How to Report Spam Emails to the ICO in the UK

Unwanted marketing emails can be more than just a nuisance, they can breach UK data protection and privacy law. If you are receiving marketing emails you never signed up for, you have the right to report them to the Information Commissioner’s Office (ICO).

This short and nifty guide explains when and how to report spam emails, and what happens once you do.

When You Can Report an Email

You can report an email to the ICO if:

• You are receiving marketing or promotional emails that you never consented to.

• You have tried to unsubscribe, but the emails keep coming.

• The sender is hiding their identity, using misleading subject lines, or not including a valid unsubscribe link.

The ICO generally does not investigate individual spam emails, but it uses reports to identify patterns and take action against organisations that break the rules.

The Laws Behind It

Unsolicited marketing emails are regulated under:

• The Privacy and Electronic Communications Regulations (PECR), which cover electronic marketing.

• The UK General Data Protection Regulation (UK GDPR), which governs how personal data is collected and used.

Under these laws, organisations must have your explicit consent before sending marketing emails, unless there is a limited exception such as an existing customer relationship (known as the “soft opt-in”). Even then, every email must include an easy way to opt out.

Step-by-Step: How to Report Spam Emails

1. Try to Unsubscribe First

If the email includes a genuine unsubscribe link, use it. Most legitimate companies will respect this and remove you from their list.

2. Do Not Reply or Click Suspicious Links

If you suspect the email is a scam or phishing attempt, do not reply or click any links. This could confirm your address is active or expose you to fraud.

3. Report the Email to the ICO

You can report spam emails directly on the ICO’s website:
https://ico.org.uk/make-a-complaint/marketing/spam-emails/

You will be asked to provide:

• The sender’s email address.

• The date and content of the email.

• Any steps you’ve already taken (such as unsubscribing).

You can forward the email as evidence if needed, but avoid including sensitive personal information.

4. Report Scams to Other Authorities

If the email appears to be a scam or phishing message pretending to be from a bank or government body, forward it to:
📧 report@phishing.gov.uk
This helps the National Cyber Security Centre (NCSC) block malicious websites and protect others.

What the ICO Does with Reports

The ICO analyses all reports to identify organisations that regularly breach privacy and marketing laws. If patterns emerge, it can:

• Launch investigations.

• Issue enforcement notices.

• Impose financial penalties.

Even if your individual report doesn’t trigger an immediate response, it contributes to wider enforcement action.

Protecting Yourself

To reduce unwanted emails in future:

• Avoid sharing your email address publicly.

• Be cautious when ticking boxes on online forms, only agree to marketing if you truly want it.

• Use email filters and report spam to your email provider.

• Keep your antivirus software up to date.

You don’t have to tolerate spam emails in the UK. The law gives you the right to control who contacts you and how your personal data is used. Reporting unwanted marketing to the ICO helps stop organisations that ignore the rules and protects others from similar intrusions.

For more information or to make a report, visit the ICO’s official website: