Feature request - hide or encrypt a ticket title from the web request
BeantwortetHey team,
This feature request is based on a security breach that we've recently discovered.and which allows an attacker to send unlimited number of emails to any recipient with a custom email title.
I will not go into any additional information publicly, but I reached out to support and spoke to one of your technical specialists and they advised that for the time being the only way to prevent this from happening would be to remove the "{ { ticket . title } }" element from all of our email triggers that send email notifications about new chats/tickets.
Considering that this is a standard placeholder, we are hesitant to remove it for the time being, but a good alternative solution here would be if Zendesk could consider hiding or encrypting a ticket title from the web request.
This way the mentioned actions would not be allowed and we won't have to remove a ticket title part from our templates.
Thank you in advance for your consideration!
-
Hi Piotr,
Thank you for reaching out about your recent experience with this type of spam attacks, and I’m sorry that your account was made a target by these abusive actors. I understand that you were able to speak with one of our advocates who advised you that the preventative measure is to remove the "{ { ticket . title } }" placeholder from all triggers that send an email upon ticket creation. This will remove the vector that these abusive actors use to relay their spam messages. From what I understand, it doesn’t seem like this was a preferred solution for you and I wanted to get some more details from you as to why this is, and why you’d prefer us to hide or encrypt this placeholder where it’s used?
I’d be happy to continue this conversation here, or get on a call to talk things through. Let me know what you prefer.
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.
1 Kommentare