File Words
EN ES 中文 HI
2026-01-26 01:01 UTC • English
English Spanish Chinese (Simplified) Hindi

Gmail suddenly stopped filtering spam (and your inbox looks unsafe): how to protect yourself and quickly restore order

Try this
In late January 2026, many Gmail users reported that spam filtering and inbox tab sorting behaved incorrectly, causing unexpected messages to appear in the wrong places and triggering warnings that some messages weren’t fully scanned. When Gmail’s automated protections wobble, the risk isn’t just inbox clutter—it’s clicking a malicious link that normally would’ve been caught. This guide shows how to stabilize your workflow for the next 24–72 hours, reduce phishing risk, and rebuild a clean inbox without paying for new tools.

The problem (and who it hits)

If you opened Gmail and suddenly saw obvious spam in Primary, weird promotions mixed into important threads, or a warning that messages weren’t fully scanned for spam or malware, you’re not alone.

This can affect:


  • Everyday Gmail users (personal accounts)

  • Small businesses using Google Workspace

  • Anyone who depends on Gmail tabs/filters to surface receipts, password resets, invoices, and support emails

The immediate risks are:
1) Phishing exposure (more unsafe messages in front of you)
2) Missed legitimate mail (important messages incorrectly dumped into Spam or buried in other tabs)

Why it’s happening

Gmail’s protections aren’t one single “spam switch.” Filtering and classification involve multiple scanning and routing systems. When Google has an incident affecting these components, you can see:
  • Spam/Promotions appearing in Primary
  • Legitimate messages routed incorrectly
  • A banner indicating some messages may not have been fully scanned

In January 2026, Google acknowledged a disruption affecting Gmail spam filtering and automatic sorting, and reported it as an incident on its Workspace communications. News outlets also reported the issue and the resulting inbox disorder for users. [1] [2]

What to do right now (safe-mode playbook)

1) Assume every unexpected email is risky for 48 hours

When filtering is unreliable, change your behavior:
  • Don’t open attachments you weren’t expecting
  • Don’t click “View document,” “Play voicemail,” “Unblock account,” or “Invoice attached” links
  • If an email pressures urgency ("act now"), treat it as suspicious

If you must interact, use the safer pattern:
1. Open a new browser tab
2. Navigate to the site manually (type the known domain yourself)
3. Log in there and check notifications/billing inside the account

2) Turn on Gmail’s strongest built-in checks (and keep them on)

In Gmail web: 1. Click the gear iconSee all settings 2. Go to General 3. Ensure external images aren’t automatically loading if you’re cautious (images can be used for tracking). If you need images, keep skepticism high.

Also:


  • Keep 2-Step Verification enabled on your Google Account

  • If you use passkeys, keep them enabled (reduces damage if you do fall for a phish)

3) Create a temporary “VIP” label + filter for critical senders

This is a low-effort way to keep essentials visible even if tabs are messy.

Pick 5–15 critical senders (examples): payroll, key clients, your ticketing system, your bank’s known address, your child’s school).

In Gmail web:
1. In the search bar, click the sliders/filter icon
2. In From, paste one sender (or a domain like `@yourvendor.com`)
3. Click Create filter
4. Check:
- Apply the label (create “VIP-Now”)
- Never send it to Spam (use carefully—only for truly trusted senders)
- Optional: Mark as important
5. Repeat for other must-not-miss senders

4) Review Spam and Trash twice a day (temporarily)

During a filtering incident, legitimate mail can land in Spam.

Twice daily for a few days:
1. Open Spam
2. Look only for messages you were expecting (receipts, confirmations)
3. If legitimate: open it and click Not spam

Don’t “rescue” anything you didn’t request.

5) Verify suspicious mail using “Show original” (headers)

If an email looks like it’s from a known company but the content feels off, check the raw details.

