You can control access to your Zendesk by adding end users' email addresses and domains to your blocklist and allowlist. Using the blocklist, you can prevent specific users, or sets of users, from registering and submitting support requests. Using the allowlist, you can allow specific users, or sets of users, to access your Zendesk and submit support requests.

This article contains the following sections:
- About the blocklist and allowlist
- Setting up your blocklist and allowlist
- Allowlist and blocklist usage examples
About the blocklist and allowlist
The blocklist and allowlist can help you create rules for accepting, suspending, and rejecting users' emails. Any email that is suspended because of the blocklist will be added to the suspended queue and flagged. If you have set up user mapping, any email domains you add to the allowlist will automatically be included (see Automatically adding users to organizations based on their email domains).
Your allowlist will automatically override your blocklist. For example, if you blocked a specific domain, but allowed a user with that email domain, they will be given access.
Depending on how your Zendesk is set up, you can use the blocklist and allowlist to apply additional settings to control who can access your Zendesk. If your Zendesk permits anyone to submit tickets, such as in open support type, you can use the blocklist to filter out spam email addresses and domains (see Suspending a user in the Zendesk Agent Guide). If you require users to register, you can use the blocklist, so only approved email address and domains can submit support requests and authenticate accounts.
The blocklist and allowlist feature contains rules you can combine to easily restrict access. See the section below for a list of the available blocklist and allowlist rules.
Setting your blocklist and allowlist
- You can enter up to 10,000 characters in each of the allowlist and blocklist fields.
- To allow all users to submit tickets to your Zendesk, except those added to the blocklist, leave the allowlist blank.
- To suspend ticket submissions from all users, except for those added to the allowlist, add a wildcard(*) in your blocklist.
Important: The wildcard will send tickets from every user not added to the allowlist into the suspended tickets queue, and prevents new users from creating accounts.
- Use keywords or symbols with a blocklist or allowlist entry to make the restrictions broader, or more specific:
- To route tickets from specific users to the Suspended Tickets queue, enter the keyword
suspend:
in front of an email address or domain in your blocklist. Usage example - To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the allowlist or blocklist with "@".
- To completely block support requests from specific users, enter the keyword
reject:
in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
- To route tickets from specific users to the Suspended Tickets queue, enter the keyword
- To send support requests from specific users to the suspended tickets queue, enter the keyword in front of an email address or domain in your blocklist. This is identical to blocklisting without a keyword.
- To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the allowlist or blocklist with "@".
- Being placed on the allowlist does not allow users to override their tickets from being suspended if the subject contains the text "Out of Office" or if the ticket comes from an email flagged as a "do not reply" address.
- To completely block support requests from specific users, enter the keyword
reject:
in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
reject:
only applies to support requests and doesn't prevent users from creating an account in your Zendesk.To edit your blocklist and allowlist
- Click the Admin icon (
) in the sidebar, then select Settings > Customers.
- Enter your allowlist and blocklist settings. You can view some of the common blocklist and allowlist examples in the section below. If you are adding multiple email addresses or domains, separate with a space.
- Click Save tab.
Allowlist and blocklist usage examples
You can use a combinations of the blocklist and allowlist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk by adding the domain in the allowlist and suspend all users with a different email domain by adding a wildcard (*) in the blocklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
allowlist: mondocamcorp.com blocklist: *
If you want to allow more than one domain access, you can enter multiple domains separated by a space. In the example below email from the domains mondocamcorp, comdocam, and mondostore are permitted and all other users will be suspended.
allowlist: mondocamcorp.com mondocam.com mondostore.com blocklist: *
Approve a domain, but suspend specific email addresses with the domain
You can prevent a specific email address with an allowed domain from accessing your Zendesk by using the suspend
keyword.
allowlist: gmail.com blocklist: * suspend:randomspammer@gmail.com
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous example, you can block specific email addresses from using an allowed domain by entering their email address in the blocklist. You can use the reject
keyword to prevent a user's tickets from being adding to your Zendesk at all.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets cue, except for the email address randomspammer@gmail.com. Email from randomspammer@gmail.com will be rejected completely, and the ticket will not be recorded in your Zendesk.
allowlist: gmail.com blocklist: * reject:randomspammer@gmail.com
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register, except for specific email address and domains. To allow all users to register, you can leave the allowlist blank, then enter any blocked users.
