> This page is part of the [Customer.io documentation](https://docs.customer.io). For the complete index, see [llms.txt](https://docs.customer.io/llms.txt). > Last updated: June 26, 2026 # How to manage suppressions ## How it works The **Workspace suppressions** page gives you a single place to review the people and email addresses that Customer.io won’t message. From here you see can which people are suppressed for GDPR compliance and remove a profile from the suppression list. Go to > [*Workspace Settings > Workspace Suppressions*](https://fly.customer.io/workspaces/last/settings/suppressions) to get started. ### Email suppressions Your email service provider (ESP) maintains a suppression list to protect your deliverability. Your ESP suppresses an email address in these circumstances: * A message experiences a **hard bounce**, that is, the recipient address doesn’t exist or the recipient’s server blocked delivery. * A person logs a **spam complaint** against one of your messages. * You suppress the address through the [ESP Suppression API](/integrations/api/app/#tag/ESP-Suppression). Suppressions from a hard bounce or spam complaint apply to the sending domain, while suppressions made through the ESP Suppression API apply across *every* domain in your workspaces. An ESP-suppressed email address only prevents the address from receiving *emails*; a suppressed person can still receive messages on other channels and enter campaigns. For a full explanation, see [Email suppression lists](/journeys/channels/email/deliverability/esp-suppression/).  If you use a [**Custom SMTP** server](/journeys/channels/email/deliverability/custom-smtp/use-your-smtp-server/), you can only view and manage your email suppression list directly from your ESP. ### GDPR suppressions When you [delete and suppress a person](/journeys/people/manage/deleting-users/#how-suppressing-ids-works), Customer.io suppresses *all* of that person’s identifiersThe attributes you use to add, modify, and target people. Each unique identifier value represents an individual person in your workspace. (such as their `id` and `email`). This is typically used to honor a “right to be forgotten” request for GDPR compliance. When a profile’s identifiers are suppressed: * You can’t re-add a person with the same identifiers. Any attempt to do so is ignored or returns an error. * Activity attributed to the suppressed person is redacted. Activity logs show anonymous entries for the suppressed identifiers. ## Export people suppressed for GDPR You can export a list of the profiles you’ve suppressed for GDPR compliance. You might do this to verify that someone is on the list or to confirm a “right to be forgotten” request was honored. 1. Go to > [*Workspace Settings > Workspace Suppressions*](https://fly.customer.io/workspaces/last/settings/suppressions). 2. Export the list of suppressed people. We provide the list as a CSV file. To protect the privacy of the people on the list, we hash suppressed ids and email addresses in the CSV using SHA-256. To verify the hashed values against the original identifiers, you need to hash the original id or email to compare them. Alternatively, if you stored the `cio_id`, Customer.io’s unique identifier, elsewhere, you can directly compare this id against the one in the CSV; it’s not hashed. ## Remove a profile from the GDPR suppression list When you unsuppress a profile, its identifiers become available to use in your workspace again. If you re-add a person with the unsuppressed identifiers, Customer.io creates a *new* person without any of the history (messages, journeys, and so on) previously associated with those identifiers. 1. Go to > [*Workspace Settings > Suppressions*](https://fly.customer.io/workspaces/last/settings/suppressions). 2. Under *GDPR suppression list removal*, search by email or id. 3. Select the profile you want to remove. 4. Click **Unsuppress**. You can also unsuppress identifiers [programmatically with the Track API](/integrations/api/track/#operation/unsuppress) or using a [semantic event through the Pipelines API](/integrations/api/cdp/#description/deletions-suppressions-and-other-semantic-events). Removing a profile from the GDPR suppression list is different from removing an email address from your [ESP suppression list](/journeys/channels/email/deliverability/esp-suppression/#remove-emails-from-suppression-list). When you unsuppress a profile, you free up its identifiers so you can re-add them to your workspace and send them messages; when you unsuppress an email address, the only change is that the address can receive emails again. * * [How it works](#how-it-works) * [Email suppressions](#email-suppressions) * [GDPR suppressions](#gdpr-suppressions) * [Export people suppressed for GDPR](#export-people-suppressed-for-gdpr) * [Remove a profile from the GDPR suppression list](#remove-a-profile-from-the-gdpr-suppression-list) Copy page Copy page [Download .md](/journeys/channels/email/deliverability/workspace-suppressions.md) Is this page helpful? ![](https://docs.customer.io/images/export-success.png) ![](https://docs.customer.io/images/export-failure.png) # How can we make it better? Close Do you need help from Customer.io support? No Yes What part of Customer.io do you need help with? How can we improve this page? Email (optional): Please provide a valid email address I am not a bot We appreciate your feedback! Our support team will contact you as soon as possible