Using the allowlist and blocklist to control access to Zendesk Support

Return to top
Have more questions? Submit a request

108 Comments

  • Brian Manning

    You sure can. Add the domain you want to block to your blacklist and the address you want to allow to your whitelist. Something like:

    That will block incoming tickets from everyone at "sample.com" except "theguy".

    3
  • JeffreyTurmelle

    Can you whitelist all subdomains, for example *.mydomain.com ?

    2
  • William Braun

    Is it possible to black list an entire top-level domain (.e.g *.ru)?

    This would help significantly with our suspended tickets (spam) coming from Eastern European countries.

    1
  • Randall Kiesewetter

    Just something to note for other users in configuring whitelist/blacklists:

    There is an example in this article which I tried to emulate to restrict access to only selective users in a domain. 

    Whitelist: theguy@sample.com
    Blacklist: sample.com
    That will block incoming tickets from everyone at "sample.com" except "theguy".

    Hence I configured our whitelist with 3 specific emails and blacklisted their domain. However when doing so I received the error:

    "Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organizations".

    The error message is because I was attempting to blacklist a domain already configured in the Domains field for this particular organization. For this reason, the domain is whitelisted and hence the contradiction. 
    If you need to blacklist the domain, you will first need to remove the domain from the particular Organization's profile page, then go back and set the whitelist of individual users and blacklist the domain, then go back and include the domain in the Domains field for this particular organization.

    1
  • Carlos Posadas

    Looks like spam filter does not apply to tickets created  Via Mobile SDK (web widget with answer bot).  

     

    Added reject:qq.com to blacklist, however, spam tickets are created regardless.  Any ideas on how to resolve this?

     

    1
  • Ryan
    Zendesk Team Member

    Hi Ashley,


    Sorry for the late reply -- Unfortunately this is a Catch-22 with the org whitelisting -- there is no way to blacklist someone who is in an org. You would have to manually remove them from the Org to do so. Otherwise, if you're trying to prevent specific users from creating tickets, it will likely be easier to suspend their profile rather than working around this (which will cause the tickets to be suspended, while still remaining in the org).

    ______

    @Aisling -- Unfortunately we do not support wildcard or Regex within the blacklist field at this time --- though this is a common feedback. I highly recommend making a feedback request to properly log your support (post the link here, Once you go to the section, and I would be glad to upvote it to help garner some views!).

    In reverse, you may want to add your tester emails manually to an organization, which will then selectively whitelist that particular email. You could then continue to add identities to that one profile, to avoid needing multiple accounts (though a bit manual unfortunately).

    Hopefully that helps!

    1
  • PenN

    I have added "rejected:spam.com" [spam=the domain name] in the blacklist field and click save, but I'm still receiving emails from them.

    Any advice?

    1
  • Ashley Doyle

    Thanks for the clarification Ryan.

    Looks like suspending their profile might be the way to go in this instance.

    Thanks again for your help :)

     

    1
  • Gasper Jubani

    Hi, I am trying to whitelist all noreply emails. Would this rule do anything? I am afraid to try because of the wildcard on it.

    1
  • Ulises Garcia

    Hi there,

    Is there a way to use this "whitelist & blacklist" through the API? I want to add and remove emails to those lists using your API.

    Best regards

    1
  • Jody Mickey

    Can you blacklist an entire TLD?  I've got ".ru .cn" in the blacklist but still get tickets from spammers like "example@mail.ru".  

    1
  • Martynas Majeris

    @Brett I haven't had any new occurrences in Suspended queue since the fix was put in place. Still keeping an eye out, but it looks like it was fixed. Thanks!

    1
  • Brett Bowser
    Zendesk Community Team

    @Martynas it looks like there was a fix deployed recently that addresses this issue. Can you confirm on your end?

    @Louis, when using reject there will be no record within Zendesk to track these emails. As for setting up separate blacklisting rules, I'm afraid this cannot be done. This setting is account wide and not specific to support addresses. You may need to set up a rule on your email provider side to account for this.

    @Lijun see my response to Martynas above. If you still don't see emails being rejected and showing in the suspended tickets view let me know!

    1
  • Ryan
    Zendesk Team Member

    Hey Nick and Carlos Posadas,

    In general to remove all incentive from spammers targeting your account, we recommend changing your triggers to not relay the original message back to the requester on ticket creation (the spammers are using their target's email as requester, then sending their message to them by way of your trigger).