In the example below, everyone can access your Zendesk, except for randomspammer@gmail.com and megaspam.com. Since the reject:
keyword is used, all email from those accounts will be blocked completely and the ticket will not be recorded in your Zendesk.
allowlist: blocklist: reject:randomspammer@gmail.com reject:megaspam.com
Suspend support request tickets from specific email addresses or domains
Simply adding an email address or domain to your blocklist suspends tickets from those users, but only if those tickets are submitted through the email channel.
allowlist: blocklist: suspend:randomspammer@gmail.com suspend:megaspam.com
98 Comments
You sure can. Add the domain you want to block to your blacklist and the address you want to allow to your whitelist. Something like:
That will block incoming tickets from everyone at "sample.com" except "theguy".
We want to keep "anybody can submit tickets" unchecked as we have it tied to SSO for our website. However, we are seeing legitimate customers that send tickets to our support email address get suspended. Is there a way to modify the whitelist with "anybody can submit tickets" unchecked?
Or better yet, can we just turn off the ticket suspension feature? Its very annoying.
--Thor
Thanks, Thor! This is a useful question.
It sounds like you're using SSO with a closed Zendesk, which should not be causing customers that are already a part of your organization with sign-in credentials to be suspended. You can read more about that here:
https://support.zendesk.com/hc/en-us/articles/203663746-Setting-up-a-closed-Zendesk#topic_qpm_rs2_hj
If these are legitimate customers that don't already have login credentials through your SSO, then there's unfortunately not much we can do, as Suspended Tickets will always be an inherent part of the Zendesk interface.
However, this sounds like we will need to dig deeper into what might be happening specifically with your account. Would you mind opening up a ticket with us so we can take a closer look?
Okay I am getting bounced. I submitted a ticket as requested and now being bounced back to the forums. We know of another company using Zendesk that is doing exactly what were attempting to do (as told to us by a previous employee), yet we cannot figure out how to do this. Let me try and explain this a different way in case I am just not being clear...
We have two ways in which customers can submit tickets to us.. first way is just send an email into our support email address (support@brightlocker.com). The other is through the Zendesk "submit a ticket form". When customers use the form, we want them to be authenticated so we want to keep "anybody can submit tickets" unchecked as we have it tied to SSO for our website. However, we are seeing legitimate customers that send tickets to our support email through the support@brightlocker.com address (not using the ticket form) get suspended. Is there a way we can allow ANYONE to submit tickets to support@brightlocker.com without having an account or using SSO, while making it so that if you are on our website (signed in) and want to use the ticket form, we do force you to login if your not? is this possible? Right now if people submit tickets to support@brightlocker.com their tickets are coming in, but they are falling into the suspension box, can we make it so that tickets sent to support@brightlocker.com dont end up in the suspension box and go right into the main boxes so agents can work on them?
Hi Thor. So sorry that you've been feeling like you're being bounced around. I think it's sometimes hard to coordinate these channels.
Seeing what you're trying to do, I would recommend this:
Having this set-up instead of a strictly closed Zendesk will allow you the flexibility you're looking for. The only tickets you'll get from *anyone* will be email messages, which sounds to be okay by you.
Hi there,
Is there a way to use this "whitelist & blacklist" through the API? I want to add and remove emails to those lists using your API.
Best regards
Hello Ulises,
I am afraid that you cannot currently update the white and black list through our API at the moment.
Our white and black list settings are wide open, meaning that nothing is blocked. However I wonder if I set one domain, will that mess things up for the rest of our client base, as I really don't want to be including hundreds of domains and have to maintain it.
I suspect yes, but want to confirm.
Can you blacklist Out Of Office
Hey Christine!
It's not possible to blacklist emails by type, only by email address or domain. However, Zendesk automatically filters out Out of Office auto-responders, so there's no need to blacklist them.
Can you go into more detail about what issue you're encountering?
Hello,
In our organisation our clients are occasionally contacting us about a auto-reply war (two emails auto reply to each other constantly) within one of our systems. We have whitelisted our email domain but these emails still get suspended due to "Automated response mail, out of office" any advice on how to allow these through?
Hey Brendon!
Zendesk is set up to automatically suspend auto-responders, since they're not generally useful in the context of a ticket.
I'm not totally clear on what you're asking here...are auto-responders sneaking through to your Zendesk when they shouldn't? Or are you saying that you want automated responses to be added to a ticket?
