Skip to main content
Guidance

Corresponding with HMRC by email — CC/FS72

Updated 24 June 2026

We take the security of personal information very seriously. Email is not secure, so it’s very important you understand the risks before emailing us. We won’t email you unless you agree and tell us you understand and accept the risks first.

You can use the information in this factsheet to help you decide whether you want to correspond with us by email.

About the risks

The main risks that concern us are:

  • confidential information shared through an insecure network could be intercepted and altered
  • email addresses could be shared by others or changed, leading to unauthorised people getting access
  • email attachments or links could contain a virus or malicious code.

To reduce the risks, we:

  • hide some sensitive information — for example by only quoting part of any unique reference numbers

  • only communicate with established contacts at their correct email addresses

  • sometimes use encryption

  • carry out regular assurance to make sure all precautions are being followed.

If you want to use email

We need your agreement in writing. You can usually send this by post or email. You need to confirm you:

  • understand and accept the risks of using email

  • are content for financial information and attachments to be sent by email.

You may also want to consider:

  • encrypting your emails or hiding certain details — for example, only providing the last 3 digits of a unique reference or account number

  • checking your junk mail filters are not set to automatically reject or delete HMRC emails.

If you’re a business, please give us the names and email addresses of all people you would like us to use email with. For example, you, your staff, your representative.

If you have an authorised agent or tax adviser acting for you, they can give us confirmation on your behalf. You need to tell them you understand and accept the risks of using email with us.

How we use your agreement

We’ll hold your written confirmation on file and apply it to future email correspondence. We’ll review it at regular intervals to make sure there are no changes. We’ll also ask you to confirm you still understand and accept the risks.

We’ll only email you about a tax matter if you have given us your agreement to do so. If you have any doubt an email has come from HMRC, do not click on any links, give any personal details, or reply to the email. You should forward the email to us at phishing@hmrc.gov.uk

For more information about HMRC’s privacy policy, go to GOV.UK and search ‘HMRC Privacy Notice’.

What if you change your mind

You can opt out of using email at any time by letting us know. We’re still happy to contact you in writing by post or, where appropriate, by telephone.