How it works Detection Roadmap Pricing Blog Header Analyzer Phishing Quiz Install free
Security guide

“Your package could not be delivered” — is that USPS email real or a scam?

A package is on hold. The address was incomplete. There’s a small redelivery fee. It looks exactly like USPS — and it’s one of the most common scams in the world. Here’s how the fake delivery notice works, and the safe way to check whether you really have a package waiting.

Published 19 July 2026 · ~7 min read · By the Phixo team

You’re expecting a package — or you order online often enough that you might be. An email (or text) arrives: “Your package could not be delivered due to an incomplete address.” There’s a tracking-style link, sometimes a tiny “redelivery fee,” and a deadline before the parcel is “returned to sender.”

This is the fake delivery notice, and it works for one simple reason: at any given moment, millions of people genuinely are waiting for a package. The scammer doesn’t need to know you’re one of them — they blast the message to everyone and let probability do the rest. USPS is the most-impersonated name in the US version; FedEx, DHL and UPS variants are identical in structure. Here’s how to recognise it in seconds.

The quick answer

An unsolicited “package could not be delivered” message with a link is almost certainly a scam. USPS only sends tracking updates you asked for — on a package you’re tracking, or through Informed Delivery — and it never charges a redelivery fee. The safe check takes one minute: don’t touch the message’s link, find the tracking number from your original order confirmation, and enter it yourself at usps.com (or the carrier your shop actually used). If there’s a real problem with a real package, it will show there.

Illustration of Phixo flagging a fake USPS package delivery email in Gmail: Critical Risk verdict, spoofed sender domain, urgency language and generic greeting detected
What this catch looks like (illustration): Phixo flags a fake “package could not be delivered” email in Gmail — the lookalike sender domain, the 24-hour pressure and the generic greeting earn a Critical Risk verdict. The warning text shown is Phixo’s real output for these signals.

How the fake delivery notice actually works

The message routes you to a convincing carrier-branded page that asks you to “confirm your address” — and then, almost always, to pay a small redelivery or customs fee: 30 cents, a dollar, $2.99. That number is chosen carefully. It’s small enough that paying feels easier than thinking.

The fee is not the point. The scammer isn’t trying to collect $1 from you — the payment form exists to capture your full card number, expiry and security code. Test charges follow within days, then larger ones. Some variants skip the fee and harvest your address, phone and login details instead, or push a fake “tracking app” that carries malware.

5 signs the delivery notice is fake

1. You didn’t ask for it

This is the strongest tell, and it’s about how USPS actually behaves: USPS doesn’t send unsolicited emails or texts about held packages. Tracking updates arrive only if you requested tracking on a specific shipment or use Informed Delivery. If a physical delivery genuinely fails, the carrier leaves a notice at your door — they don’t need to email a form. An out-of-the-blue delivery problem in your inbox is a scam until proven otherwise.

2. The sender domain isn’t usps.com

Tap or click the sender name to reveal the full address and read the part after the @.

What you see vs. what’s really there From: USPS Delivery
<tracking@usps-package-alerts.com>

Real USPS email comes from usps.com (Informed Delivery notices, for example, come from USPSInformeddelivery@email.informeddelivery.usps.com — the registered domain is still usps.com). A domain like usps-package-alerts.com or usps-redelivery.net merely contains the letters “usps.” The FedEx and DHL versions work identically: check against fedex.com and dhl.com.

3. It asks for money to release a package

USPS redelivery is free — you schedule it at usps.com. Genuine customs charges on international parcels do exist, but they’re handled with an official notice, not a $1 card form on a link from a text. Any small fee to “release,” “redeliver” or “verify” a package is the trap itself.

4. There’s no real tracking number

Genuine delivery notices reference a specific tracking number you can verify independently. Fakes usually have none, an obviously malformed one, or one that only “works” on the scammer’s own site. If you can’t take the number from the message and look it up yourself on usps.com, the message has told you what it is.

5. Pressure and a deadline

“Within 24 hours or your package will be returned to sender.” Real carriers hold packages for days and leave paper notices. A countdown exists for one reason: to make you click before you think. The urgency is the red flag — the same pressure pattern we break down in the 8 warning signs of a phishing email.

The single safest way to check

Take the message out of the equation entirely:

  1. Don’t click any link in the email or text, and don’t call any number it gives you.
  2. Find the tracking number from your original order confirmation — the email from the shop you actually bought from.
  3. Open a new tab, type usps.com (or fedex.com / dhl.com / ups.com — whichever carrier the shop used) and enter the number there.
  4. If a delivery genuinely failed, the official tracking page will say so — and any redelivery can be scheduled right there, free.

If the official tracking shows no problem — or you’re not expecting anything at all — the message is the fake. You can report USPS impersonation by forwarding the email to spam@uspis.gov, then delete it.

The 30-second delivery notice check

Why this scam works so well

The fake delivery notice needs no research about its victims. Online shopping is constant, so a “missed delivery” lands as plausible for a huge share of everyone it reaches — and unlike a bank alert, it feels routine rather than alarming, so your guard stays down. The tiny fee completes the trick: it reframes the interaction from “give a stranger your card” to “pay a normal small charge,” which is exactly how a fake Amazon “account on hold” email reframes credential theft as routine account maintenance.

Appearance won’t save you here — the fake pages copy carrier branding pixel-perfectly. The reliable tells are behavioural: whether you asked for the message, the sender’s registered domain, whether money is requested, and whether the tracking number survives an independent check on the carrier’s real site.

What if you already clicked or paid?

Move fast — the earlier you act, the less the card details are worth:

  1. If you entered card details: call your bank or card issuer now and have the card blocked and reissued. Watch the statement for small “test” charges.
  2. If you entered a password: change it immediately on the real site, and anywhere you reused it.
  3. If you only clicked and entered nothing, you’re probably fine — close the page and run a malware scan to be safe.
  4. Report it: forward the email to spam@uspis.gov (USPS impersonation) and report phishing in your mail client.

For the complete cleanup, step by step, see what to do if you clicked a phishing link.

Frequently asked questions

Does USPS send emails or texts about failed deliveries?

Only if you asked for them — tracking updates on a package you’re following, or Informed Delivery digests. USPS doesn’t send unsolicited messages about held packages, incomplete addresses or redelivery fees. When a real delivery fails, you get a paper notice at your door.

Does USPS charge a redelivery fee?

No. Redelivery is free and scheduled at usps.com. Any message asking for a small fee to release or redeliver a package is a scam — the payment form exists to capture your card details, not to collect the dollar.

How do I check if I really have a package on hold?

Ignore the message’s link. Take the tracking number from your original order confirmation and enter it yourself at usps.com (or the carrier your shop used). If there’s a genuine problem, the official tracking will show it.

Keep reading

Not sure about an email? Let Phixo check it

Phixo is a browser extension that checks the email open in your Gmail or Outlook against several of the signals above — sender and domain reputation, link mismatches, lookalike domains, and email authentication (SPF, DKIM, DMARC) — plus an AI read of the language, and flags anything suspicious in seconds. Free plan includes 10 scans a day, no credit card. A one-time Google or Microsoft sign-in keeps your scan count tied to your account.

Install Phixo free →

Your email body is never stored. Analysis happens in real time and is discarded immediately.