We have a CRM system here as well as zendesk. Sometimes people of the CRM system encounter an issue were they have an auto responder war between two emails due to an accidental email. So the users of this system contact the managers of the CRM system to stop this. They do so through our zendesk installation. So they are using words which are being flagged as an auto responder and these emails are being blocked. How can I stop them from being blocked without telling each user to be careful of the words they are using.
Hey Brendan, sorry for the delay in getting back to you.
The easiest way to get around this would be to works with the CRM managers outside of Zendesk, but I realize that might not be feasible depending on your workflow.
Otherwise I don't have any good suggestions, but I'm going to check with our Support team to see if they can shed any more light on this for us.
Hey Brenden,
Unfortunately, the only way for you to prevent these e-mails from being suspended is by having the CRM users change the wording of the e-mail. You will need to have them remove the word 'vacation', 'Out of Office', 'Auto-reply', or any similar terminology from the email header in order to prevent the system from detecting these as automated responses.
Hi,
how can I block automated messages from a ServiceNow ticket system (used by IT - ServiceNow@company.com)?
The following occur:
- We send them a ticket
- ServiceNow create a ticket
- ServiceNow close the ticket
- The closing notification opens a new ticket in zendesk. This opens a new ticket in ServiceNow and so on...
I want to blacklist ServiceNow@company.com
But the following advice is shown: Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organizations:ServiceNow@company.com?
But I want to block tickets from this emailadress. How can I do that?
Not sure if this will help you Jessica but in our organisation we have a number of email accounts that will send us auto responders so to combat this we made a zendesk organisation called (Auto responder) which we assign to any email account that will send us an auto response and then our trigger that does the Autoresponder from us has the following condition Ticker: organisation is not "Auto responder"
Hi Brendon,
thank you very much for your answer. We created an organisation "Auto Responder". But adding to trigger does not help, since we want to avoid, that from this emailadress are tickets created. (that's why we tried to blacklist this email). We need to ask Zendesk support.
It would be great if this case (blacklist one mailaddress from company.com) can be added to this description.
BR.
Is it possible to automatically delete messages from blacklisted domains? I continue to get spam from the same domain, but would prefer they not show up as "suspended". Sometimes I look through the suspended emails to see if any accidentally became suspended, and it would be nice to eliminate this domain altogether.
Hey Nicole!
You can definitely do this! In your blacklist field you just need to put reject:spamdomain.com (where "spamdomain" is the name of this problem domain) and it'll prevent emails from that domain from even coming into your Zendesk.
There's a little more detailed info on this in the very last two sections of the article above, too, with screenshots of what it looks like alongside other stuff you might already have in your blacklist field. Hope that helps!
Is there any way to modify the message that appears when someone tries to sign up with a blacklisted domain? We would like to be able to clarify that they must sign up with a domain recognized for their organization and inform them that they can email us to have their address whitelisted if that is not possible.
Hey Kendall!
There isn't anything natively built into the product that would allow you to do that, but you might be able to rig something up using JavaScript. That's outside the realm of my knowledge, but hopefully one of our awesome Community members will be able to help!
We have an automated e-mail that comes in from one of our vendors after an order is made. We need it to create a ticket but it keeps getting suspended as an automated response e-mail. I have whitelisted the e-mail address but it is still getting suspended. Is there anything that can be done?
Hi Mark, I apologize, at this time we do not support any automated traffic being processed through the email channel. The API is the recommended channel for this type of programmatic ticket creation. That being said, you might want to investigate a 3rd party app like Shredder, which can periodically scan your suspended queue for certain types of suspensions and then recover them.
If I manually create an end user whose e-mail address/domain is not in our whitelist (and our blacklist has an asterisk), and then manually verify that user's address on my end as an admin, will that end-user:
1) Be able to log in and submit tickets through our portal, and/or
2) Will any e-mails sent to us by that end-user still be automatically suspended?
Shorter question: does manually verifying a non-whitelisted address implicitly approve it? Or do I still need to explicitly add it to the whitelist?
Welcome to the Community, James! Sorry for the delayed response.
I'm working on getting an answer to this for you!
Hi James!!
The asterisk in your blacklist prevents any user from creating and authenticating accounts. Tickets from every user not added to the whitelist will be sent to the suspended tickets queue in that case. The user needs to be added to the whitelist.
What reply will users who are suspended get if any?
What about rejected if any?
Thanks!
Can you whitelist all subdomains, for example *.mydomain.com ?
Please sign in to leave a comment.