Understanding and managing suspended tickets and spam

Have more questions? Submit a request

66 Comments

  • Stephen Fusco
    Comment actions Permalink

    Hey Alex, 

    Because the suspended tickets view is a system generated view it cannot be edited. However, the suspended view is only visible to agents with access to all tickets. So if you were to restrict your agent's access to only tickets in their groups then they would not have access to this view. 

    For Team and Professional, set Access to Tickets in agent's groups in the agent's profile. For Enterprise, select Agent can assign ticket to any group in the custom role for the agent.

    Even if they do have access though, you can restrict an agent's ability to delete tickets. Agents must have permission to delete tickets. On Essential, Team, or Professional, click the Admin , select Settings > Agents, then make sure Agents Can Delete Tickets is not selected. On Enterprise this would be done in custom roles.

    In response to your second question, there is an audit log available on Enterprise plans which will show you a log of actions taken in your account: Viewing the audit log

    0
  • Tim Shaw
    Comment actions Permalink

    This article says:

    Emails are suspended if Zendesk Support detects they're not from real users. Examples:

    • Suspected spam
    • Automated response emails, including out of office or vacation auto-generated response emails

    Please could you give a complete list of what automated response emails will be excluded. I'd like to see if calendar invite responses are excluded.

     

    Thanks

    0
  • Sean Cusick
    Comment actions Permalink

    Hi Tim, We do apologize, it is not possible to provide a complete list of emails that would become suspended. The expectation should be that any email arriving from an automated sending source will become suspended. With calendar invites it is possible for them to be sent from individual users or from the provider for the calendar service. The only way to find out with your example would be to test.  

    0
  • Gordon McWhorter
    Comment actions Permalink

    Just got one in that says Malware Detected. Wow! Really? What's in it? Do you all want to take a look or shall I just delete it?

     

    Thanks!

    0
  • Sean Cusick
    Comment actions Permalink

    Hi Gordon,

    It is entirely up to you what you wish to do with it. You can ignore it and will be deleted in 14 days, you can delete it now, or you can recover it (just be careful not to open any attachments without your local machine and local network being protected). 

    If you have any other questions for us feel free to open a ticket with us at support@zendesk.com

    0
  • Gordon McWhorter
    Comment actions Permalink

    Fun. Okay. Thanks.

    0
  • Jessie Schutz
    Comment actions Permalink

    Hey Gordon! 

    Just a heads-up that I removed the image from this comment for you...it had an un-redacted email address in it, and I didn't figure you'd want that out floating around. Feel free to edit your comment to add an updated version of the image with the email blocked out if you'd like!

    0
  • Gordon McWhorter
    Comment actions Permalink

    Ha! You bet, Jessie. Thanks! 

    0
  • Pierre Clouthier
    Comment actions Permalink

    Blacklist? Seriously? Do you think the spammers are considerate enough to send all their spam from the same domain?

    Every single spam that I am seeing in my Suspended Emails originates from a different, spoofed address, many from GMail.

    Isn't there a more sophisticated pattern that can be matched in the email headers?

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hi Pierre,

    Are these spam emails being sent to your Zendesk support address or are these being sent to an external email address which is then being sent to your Zendesk Support account?

    You may also want to take a look at our Spam prevention resources for some additional information.

    Hope this helps!

    0
  • Forrest Hoffman
    Comment actions Permalink

    Something has changed. Over the last 3 weeks I have also been receiving many more SPAM tickets via the standard support e-mail that comes with Zendesk.  Is it possible that the changeover to the new AWS mailer has somehow exposed all of your customer domain ID? I usually get about 3 to 8 SPAM per day now.  My org is Open ticket to allow people to use their private e-mail address when they are locked out of SSO and for our external collaborators to get assistance. I cannot close the e-mail channel.

    Is there a way for us to just use your SPAM detector to block BEFORE it even creates a ticket?

     

    As a test I am de-selecting the option to Send via GMAIL servers in case that is where the exposure occurred.

    0
  • Sean Cusick
    Comment actions Permalink

    Hi Forrest, It is unlikely that any upcoming outbound sending changes caused this, though I will check with our Dev team to see if that is a possibility. Spammers are tenacious and they will continue to attack whatever they believe to be viable targets. Native Zendesk support addresses are targeted because they have one less spam check to go through to become a ticket, where a forwarded email is subject to two spam checks, doubling the likelihood of suspension. It is also unlikely that the "Send email via Gmail" feature would have caused any exposure to a native Zendesk address, as that traffic is never routed through that feature. It just sometimes happens that spammers move from account to account trying to target them as a relay for spam. Spam is an unfortunate byproduct of any system that relies on the use of email.  

    0
  • Forrest Hoffman
    Comment actions Permalink

    Thanks, what alarms me is the SPAM has never been a problem (more than 3 years) until about 3 weeks ago. Then it was like a floodgate opened and I am receiving more every week. I have not made any other changes to our advertising with regards to the support e-mail and it seems to correlate very closely to the AWS transition or my change to the use GMAIL sender.  I thought using the GMAIL sender might give more protection even though we are O365 based but I may have been mistaken.

    0
  • Tyler
    Comment actions Permalink

    I'm seeing the exact same thing on my account. Approximately 3 weeks ago I started receiving much more spam and some are making it through the spam filters.

    0
  • Pierre Clouthier
    Comment actions Permalink

    Use "Bulk delete" Zendesk plugin to facilitate getting rid of the trash.

