Spam Control


Email spam is unsolicited bulk emails or junk emails sent out without the consent of a recipient. Many spam emails use social engineering techniques that require human interaction, identity theft, data theft and other kinds of fraud. Zoho mail uses advanced preventive techniques to protect users from spam emails. Apart from our built-in mechanism, Zoho Mail users can also customize how they want to process email spams. 

Frequently Asked Questions

How to reduce the number of spam I receive?

Zoho Mail spam filters check all the emails based on various criteria like IP reputation, SPF, DKIM, User Policy, etc. and will process accordingly. Based on the results, the Zoho Mail server will decide if your email should be delivered to the Inbox or Spam folder. To reduce the number of spam you receive,

  • Follow email best practices.
  • Mark the unsolicited emails as spam.
  • Take advantage of Spam Control features available in Zoho Mail.
  • If you notice such emails even after following the best practices, contact support with the Header of such spam emails.

What should I do when I receive spam in the inbox?

Despite all the inbuilt spam filters, there is a minuscule chance for a spam email to end up in your Inbox. To avoid this,

  1. Use the Mark Spam feature. Our system is equipped to learn from user corrections and will adjust to user preference over time. 
  2. Use Spam Control features such as Blocklist and Rejected list to fulfill your requirements.
  3. If you still notice spam emails, you can contact our support with the Header of such spam emails. 

How can I mark an email as spam?

  1. Use the Mark Spam feature and mark the respected email as spam. 
  2. To avoid such future emails, you can use the Blocklist feature to avoid emails from a domain or an email address.

What if I incorrectly mark an email as spam?

  1. Login to Zoho Mail
  2. Go to the spam folder.
  3. Choose the respective email.
  4. Use the Mark not Spam feature and restore it to the inbox. 

What are phishing emails and how can I avoid them?

Using phishing, spammers intend to extract sensitive personal and financial data about the recipient by disguising themselves to be a legitimate organization or an individual. For example, a spammer looking for your financial details will send you an email asking for information such as passwords, user ids, bank account numbers, PIN numbers to list a few. ‚ÄčNote that Zoho Mail will never ask you such information via email.

  1. Zoho Mail will display a warning message when an email looks suspicious. Be cautious of your interactions with such emails. 
  2. Configure SPF and DKIM for your domain or request your admin.
  3. Configure DMARC for your domain or request your admin.
  4. Use the Report Phishing feature to avoid such emails in the future.
  5. Contact our support with the Header for further assistance.

What are spoofed emails?

An email is considered to be spoofed when spammers forge an email address of an organization/person. The email received by the recipient would have the name of an authentic sender and will trick the recipient into thinking the email is from a trusted source. Email spoofing is often done to facilitate phishing activities.

How can an email be spoofed?

Every email message sent will hold two "from" addresses.

  1. Preview from - This is the from address you see when you receive an email.
  2. Return-path - This is the from address found in the header of an email. It is used by mail servers to identify whom to notify in case a message wasn't delivered.  

A spammer would manipulate and edit one or both of the from addresses to spoof an email.

How to identify a spoofed email?

  1. Look for the warning message.
  2. Look for Check via in the suspected email.
  3. Check for SPF, DKIM, and DMARC authentication reports in email Header.
  4. In case you still could not identify if a suspicious email is spoofed or not, contact our support with the Header of such emails.

How can I avoid getting my email address spoofed?

Although spoofing is not under the control of an email service provider, you can prevent your email address from getting spoofed by,

  1. Configuring SPF and DKIM for your domain or request your admin.
  2. Configuring DMARC in your domain DNS or request your admin to configure DMARC for additional security.

Why am I receiving bounce messages when I did not send any emails?

To spoof emails, spammers extract email addresses and send emails from a manipulated identity. In order to not receive any bounce message. While sending spoofed emails, in order to avoid return responses and bounce messages, spammers will edit and manipulate the return-path address. If the return-path generated by the spammer matches with yours, then you will get bounce messages for the emails sent by the spammer.

What should I do when I receive bounce messages for the emails I did not send?

  1. Check your sent folder for unauthorized emails. If you find any, and in case you are sure that you did not send it, there might be a chance that your account is compromised.
  2. In case you suspect your account is compromised,
    • Change your account password immediately.
    • Check User Activity log.
    • Log out from all existing devices.
    • Contact our support for further assistance.
  3. If you did not find any unauthorized emails, then the bounce emails you received will be a result of return-path spoofing. To avoid this,
    • Set up a strict SPF record or request your admin.

Can I skip spam processing for a particular email address or domain I receive mail from?

Yes. You can skip spam processing for any email address or domain you please by using the Allowlist and trusted list feature. 

How can I add a particular email address or domain to the spam list?

You can mark any email address or domain as spam by adding them to the Blocklist.

How safe are my emails from Viruses?

All emails passing through the Zoho Mail server are scanned for viruses. Any unusual or virus-infected incoming and outgoing emails will be rejected at the server itself. This additional virus filtering keeps your emails virus free. In case you notice any unusual attachment, contact our support for further assistance.

How can I prevent my account from getting compromised?

  1. Choose a unique and strong password.
  2. Reset the password of your account often and regularly. Ideally once every 60 days.
  3. Set up 2-factor authentication or request your admin to set it up for you.
  4. Always sign out of your account before locking your computer.
  5. Do not give your password to anyone.
  6. Do not access your email accounts with unauthorized WiFi connections.
  7. Do not give your email id on unknown websites or forums.
  8. Use the latest version of browsers, Operating System, and the updated mobile application to patch up the vulnerabilities that may have existed.
  9. Exercise reasonable precautions while sharing data from our cloud environment.
  10. Monitor devices linked to your account, active web sessions, and third-party access to spot anomalies in activities. 
  11. Manage the roles and privileges of your account with caution.
  12. Be aware of phishing and malware threats by carefully handling unfamiliar emails, suspicious websites, and links that may exploit your information by impersonating Zoho or other services you trust.

How long will my spam emails stay in the Spam folder?

The emails in Spam folders are retained for a fixed period of time after which they are permanently deleted. By default, the emails that are older than (or received before) 30 days will be automatically cleared periodically. You can configure this buffer time according to your convenience. 

  1. Login to Zoho Mail
  2. Click the Settings  icon.
  3. Open the System settings card.
  4. Navigate to the Junk Cleanup Interval section.
  5. Next to Spam and Trash folders will be cleaned up based on the interval specified here, enter the desired value from 5 to 180 days.

Spam folder settings for Zoho Mail

Still can't find what you're looking for?

Write to us: