How to report a phishing or spoofed email in Gmail.

Every so often you may get an email pretending to be from someone it is not or trying to trick you into giving out details you should not. Even with the likes of SPF, DKIM and DMARC email security controls installed on your domain name, these emails can still get through.

In late 2017 a vulnerability at the heart of email was discovered which allowed a sender or bad actor to spoof an email address - even with the security settings as mentioned earlier in place. 


To report a phishing or spoofed email in Gmail: 

  • Open the email.

  • In the top right next to the reply button click the drop-down arrow.

  • Click "Report Phishing"