Reporting fraudulent emails and domains involves a multi-faceted approach. Direct reporting to Spamhaus requires evidence, while reporting to the FTC, APWG (via ReportPhish), and IC3 are also recommended. Utilizing reporting mechanisms within email providers like Gmail and Microsoft helps train spam filters. Contacting domain registrars and hosting providers facilitates the takedown of malicious sites. Additionally, Google Safe Browsing and the NCSC (in the UK) offer avenues for reporting phishing sites. Sharing with mailop and leveraging reputation blocklists (RBLs) are valuable strategies. Remember that direct reporting of spammers is often difficult, making reporting to Spamhaus and SURBL more effective for blocking. Internal reporting within your organization is also crucial.
8 marketer opinions
Several avenues exist for reporting fraudulent emails and domains. Sharing information with mailop, reporting to the FTC, and utilizing reporting mechanisms within email providers like Gmail and Microsoft help train spam filters and facilitate investigations. Contacting domain registrars and hosting providers can lead to the takedown of malicious sites. Additionally, reporting to Google Safe Browsing, the NCSC (UK), the Internet Crime Complaint Center (IC3), the APWG, and security vendors broadens the scope of the report and helps to make the internet a safer place.
Marketer view
Email marketer from SiteLock suggests reporting the fraudulent domain to its registrar and hosting provider, as they are responsible for taking down malicious sites.
1 Jan 2022 - SiteLock
Marketer view
Email marketer from Reddit shares that reporting phishing emails to the FTC (Federal Trade Commission) can help them track and prosecute scammers.
25 Jul 2022 - Reddit
3 expert opinions
Experts provide insights into reporting fraudulent emails and domains. One offers to assist with forwarding examples to Spamhaus, highlighting the need for evidence. Another suggests that direct reporting of spammers is often ineffective but recommends Spamhaus and SURBL for blocking. A third expert emphasizes the importance and effectiveness of reputation blocklists (RBLs) for identifying potential issues.
Expert view
Expert from Word to the Wise explains that reputation blocklists (RBLs) are effective and important. Being listed is a sign of a potential problem, but most importantly they use a variety of metrics to make their decisions to list IPs and Domains.
13 Jul 2023 - Word to the Wise
Expert view
Expert from Email Geeks offers to forward examples of fraudulent emails to Spamhaus, emphasizing that Spamhaus typically requires their own evidence before listing domains/IPs. She later suggests contacting the anti-phishing working group, then notes that some of the domains provided are already blocked, indicating the issue is being handled.
31 Aug 2023 - Email Geeks
5 technical articles
Various organizations provide specific channels for reporting fraudulent emails. Spamhaus accepts reports via email with full headers. M3AAWG recommends reporting phishing to the APWG and the FTC for fraud-related cases. Gmail users can report directly within the platform. The APWG's ReportPhish aggregates data to combat phishing. The FTC also accepts reports of scams and phishing on their website.
Technical article
Documentation from Spamhaus.org explains that you can report spam they missed by forwarding the email as an attachment to report.spam@spamhaus.org. They require the full email with headers to investigate.
10 Jun 2022 - Spamhaus.org
Technical article
Documentation from support.google.com explains that for Gmail users, report phishing emails directly through Gmail by clicking the 'Report phishing' option within the email.
13 Nov 2023 - support.google.com
Can a competitor damage my domain reputation by sending spam with links to my site?
How do I get help with a Spamhaus CSS delist?
How can I get delisted from Spamhaus?
Besides Spamhaus, what blocklists are important for email marketers to monitor?
How do I check Spamhaus for my IP address and understand the listings?
How can I report cold outreach spam to Google and what actions do they take?
How can I get help with a Spamhaus listing delisting?
How are delist requests processed and spam detected, and why might legitimate inquiries be overlooked?
© 2025 Suped Pty Ltd