top of page

Some thoughts from Zephi, a new member with the WMCRC - How To Spot A Spam Email

It’s very common for email inboxes to be inundated with a flood of messages, ranging from important work emails to promotional offers and, unfortunately, spam.

Spam emails can be not only annoying but also potentially harmful if you fall victim to phishing or scams. In this blog, we'll guide you through the process of spotting a spam email, what to do with it, and how to help prevent it from invading your inbox in the future.

How can you spot a spam email?

Spotting a spam email can be tricky, but there are usually a few clues that it’s spam! Things you can do to spot a spam email include:

Check the sender’s email address

One of the most common ways to identify a spam email is by looking at the sender's email address. Be cautious of emails from suspicious or misspelled domains, random combinations of letters and numbers, or domains that don't match the organisation's official website. Legitimate organisations use recognisable and consistent email addresses, so if this isn’t the case, the email you’ve received is almost definitely spam.

Look for poor spelling and grammar errors

Spam emails will normally contain numerous grammar and spelling mistakes; these errors can range from simple typos to totally incoherent sentences. Legitimate organisations usually proofread their emails carefully to retain a professional image, so a poorly written email is a big red flag.

You shouldn’t just use poor spelling as your only indicator though, as thanks to tools like ChatGPT and other AI software, attackers are quickly improving their spelling, grammar and branding images. This makes spam emails look even more convincing.

Beware urgent requests and threats

Spam emails often use scare tactics, such as threatening to close your account or promising huge rewards if you act quickly. Be cautious when you receive unsolicited emails with urgent demands as real organisations typically communicate important matters through more official channels and rarely offer “too good to be true” deals.If it sounds too good to be true then it probably is, and if they are scaring you, consider contacting the organisation direct from their website, not via a link in the email. This way you can check with the company themselves if the message is real.

Verify links and attachments

This is (hopefully!) a common sense one, but it’s important to never click on suspicious links or download attachments from unknown senders. Instead, carefully hover over links without clicking to preview the destination URL and check if it matches the sender's identity and seems legitimate. Be especially wary of executable files, as they could contain malware. If you’re in any doubt whatsoever, do not click on or download any attachments.

Be cautious about personal information requests

Spam emails regularly request sensitive information like bank account details or passwords. Legitimate organisations rarely ask for such information at all, let alone via email. If in doubt, contact the organisation directly through their official website or phone number to verify the request.

What should I do with a spam email?

So, you followed the above advice, and you definitely have a spam email in your inbox; what do you do with it now? We’re glad you asked, keep reading!

Do not respond or click on anything

The first rule of dealing with spam emails is don’t engage with them. Replying to a spam email or clicking on links within it can confirm your email address's validity to spammers and can encourage them to send you more emails.

Be wary about trying to unsubscribe too; while legitimate newsletters and mailing lists usually offer an unsubscribe option, spammers sometimes use fake unsubscribe links to confirm your email address or hide malicious website URLs. Only unsubscribe from trusted sources and be cautious when doing so.

Move it to your spam folder

Most email providers offer spam filters that automatically detect and redirect spam emails to a designated spam folder. If a spam email makes it to your inbox, mark it as spam or move it to the spam folder to help train your email provider's filter.

Delete it

If you’re absolutely certain that an email is spam, delete it. Do not take any chances by keeping it in your inbox or trash folder.

How can I stop spam emails getting in my inbox in the future?

Whilst there is no way to absolutely eradicate spam emails (wouldn’t that be nice!), there are steps you can take to reduce the chances of them ending up in your inbox again.

Use a strong spam filter

Ensure that your email provider's spam filter is enabled and set to its highest sensitivity level. You should check your spam folder regularly to make sure legitimate emails aren't getting caught.

Be cautious with who and where you share your email address

Avoid sharing your email address on public forums, websites, or social media platforms. Spammers often scrape the internet for email addresses, so you may want to consider using a disposable email address for online sign-ups.

Use email authentication

This one is a little more techy but if you enable email authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) on your email account, you can reduce the chances of receiving spoofed or fraudulent emails.

Stay informed

Knowledge is power as the say goes, so keep yourself updated on the latest email scams and phishing tactics to help you spot spam emails and avoid falling into their traps.

Zephi would also like to add: Established in 2010, Zephi is a full marketing agency based in Rugeley, Staffordshire. Need support with your website or marketing? Contact our friendly team today to find out how we can help!


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page