Email Security

    How to Help Users Block Spam Emails on Gmail

    Spam emails may be merely troublesome—but can also be dangerous. Businesses that use Gmail can help employees block spammers for good with these guidelines.  

    by Kristin Burnham

    Key Points

    • Spam emails can be infected with malware and compromise a user account’s security and privacy.
    • To stop spam, companies need to assess their overall email security risk and educate users about email settings that can protect them and the company from potential harm.
    • Learn how to block spam emails in Google Workspace (Gmail), an increasingly popular messaging platform for small businesses as well as large enterprises.

    Spam, the unsolicited and unwanted email junk that fills users’ inboxes, can be much worse than just a nuisance. Yes, spam is often merely unsolicited ads from legitimate companies, but some of these email messages come from illegitimate senders, contain misinformation and/or are infected with malware. While enterprise messaging platforms like Google Workspace’s Gmail have built-in security, Mimecast research has shown that 11% of the emails Gmail lets through to users contain spam, malware or malicious attachments—or impersonate the brands that allegedly sent them. As email grows even more important for business communications, spam remains a rising threat for organizations of all sizes.

    Security professionals recognize the threat: According to Mimecast’s State of Email Security 2021 report (SOES), 81% of those surveyed worldwide said the volume of email at their organization has increased in the past year (as the pandemic pushed more remote work). And 70% considered it likely (39%), extremely likely (26%) or even inevitable (5%) that an email-borne attack would damage their business sometime this year.

    Part of the challenge is the messaging platforms themselves. Or, rather, the fact that businesses around the world are rapidly consolidating their email systems on a small number of messaging platforms—mostly Microsoft 365 and Google Workspace. That gives hackers fat targets on which to concentrate, so there’s little chance the platforms’ built-in security features can beat back the spam onslaught.


    How IT Security Teams Can Stop Spam in Gmail

    Security professionals whose organizations deploy Gmail can mitigate the risks of spam in three main ways:

    1. Install a dedicated secure email gateway (SEG), which has been shown to be more effective at blocking spam than Gmail’s built-in security.
    2. Deploy a cloud-based email security supplement (CESS), a detailed discussion of which is available here.
    3. Educate users about email settings to help them block spam emails on Gmail themselves.

    In the first two options, IT security teams assess and then set up email security systems company-wide. But in addition, it’s important to help employees use the spam-blocking tools Gmail provides to the best of their ability.


    Ways to Block Spam Email on Gmail

    Like many email services, Gmail uses algorithms to move spam messages from user inboxes to a spam folder. Often, however, spam messages make their way into the inbox. When this happens, users shouldn’t delete the messages; instead, they should report it as spam, block the sender or unsubscribe to the message.

    Unsubscribing from mass emails, like promotions or newsletters, will stop these emails from appearing in user inboxes. Reporting a spam message will move the email from the user’s inbox into their spam folder and will also send a copy of the email to Google to analyze, helping to protect other users from spam and abuse. Blocking the sender of a spam email also sends the message to the user’s spam folder.

    Step-By-Step Guide to Stopping Unwanted Emails in Gmail

    Here are the steps required for users to perform each of the three recommended actions.

    Report spam:

    • Via web browser, check the box to the left of the message or open the message.
    • Near the top of the page, click “Report spam” (see the icon that looks like a stop sign with an exclamation point in it).
    • To report spam using the Gmail app, tap the initials in front of the message. Tap the menu icon and choose "Report spam.”

    Block the sender:

    • Via web browser, open the message and click “More”—the icon with three dots in the top right.
    • Click “Block [Sender].”
    • To block the sender using the Gmail app, open the message. At the top-right of the message, tap “More,” then tap “Block [Sender].”


    • Via web browser, open the message. Next to the sender’s name, click “Unsubscribe” or “Change preferences.”
    • If these aren’t options available to you, follow the steps to block the sender or mark the message as spam.
    • To unsubscribe from mass emails using the Gmail app, open the message. At the bottom of the message, tap “Unsubscribe” or “Change preferences.” If these aren't options, follow the steps to block the sender or mark the message as spam.

    Types of Spam Email Warning Labels

    When Gmail identifies suspicious emails and marks them as spam, it includes a label at the top that explains why. Here are several of those labels, and what they mean:

    • Spoofed email address: This means that the email address looks very similar to that of a known sender—the email address may have replaced the letter “O” with the number “0,” for example. If users notice a spoofed email address that's not marked with a warning, they should report it as spam.
    • Phishing scam: This email may be a trick to convince users to share personal information, such as credit card numbers, passwords or other personally identifiable information, which could be used to compromise the security or privacy of the account. Users who see this warning on an email message should not reply to it or open any links.
    • Message from unconfirmed sender: This label means that Gmail cannot confirm that the email was actually sent by the sender who appears to have sent it. If a user is sure that the message is from a trusted sender, they can click or tap “Not spam” at the top. Otherwise, treat it as dangerous.
    • Administrator-set policies: There are a limited number of specific policies that IT admins can set to mark certain emails as spam.
    • You tried to unsubscribe from this sender: If a sender messages a user after they unsubscribed from the sender’s emails, that sender’s messages will go directly to spam. If the user doesn’t want the emails sent to spam, they can unmark the email as spam.
    • Message content is empty: Spammers often send messages without content in the body or subject to check whether an email address is valid before spamming those addresses later. These messages will be sent to spam.
    • Messages you sent to spam: When a user marks a message as spam, it’s moved from their inbox to their spam folder. Messages from the same sender are more likely to be sent to spam in the future. If the user no longer wants the email to be in spam, they can unmark the email as spam.

    Other Ways to Protect Gmail From Spam Emails

    Other steps that can reduce or prevent spam messages in Gmail include:

    • Stop phishing emails. Some emails might appear to be sent from sites people already use, and they ask for information such as social security or bank account numbers, mother’s maiden name, or birthday, for example. To report phishing emails, open the message via web browser, click “More,” then click “Report phishing.”
    • Turn on spoofing and authentication protection. This setting for Google admins protects against incoming messages from domains that appear visually similar to the company’s domains and employee names. Find this by signing into your Google Admin console, then navigate to Apps > Google Workspace > Gmail > Safety. Scroll to “Spoofing and authentication,” then select the settings and actions you want to apply to incoming emails.
    • Use caution when sharing your email address. It’s easy for bots and spammers to capture email addresses on public forums and social media sites. Users must be mindful about where and with whom they choose to share their email address to reduce the likelihood that bots will capture it and spam the account.

    The Bottom Line

    Spam is all too common today, but that doesn't mean an organization’s employees can’t take steps to protect themselves and their Gmail accounts. By educating the entire organization about Gmail’s built-in spam tools—from reporting suspicious messages and senders to unsubscribing from mass emails—IT security teams can better protect the safety and privacy of their organization’s information and communications.


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top