How to Stop Email Spam: A Practical 7-Step Plan

Published 2026-06-01

Concrete, ranked steps to reduce inbox spam — from the easy wins (unsubscribe + filters) to the structural fixes (aliases and disposable email).

Why Your Inbox Got This Way

The average internet user's primary email address has been pasted into ~150 web forms over a decade. Of those 150, perhaps 20 sold the address to a marketing list. Of those 20 marketing lists, several were re-sold to spam outfits after the original company shut down. That's how a single address ends up on dozens of spam lists you never opted into. The fix is partly cleanup, partly structural.

Step 1: Mark, Don't Just Delete

For two weeks, every spam message you receive: mark as spam in your email client. Don't just delete. Gmail, Outlook, and ProtonMail all use your spam-flagging behaviour to train their own filters and (in aggregate) the network-wide reputation of the sender. Two weeks of consistent flagging visibly improves your inbox.

Step 2: Unsubscribe from Things You Actually Signed Up For

Open every newsletter you don't read. Scroll to the bottom. Hit unsubscribe. Most legitimate newsletters honour the unsubscribe within 48 hours. This is boring, manual, and the single most effective thing you can do. Tools like Leave Me Alone or Unroll.me automate it, but they require giving a third party access to your inbox — a tradeoff most privacy-conscious users decline.

Step 3: Don't Unsubscribe from Actual Spam

If the email is from a sender you never signed up with, the unsubscribe link is a confirmation that your address is live and read by a human. That's what they wanted — you just told them. Mark as spam and delete. Never click.

Step 4: Set Up Server-Side Filters

Spend 20 minutes setting up filters that auto-archive newsletter-type mail and route receipts/shipping notifications to dedicated labels. The goal: your inbox shows only mail that needs a human response. Everything else routes to a folder you skim once a week.

Step 5: Stop Adding to the Problem

From today onward: do not give your real email to any website you don't fully trust to keep it private forever. Use a disposable address for one-shot signups, an email alias for things you want to keep, and your real address only for institutional accounts (bank, government, employer, family).

Step 6: Audit and Rotate

Once a year, go through Have I Been Pwned (haveibeenpwned.com) for your real email address. If it shows up in a breach, change the password on any account that shared that password (use a password manager to find them) and consider whether the account is one you actually still need.

Step 7: Consider the Nuclear Option

If your real email is on hundreds of spam lists and steps 1–6 haven't moved the needle in three months, the nuclear option is to migrate to a brand-new primary email address. Tell your important contacts. Set up forwarding from the old address for six months. After six months, delete (or just abandon) the old account. This is dramatic but for some users it's the only way to start clean.

What Not to Do

  • Don't pay for “spam removal services” that promise to scrub your address from lists. They can't.
  • Don't reply to spam, even angrily.
  • Don't put your email address on your public LinkedIn / Twitter / personal site in plain text. If you must, use an image or obfuscation (name [at] domain [dot] com).
  • Don't use the same password on the spam-receiving account as on anything important.

Related Guides

See also: Data breaches and why disposable email helps and how to spot a phishing email.

Related Knowledge Base Articles

Back to all articles