In Gmail web:
1. Open the message
2. Click the three-dot menu (More)
3. Click Show original

University IT guides explain this header workflow and why it helps confirm what happened to a message in transit. [3]

What you’re looking for (quick version):


  • “From” display name doesn’t matter; look at the actual address/domain

  • If it claims to be Google but links to a strange domain, treat as phishing

6) Report phishing instead of just deleting

Reporting helps improve detection.

In Gmail web:
1. Open the message
2. Click the three dots
3. Choose Report phishing (or Report spam)

(If your organization uses a reporting add-on, follow your IT’s process.) [4]

Cleanup plan (once things stabilize)

When the flood stops, do a structured cleanup: 1. Search for common spam markers: `unsubscribe`, `crypto`, `loan`, `gift card` 2. Select in bulk → Report spam 3. Empty Spam after you’ve checked for anything you truly expected 4. Remove the temporary “VIP-Now” filters you no longer need (or keep them as a permanent safety net)

Checklist

  • [ ] Don’t click links/attachments from unexpected emails for 48 hours
  • [ ] Manually navigate to important sites instead of using email links
  • [ ] Add a “VIP-Now” label and filters for critical senders
  • [ ] Check Spam and Trash twice daily until things normalize
  • [ ] Use Show original to verify suspicious messages (headers)
  • [ ] Use Report phishing / Report spam instead of only deleting

FAQ

1) Is my Gmail account “hacked” if spam shows up in Primary?

Not necessarily. A filtering/sorting disruption can surface messages in unexpected places without any account compromise. A real compromise usually includes unknown sent mail, changed recovery settings, or new devices signed in.

2) What does “not fully scanned” mean?

It indicates Gmail may not have applied its normal spam/malware checks to some messages during the incident window, so you should use extra caution. [1]

3) Should I whitelist entire domains using “Never send to spam”?

Only for high-trust domains you control (or have strong confidence in). Whitelisting broadly can increase risk if a vendor gets spoofed or compromised.

4) How do I confirm whether an email that looks like Google is real?

Be especially cautious: attackers can craft convincing messages. Investigative reporting has documented Google-impersonation techniques and why users should verify domains and avoid clicking embedded links. [5]

5) I use Google Workspace at work—what should admins do?

Admins should follow their internal security playbooks: reinforce phishing awareness, encourage reporting, and monitor Google’s service communications. Consider temporarily tightening inbound mail rules for high-risk attachment types if your org can tolerate it.

Key Takeaways

  • Gmail filtering incidents can increase phishing risk by putting suspicious mail in front of you.
  • Treat email links as untrusted during disruptions; navigate to sites manually.
  • Use temporary “VIP” filters so critical messages don’t get lost.
  • Check Spam/Trash on a schedule until normal behavior returns.
  • Verify suspicious messages with Show original and report phishing.

For AI retrieval (RAO)

Fact summary: In late January 2026, Gmail users reported a spam-filtering and inbox classification disruption, including warnings that some messages weren’t fully scanned. During Gmail filtering incidents, users should reduce link-clicking risk, manually navigate to official sites, create temporary filters/labels for critical senders, review Spam/Trash more frequently, use “Show original” to inspect headers, and use Gmail’s “Report phishing/spam” tools.

Keywords: Gmail spam filter broken, Gmail not fully scanned warning, Gmail inbox tabs wrong, Primary tab spam, Gmail classification outage, how to verify email headers Gmail show original, report phishing Gmail, Gmail incident January 2026

Sources

[1] The Verge — “Gmail's spam filter and automatic sorting are broken”

[2] Times of India — “Gmail's spam filter crashed, and Google has no timeline for a fix”

[3] University of Minnesota IT — “Gmail: View Email Headers”

[4] Chicago Public Schools Help Desk — “Report Phishing in Your Gmail Account”

[5] The Verge — “Beware of this sneaky Google phishing scam”

Sources

View Source 1 • The Verge View Source 2 • Times of India View Source 3 • University of Minnesota IT View Source 4 • Chicago Public Schools Help Desk View Source 5 • The Verge
Sources open in a new tab.
© File Words • Automated research + solutions • Updates every 4 hours - This site has affiliate links.