report spam inside your email provider

This is the fastest action with the most direct payoff for you. Every major provider has a one-click report option, and every report teaches the filter something.

Report spam in Gmail

Google's official steps for the web version:

1. Open Gmail on your computer.
2. Select one or more emails.
3. At the top, click Report spam (the stop-sign icon).

The message moves to the Spam folder. Google states that "as you report more spam, Gmail identifies similar emails as spam more efficiently." One thing worth knowing: when you report spam, Google receives a copy of the email and may analyze it to protect users from abuse.

Google also makes a distinction that matters. If you actually signed up for the sender's emails at some point, the right action is unsubscribe, not report. Reporting legitimate newsletters as spam pollutes the signal and can hurt senders who did nothing wrong.

Report spam in Outlook

In new Outlook and Outlook on the web, per Microsoft's documentation:

1. In the message list, select the message or messages you want to report.
2. Above the reading pane, select Report, then choose Report junk or Report phishing.

Use Report junk for ordinary spam and unwanted marketing. Use Report phishing for messages that try to steal credentials or impersonate a brand. In the mobile app, tap the three-dot menu at the top right of an open email, select Report Junk, then choose Junk, Phishing, or Block Sender.

One catch Microsoft is explicit about: when you mark a message as phishing, the sender is reported but not blocked from emailing you again. If you want them gone, add them to your blocked senders list as a separate step.

Report spam in Yahoo Mail

Yahoo's help page keeps it short:

1. Go to Yahoo Mail.
2. Select the email.
3. Click Mark as spam.

Yahoo then routes future emails from the same sender to your spam folder automatically, and uses your report to improve its detection for everyone.

How to report spam email to authorities

Provider reports improve filtering. Authority reports feed enforcement. Here are the official channels, each one verified against the relevant government page. Anything not listed here either never existed or is no longer documented.

United States: the FTC

• Report spam and scams at ReportFraud.ftc.gov, the FTC's official reporting site.
• Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. The FTC recommends this address for phishing specifically.
• Forward phishing text messages to 7726 (which spells SPAM on a keypad).

A note on spam@uce.gov: older guides still tell you to forward spam there. That address no longer appears in the FTC's current guidance on unwanted email, which now points to your provider's spam button and ReportFraud.ftc.gov instead. Skip it.

United Kingdom: the NCSC

Forward suspicious emails to report@phishing.gov.uk. This is the National Cyber Security Centre's Suspicious Email Reporting Service, documented on the NCSC's reporting page. The NCSC analyzes what you send, works with hosting companies to remove links to malicious websites, and states that while it cannot tell you the outcome of a review, it acts on every message received.

European Union: national CERTs

There is no single EU-wide spam reporting address. Most member states run their own reporting schemes through national cybersecurity agencies or CERTs (computer emergency response teams), and several have dedicated phishing-report channels modeled on the UK approach. Search for your country's national cybersecurity agency plus "report phishing" to find the official channel, and be wary of third-party sites posing as official ones.

What reporting spam actually does

Worth being honest here, because most articles oversell it.

Reporting inside your provider does two concrete things. It moves that sender's future mail to your spam folder, and it feeds a machine learning system. Gmail says directly that more reports make it identify similar emails more efficiently. Your single report is a small training signal, but it is a real one, and across millions of users those signals are how modern filters got as good as they are.

Reporting to authorities works differently. The FTC and NCSC do not act on your individual report the way a help desk would. Nobody emails you back, and no investigator is assigned to your forwarded pharmacy spam. What happens instead is aggregation. Patterns across thousands of reports help agencies identify large operations, prioritize takedowns, and build enforcement cases. The NCSC is upfront about this: it acts on every message but cannot inform you of outcomes.

So set expectations accordingly:

• Provider reports: immediate personal benefit (sender filtered), small collective benefit (filter training).
• Authority reports: no personal benefit, real collective benefit, and volume is what makes it work.
• Enforcement against any single spammer is rare. Your report is a data point, not a case file.

The one situation where authority reporting clearly earns the extra minute is phishing. A phishing site reported to the NCSC or the APWG can get taken down, which protects the less savvy people who would have clicked after you.

Reporting is not a cleanup strategy

Here is the trap: reporting feels productive, so people stand in their inbox reporting message after message and wonder why the volume never drops. It never drops because reporting is reactive. It handles the message in front of you, one sender at a time, after it already arrived.

If your actual goal is fewer emails, you need different moves for different senders:

• Legitimate newsletters and brands you once bought from: unsubscribe, don't report. They honor opt-outs because the law requires it. Our guide to getting rid of spam emails in 5 steps walks through the order of operations.
• Real spammers: report and block, never unsubscribe. Clicking unsubscribe in a true spam email confirms your address is active. The same logic applies to anything already sitting in your junk folder, which is why you should never unsubscribe from emails in your junk folder.
• The gray zone in between: a spam blocker that works across your whole inbox. Leave Me Alone's AI Spam Blocker stops spam in real time, and it is private by design: your email content is never sent to outside AI companies. We wrote about how AI spam filtering differs from the rule-based filters built into your mail app.

Report the bad stuff, by all means. Just pair it with unsubscribing from the legitimate noise and blocking at the inbox level, or you will be reporting the same flavor of junk this time next year.

Frequently asked questions

Does reporting spam emails do anything?

Yes, two things. Inside your mail app, it filters that sender for you and trains the provider's spam detection (Google confirms reports make Gmail catch similar emails more efficiently). Reported to authorities, it feeds pattern detection and takedown work. What it does not do is trigger action against the specific spammer who emailed you, except in rare, high-volume cases.

Where do I forward spam emails?

For phishing emails in the US, forward to reportphishing@apwg.org, the address the FTC recommends. In the UK, forward to report@phishing.gov.uk (NCSC). For general non-phishing spam, there is no current US forwarding address: the FTC's old spam@uce.gov inbox is no longer listed in its guidance, so use your provider's report button and ReportFraud.ftc.gov instead.

Should I report or just delete spam?

Report, then delete. It takes one extra click, the sender gets filtered going forward, and the filter gets smarter. Deleting alone teaches the system nothing, and the same sender lands in your inbox again tomorrow. The exception is mail you actually subscribed to at some point: unsubscribe from that instead, ideally without opening it.

Can I report spam texts the same way?

Mostly, yes. Forward spam texts to 7726 (SPAM), which works on major US carriers, and report them at ReportFraud.ftc.gov. Both channels are documented in the FTC's guide to spam text messages. On the phone itself, use your messaging app's report-junk option to filter the sender.

Reporting handles the spam that already reached you. If you would rather it never landed at all, Leave Me Alone's spam blocker screens it out in real time, with your email content never shared with outside AI companies. Less reporting, because there is less to report.