Spot it first: what does spam actually look like?
Before you filter anything, you need to recognize the signals. Modern spam is rarely obvious — no more "Nigerian prince" messages. Today's spam imitates real brands and plays on urgency. Watch for:
- Unexpected sender — a bank, courier, or tax office you weren't expecting a message from
- Urgency or threat — "Your account will be suspended in 24 hours"
- Generic greeting — "Dear customer" instead of your name
- Suspicious sender address — display name says "PayPal" but address is
random@xyz.ru - Mismatched link target — hover over links: if the text says "paypal.com" but the URL is different, it's phishing
- Attachments you didn't request — especially .zip, .exe, .scr, .html
- Request for sensitive data — real banks never ask for passwords by email
- Typos or broken formatting — big companies proofread their emails
If more than two signals apply, treat it as spam. Don't click, don't open attachments, don't reply — just mark it.
Gmail
Mark as spam
Select the message, click the stop sign icon (!) at the top, or press Shift+1. Gmail learns from each classification and gets better over time.
Create filter rules
Gmail's filters are powerful. Setup:
- Open a message from the sender you want to handle
- Click the three-dot menu → Filter messages like this
- Add criteria (from, subject, contains words)
- Click Create filter
- Choose action: skip inbox, delete, mark as read, mark as spam, forward, etc.
Alternative path: Settings (gear) → See all settings → Filters and Blocked Addresses.
Block a sender
In the message, click the three-dot menu → Block "sender name". Future messages go straight to spam.
Report phishing
Three-dot menu → Report phishing. Gmail forwards it to Google's abuse team and usually shares with affected brands. More effective than plain "spam" for phishing.
Outlook / Hotmail / Microsoft 365
Mark as junk
Select message → Junk button in toolbar, or right-click → Junk → Block Sender. On outlook.com web: click Junk in the action bar.
Filter sensitivity levels
Outlook lets you choose how aggressive filtering is:
- outlook.com web: Settings (gear) → Mail → Junk email
- Choose between "Standard" and "Exclusive" (only allowlisted senders go to Inbox)
- Add allowed/blocked senders below
Rules (custom filters)
Settings → Mail → Rules → Add new rule. Condition-based filtering with actions like move/delete/flag. Good for newsletter taming.
Report phishing
In the message: ... menu → Report → Phishing. Microsoft adds it to their threat intelligence database. Outlook's anti-phishing is genuinely strong — this helps the whole network.
Yahoo Mail
Mark as spam
Check the message → click Spam in the toolbar. On mobile: tap the message → ... → Report spam.
Create filters
Settings (gear, top-right) → More Settings → Filters → Add new filters. Yahoo's filter UI is simpler than Gmail's but supports the basics: from/to/subject/body contains, move to folder.
Block senders
Settings → More Settings → Security and Privacy → Blocked addresses. Add up to 1,000 addresses. Blocked mail is deleted, not folder-moved.
Report phishing
In the message: More → Report a phishing scam. Yahoo has been compromised in the past — they take phishing seriously now.
iCloud Mail
Mark as junk
On Mac Mail: message → Message → Move to Junk (⌘ Shift J). On iCloud.com: select → flag icon → Move to Junk. iPhone/iPad Mail app: slide left → More → Move to Junk.
Create rules (iCloud.com only)
iCloud.com → Mail → gear icon → Rules → Add a Rule. Limited but functional. The desktop Apple Mail app has more powerful rules that run locally.
Block senders
Open the message → tap the sender name → Block this Contact. Blocked senders' mail goes to Trash automatically (can be changed in Settings → Mail → Blocked Sender Options).
Report phishing
Forward the full message (with headers) to reportphishing@apple.com. Apple's filters are decent but their reporting flow is manual compared to Gmail/Outlook.
German providers in brief: GMX, WEB.DE, T-Online
Millions of Germans use these providers — especially for "main" personal addresses. If you receive business email from Germany, you'll see these domains. The interfaces are in German by default but the logic mirrors the international providers:
- GMX: sister company of WEB.DE (both United Internet). 3-level spam filter (low/medium/high). Spam folder, allowlist (Erlaubte Absender) and blocklist (Gesperrte Absender). Phishing reports:
phishing@gmx.de. - WEB.DE: interface nearly identical to GMX. Filter rules under Settings → E-Mail → Filterregeln. Phishing:
phishing@web.de. - T-Online: operated by Telekom. Junk filter under Einstellungen → E-Mail → Sicherheit. Phishing:
missbrauch@telekom.de.
Full German-language coverage with step-by-step screenshots lives in our German spam guide.
Recognizing phishing (works for all providers)
Phishing is the dangerous cousin of spam — it tries to steal data rather than just advertise. Red flags specific to phishing:
- Sender mismatch: real PayPal always sends from
@paypal.com. If it's@paypal-security.net, it's fake - Links pointing to unfamiliar domains: hover before you click. On mobile, long-press to preview the URL
- Fake login pages: always check the URL in the browser.
amaz0n.comis not Amazon - Requests for password/PIN/TAN: no legitimate service asks for these by email
- QR codes in emails: a rising trick — cameras show the URL on preview, always check before tapping
Golden rules (save this as a checklist)
- ✅ Never click links in unexpected emails — type the address manually
- ✅ Never reply to a spam message — confirms your address is live
- ✅ Always mark as spam rather than deleting — trains your filter
- ✅ Report phishing to the provider, not just to your IT team
- ✅ Use different passwords per service — breached spam addresses are valuable
- ✅ Enable 2FA on your mail account — spam abuse often starts with a compromised inbox
- ✅ When signing up for new services, consider a disposable address first — but give real addresses to services you care about
Good filtering is cumulative — marking consistently for a month shrinks your spam inbox to almost nothing on all major providers. The algorithms learn surprisingly fast.
Frequently asked questions
Does marking as spam actually train the filter, or is the message just deleted?
Yes — every major provider uses your markings as a training signal. Gmail, Outlook, and GMX all document this publicly. Your markings also contribute to global reputation scores for the sender. Consistent marking over about a month usually cuts inbox spam by 80–90%.
Can I block a sender in the Gmail or Outlook mobile app?
Yes. In the Gmail app: open the message → three-dot menu → Block [sender]. In the Outlook app: open → three-dot menu → Block. Both apps sync the blocklist with the web version, so you only need to add the sender once.
Why does spam from the same sender keep coming after I block them?
Spammers rotate sending domains constantly. Blocking one promo-sender address won't stop mail from a similar one at a sibling domain. Create a domain-level rule or filter on subject-line patterns instead of the exact sender address — see the provider-specific sections above.
Is reporting phishing worth the effort?
Yes — much more than marking as spam. Each provider shares reported phishing with threat-intelligence networks that protect millions of other users. Gmail's and Microsoft's phishing reports directly feed into global blocklists used by every major mail server.
What's the difference between spam, junk and phishing?
"Spam" and "junk" are interchangeable terms for unsolicited bulk mail. "Phishing" is a specific type of malicious mail pretending to be from a trusted organisation. All three belong in the spam/junk folder, but phishing additionally needs to be reported to the impersonated brand and to your provider's phishing endpoint.