    0
  • Forrest Hoffman
    Comment actions Permalink

    Is it also possible that this recent announcement by Zendesk has somehow allowed SPAM to get into the e-mail channel without being the CC?  BTW, since the announcement linked above, I have not received ANY more SPAM or Suspended tickets.

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Forrest,

    The announcement you mentioned above was actually implemented March of 2018 so I don't think the two would be related. It looks like the article was archived but then made public again which would explain why you received the email notification. Glad to hear you're no longer receiving Spam in your account!

    Let me know if you do have additional questions for me.

    Cheers!

    0
  • Lila Kingsley
    Comment actions Permalink

    The article above states "Emails submitted by end-users on the blacklist are suspended or rejected."  Can you please clarify what causes it to suspend vs reject??  I didn't see any explanation of this in the article--apologies if I missed it.  For us, if we go to the trouble of blacklisting an email address/domain, we wouldn't want it to go in the suspended tickets view because someone will still have to look at it.  If we blacklist we don't want to see it. 

    0
  • Devan - Community Manager
    Comment actions Permalink

    Hello Lila,

    I went ahead and linked an article that breaks down the differences between suspended and rejected emails. The main difference, though, is suspending an email means putting it aside for further review while rejected, removes it completely.

    Hope this helps explain things a little bit more, and if there is anything else we can help with, please let us know.  

    0
  • Lila Kingsley
    Comment actions Permalink

    Hi Devan, 

    I understand the difference between suspension/rejection, my question was what determines whether an email from a blacklisted user is suspended or rejected.

    This article is unclear and indicates they will either be suspended or rejected but does not provide any info why/what causes one result vs the other.  I would expect blacklisting to always result in a rejection.

    As I stated above, if we go to the trouble of blacklisting we will not want the ticket going to the suspended tickets view, as that means someone will still have to look at it.

    0
  • Devan - Community Manager
    Comment actions Permalink

    Hello Lila,

    My apologies if the article I linked didn't help clarify what determines if an email is suspended or rejected. In that article is a link that does expand on the difference and breaks down the different reasons why a ticket would be suspended. As for a ticket being rejected, this is going to be caused by the system 100% knowing that the ticket is something that should not be accepted like spam or a source you have blacklisted. Let me know if this breaks things down better and appreciate you reaching out to us. 

    0
  • Dawn Spooner
    Comment actions Permalink

    Tyler and Forrest are right, we have been getting spam like crazy over the last month or so.  We will get bursts of 200 email within 10 minutes.  Some ends up in Suspended tickets, but most get through.  I enable DMARC in hopes it would help, but no luck.  The messages appear to be in Russian.  Zendesk's answer to us when we first called is to add a rule to delete them based on the subject.  This doesn't work if the characters in the subject are not letters.  No sure why Zendesk can't prevent this.  We have been missing tickets because they are getting tangle in all the spam.  

    0
  • Pierre Clouthier
    Comment actions Permalink

    They are characters - it's Cyrillic, the Russian character set. Just copy & paste.

    Use the "Bulk delete" app to make it easy to delete the rejected tickets.

    the solution is to Edit your trigger at https://[[subdomain]].zendesk.com/agent/admin/triggers/[[trigger_id]] to add the Current user is: end user condition, and remove the placeholders.

    There should be a Zendesk FAQ page with the details, I got my info in a reply to a support ticket.

    0
  • Dawn Spooner
    Comment actions Permalink

    Yes, I know they are characters, but not letters (as on the keyboard).  The copy and paste doesn't quite work (not all the characters come through).  The problem is these tickets are NOT being rejected or suspended - they are coming through as real tickets, and every ticket is coming through as a different user.  Unfortunately, you cannot use a trigger to delete a ticket.

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Dawn,

    One of our Advocates recently posted an article for Combatting spam submitted via web service that may help. Have you had a chance to take a look at this?

    0
  • Dawn Spooner
    Comment actions Permalink

    Unfortunately the spam is not being created via web service.  The tickets are being generated from email going to our zendesk support email.  Since they are creating tickets, it is throwing our numbers way off.

     

    0
  • Brett - Community Manager
    Comment actions Permalink

    Thanks for the update Dawn!

    I'm going to generate a ticket on your behalf so our Customer Advocacy team can dig into this further.

    You'll receive an email shortly stating your ticket has been created.

    Cheers!

    0
  • Dawn Spooner
    Comment actions Permalink

    Thank you Brett!

    0
  • Ryan Frye
    Comment actions Permalink

    Hey yall, 

     

    We have our external phone system RingCentral setup to route support call notifications and voicemails into Zendesk. The notifications that come in go into the Suspended view even though I've whitelisted the email address. Also, when the ticket is recovered from the Suspended view, the voicemail attachment is no where to be found. So two questions: 

    1. How to I configure the email address to not be automatically suspended when submitting a notification?

    2. How do I get the voicemail attachment to come through?  

    Best regards, 

    Ryan

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Ryan,

    Since this is a 3rd party integration, you may want to reach out to Ring Centrals support team directly for assistance. The only thing I can recommend is checking what the cause of suspension is and reviewing the following article: Causes for ticket suspension

    It's possible that these emails are being suspended due to the address they're originating from. If that's the case, it may be worth forwarding these voicemails to another email address that then forwards to your support account.

    Let me know if you have any other questions for me.

    Cheers!

    0

Please sign in to leave a comment.

Powered by Zendesk