Usually the sender address is spoofed, so it's useless to report, for example, spam from "someone@msn.com" to abuse@msn.com.  If you want to learn more, or even help to combat spam, read on ...

Look at what the spammer wants you to do (but don't do it).  If it's only to reply by email, look at the domain name in the "Reply-To" address in the message headers (but do not reply).  You may be able to report the sender to that domain if you trust it (e.g., Google.com or Hotmail.com).

Look at (but do not click) links to offerings in the message - spam links do not go to legitimate companies.  Spam links may go directly to a scam site, but more often hop through a chain of redirecting sites in order to protect the landing site from immediate discovery.  Chain-redirects commonly begin with a legitimate link-shortening service such as "bit.ly".  Chains can be safely revealed by services such as WhereGoes - see our list of Trusted Security Services.

If the message pretends to be from an organization you recognize as legitimate (this is called "phishing"), then forward it (with headers) to that organization's spam reporting address - e.g., phishing@irs.gov (tip: the U.S. IRS doesn't send email, and no legitimate company sends software by email 👀).

If the message really seems to be from a legitimate company you recognize, such as your bank or phone company, we recommend using only the links, email addresses, and phone numbers that you already have on record to access that company, pay your bill, or make inquiries.  Why?  Because some "spear-phishing" emails are crafted with precision to look like the real thing, but provide phishy links, erroneous email addresses, and/or phoney phone numbers.

Don't reply to spammers or click their "unsubscribe" links: it merely informs them that your email address is valid and worth trading to other spammers.  Consider: if you didn't voluntarily subscribe, then you're currently not subscribed; thus "unsubscribing" is meaningless (and is often just a way to verify that your email address is valid).

Common sense says to create filters in your email client to sandbox the spam out of your workflow; but filters are often tricky to set up, limited in scope - because they mainly analyze email headers, not the sacrosanct message body - and their sheer quantity can bog down throughput, thus your email client may limit the number of filters you can create (and "chicken-and-egg" arrangements can end up trashing legitimate email).  Or you can use an add-on service that you "train" by repeatedly identifying various emails as "spam" or "not" - Thunderbird can do either, but these two methods are incompatible.  A third sense says to employ specialized services such as "Spam Assassin", "Mail Washer", and "Spam Fighter".  Now you have options.

———•———

😞 If JavaScript is enabled in your browser ...

Following are some email addresses to which phishing spam can be reported, depending on whom the phisher is pretending to be - obviously, if your spammer is pretending to be Chase Bank, you should send the report to Chase, not elsewhere (unless you have a friend in the USPS Postmaster's office).  Either click or Copy-and-Paste a reporting address into the "TO:" field in your email program.  Because your mail client will modify the headers, you should use its "View Source" feature to copy the entire raw message of the spam email into your report.  Some of the following addresses were hard to find.  Any mid-size to large company should have an "abuse" address, and every website should have a "postmaster" address; but these often go unmonitored.

Does this effort really matter?  Not always, but some of these companies defend their reputations with a team of technicians who follow through with law enforcement to disable those phishing sites and arrest their owners.  If just one of your reports made this happen, it could prevent literally thousands of people from being scammed - there are some good feels in that.  MailChimp continues to impress: as a bulk mailer, they are tempting to spammers; but if given clear evidence, they will permanently ban that customer.