Spam email is one of those problems that never quite goes away. You unsubscribe from one list, three more appear. You mark something as junk, a near-identical message arrives the next day from a different sender. The filters help, but they're not the answer.
Here's what actually works — and more importantly, what doesn't.
1. Mark it as spam — every time
The most basic step, and still one of the most effective. Every major email provider — Gmail, Outlook, Apple Mail — uses your spam reports to train their filters. The more you report, the better the filter gets, both for you and for everyone on the same provider.
Don't just delete. Mark it as spam. The difference matters: deleting tells your provider nothing. Marking as spam teaches it to block similar messages.
2. Do not click unsubscribe on emails you didn't sign up for
This is counterintuitive but important. Legitimate marketing emails — from retailers you've actually shopped with, newsletters you signed up to — are safe to unsubscribe from. UK law requires them to honour the request within 10 days.
But for emails you never opted into, clicking unsubscribe does something different: it confirms to the sender that your address is real, active, and monitored. That information is valuable. They know it's not a dead address. You may get more spam, not less, or your address may be sold on as a verified live contact.
Rule of thumb: If you recognise the company and you did sign up at some point, unsubscribing is fine. If you have no idea who they are or how they got your address — don't click anything. Mark it as spam and move on.
3. Report spam email in the UK
The UK's National Cyber Security Centre (NCSC) runs a free email reporting service at report@phishing.gov.uk. Forward suspicious phishing emails there and the NCSC will investigate and take action against the source where possible.
For marketing spam that isn't a phishing attempt, you can report it to the Information Commissioner's Office (ICO) if you believe it breaches PECR (the UK's email marketing regulations). The ICO does issue fines to companies sending unlawful marketing, though cases can take time.
4. Check whether your address has been leaked
Many spam campaigns start with breached data. Your address may have been in a breach at a site you signed up to years ago — and you'd never know unless you checked.
Have I Been Pwned is a free tool run by security researcher Troy Hunt. Enter your email address and it tells you which known breaches it appeared in. If your address shows up in multiple breaches, that goes some way to explaining the volume of spam you're receiving.
Knowing this doesn't fix the problem retroactively, but it helps you understand the source — and it makes the case for using a different address going forward.
5. Use your email provider's filtering tools
Most providers have filtering options beyond the basic spam button:
Gmail — Create filters under Settings → Filters and Blocked Addresses. You can automatically archive, delete, or label emails matching specific senders or subject lines. There's also a "Block [sender]" option when you right-click a message.
Outlook — Right-click any email and choose Block → Block Sender. You can also set up rules under Settings → Mail → Rules to handle recurring senders automatically.
Apple Mail — Mark as Junk trains the filter. You can also create rules under Mail → Preferences → Rules to handle specific addresses or domains.
These tools are useful for managing existing spam, but they're reactive — they only help after the spam has arrived.
6. Stop giving out your real address
Every piece of spam in your inbox started somewhere. Your address was entered into a form, handed to a retailer at checkout, shared between "marketing partners," leaked in a breach, or scraped from a public listing.
Once it's in the wild, it's very hard to get it back out. Spam lists get sold, combined, and recycled indefinitely. Even companies that follow the rules share data with partners who may not.
The most effective long-term strategy is simple: stop giving your real email address to anyone you're not confident will protect it.
Where most spam email originates
- Online retail accounts — especially ones you created years ago and forgot about
- Free trials and sign-up forms that auto-opt you into marketing
- Competition entries and prize draws
- Loyalty programmes and membership sign-ups
- Data breaches at sites you've used
- Property searches, insurance comparison sites, mortgage brokers
- Job boards and CV uploads (your email is often visible to employers)
- Forums and public profiles where your address is listed openly
7. Use an email alias for anything you're not sure about
An email alias is a forwarding address — a separate address that receives emails and passes them straight to your real inbox. You give out the alias instead of your real address. If it starts receiving spam, you delete it. The spam stops immediately and permanently.
This is different from a throwaway Gmail account. With a throwaway account you have to remember to check it, and eventually stop bothering. With an alias, everything lands in your existing inbox exactly as before — you're just insulated from the consequences if that address gets leaked or sold.
It also gives you a useful diagnostic tool. If you use a different alias for each service, you'll know exactly who sold your data when spam starts arriving — even if the company denies it.
Privify generates randomly assigned email aliases that forward straight to your existing inbox. No new accounts to check, no workflow changes. Delete any alias instantly when it starts receiving spam. Get started from £2/month →
What about phishing emails specifically?
Phishing emails — ones that impersonate banks, HMRC, Royal Mail, Amazon, or other trusted organisations to steal your login details or financial information — are a different problem from marketing spam, and more dangerous.
The rules are simple:
- Never click links in unexpected emails — go to the official site or app directly
- Never enter your password or card details on a page you reached via an email link
- Check the sender's actual email domain — hover over the address and look at the full domain, not just the display name
- Report phishing to report@phishing.gov.uk and to the organisation being impersonated
Email aliases don't directly protect you from phishing — a phishing attempt will arrive on whatever address the attacker has, alias or not. But they do limit your exposure by keeping your real address out of the hands of companies whose data might be breached and sold to attackers.
The bottom line
Spam email is largely a downstream consequence of how freely you've shared your real address. The filters and reporting tools help manage the problem once it's there, but the only thing that genuinely reduces it over time is changing what you hand out at the top of the funnel.
Mark spam as spam. Don't unsubscribe from emails you never asked for. Check whether your address has been breached. And for anything going forward — sign-ups, trials, retailer accounts, anything you're not certain about — use an alias instead of your real address.
Stop spam before it starts
Use a disposable alias for every sign-up. Delete it the moment spam arrives. Your real inbox stays clean.
Get started — from £2/month →