Report a Phishing Email
Document a phishing email in five steps and get the linked website taken offline: not just marked as spam.
The 5 steps to reporting phishing
Don't click any links
Phishing emails often track opens and clicks. Open the message in preview mode and never sign in through the embedded button.
Save the original email
Save the message as .eml or .msg so the headers, SPF/DKIM/DMARC results, and routing path are preserved. These prove the real sender.
Document the landing page
Take a screenshot of the phishing page in an isolated browser. Note the final URL after all redirects: Blackwall will use this URL for the takedown.
Report to the right channels
Forward the .eml file to your national cybersecurity agency and to APWG. Send the URL to Blackwall so the hosting provider takes the site offline.
Confirm the takedown
Within a few hours the URL appears on browser block lists; Blackwall keeps you updated until the hosting provider confirms the site has been removed.
Where you can report phishing emails
Report in parallel: each channel acts at a different level.
BlackwallInfrastructure
Forwards the phishing URL to the hosting provider and registrar to get the page taken down. You receive status updates until it's confirmed.
Report to BlackwallNational cybersecurity agencies (e.g., BSI in Germany)
Forward the .eml file to your national cybersecurity agency's reporting address: it feeds into national warnings.
bsi.bund.deConsumer protection phishing radars
Many consumer protection agencies run a phishing radar you can forward emails to. Submissions are reviewed and turned into public warnings for consumers.
verbraucherzentrale.nrwAPWG (international)
Anti-Phishing Working Group. Forward the raw .eml file to reportphishing@apwg.org. Feeds global browser block lists.
apwg.org/reportphishingFrequently asked questions
Ready to report the phishing email?
Submit the included URL in under two minutes. The Blackwall team handles the correspondence with the hosting provider for you.