    More details can be found here:
    https://support.zendesk.com/hc/en-us/articles/360025895613-Combating-spam-submitted-via-web-service- 


    If you have any questions about the above, please write into Support, and our advocates may be able to assist you further.


    ----
    As for the Mobile SDK bit in general -- The "Via" is just a cosmetic change to the ticket itself (left open for various integrations and customizations on your side, to denote your ticket how you would like). This spam is still likely coming through the API, so the above article should be useful.

    0
  • Brett Bowser
    Zendesk Community Team

    Glad to hear it Martynas :)

    0
  • Lijun Wu

    Is the Regex working within the blacklist now? Any update on this?

    0
  • Brendon Murphy

    Not sure if this will help you Jessica but in our organisation we have a number of email accounts that will send us auto responders so to combat this we made a zendesk organisation called (Auto responder) which we assign to any email account that will send us an auto response and then our trigger that does the Autoresponder from us has the following condition Ticker: organisation is not "Auto responder"

    0
  • Martynas Majeris

    Seems like having "reject:somedomain.com" in blacklist does not make emails from that domain skip suspended queue anymore.

    0
  • Salih Özdemir

    Hi,

    Is there any way to update allowlist/blocklist via API?

    Regards.

    0
  • Pooja Palan
    Zendesk Product Manager

    Hi Everyone,

    Thank you for all of your questions on the blocklist / allowlist settings. We love your feedback. If you have more product feedback on this topic, we'd like to hear from you!

    Please find some time to talk to our product directly at https://calendly.com/pooja-palan/30min?back=1&month=2021-08

    Thanks!

    0
  • Diogo Maciel
    Zendesk Customer Advocate

    Hi James!!

     

    The asterisk in your blacklist prevents any user from creating and authenticating accounts. Tickets from every user not added to the whitelist will be sent to the suspended tickets queue in that case. The user needs to be added to the whitelist.

     

    0
  • Aisling nic Lynne

    Does it work if you include a wildcard within an email address?

    For example, my company uses one gmail account as an outside-our-system account for certain tests. I don't want to blanket whitelist gmail.com, but I do want to whitelist an email like tester@gmail along with all its "+"-style aliases tester+1@gmail tester+caseb@gmail etc.

    So does "tester*@gmail.com" work properly in the whitelists?

    0
  • Ashley Doyle

    Howdy all.

    Our white/black lists looks (sort of) like this:

    • whitelist: "domain1.com domain2.com domain3.com" (add 6 more)
    • blacklist: "* suspend:user.name@domain3.com"

    When I click the "save tab" button I get the error "Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organizations: suspend:user.name@domain3.com".

    This seems odd as our whitelist/blacklist setup looks a lot like the one demonstrated under the heading "Approve a domain, but suspend specific email addresses with the domain".

    I'm wondering if because the whitelisted domains are mapped to organisations - do we even need to have them in the whitelist? Or does this happen automagically? I'm not sure what/where we've gone wrong.

    Any help would be appreciated.

    Cheers.

    0
  • Patrick Hawkins

    Is adding users to the whitelist or blacklist via API available yet?

    0
  • Sean Cusick
    Zendesk Team Member

    Hi Jozsef, You should be able to remove the reject: portion from the blocklist. This will cause emails from that domain to be suspended, but it should allow the one address that you have in your allowlist to be processed as expected. Any time you use the reject: syntax it will reject all traffic from that domain. 

    0
  • Brett Bowser
    Zendesk Community Team

    Hi Jody,

    It is not possible to blacklist top-level domains within Support at this time. You would need to blacklist the individual email addresses or the "mail.ru" domain to prevent these emails from generating tickets on your account. 

    I've attached some additional tips to combat spam which I believe you will find useful here.

    Let us know if you have any other questions!

    0
  • Sean Cusick
    Zendesk Team Member

    Hi Jozsef, Because assisting you further will require us to inspect your account setup and to examine specific examples, could you open a ticket with us at support@zendesk.com so that we can investigate further? Thanks, Sean

    0
  • Thor

    We want to keep "anybody can submit tickets" unchecked as we have it tied to SSO for our website. However, we are seeing legitimate customers that send tickets to our support email address get suspended. Is there a way to modify the whitelist with "anybody can submit tickets" unchecked?

    Or better yet, can we just turn off the ticket suspension feature? Its very annoying.

    --Thor

    0
  • RTB_IT

    What should the configuration be if we need the user to be able to log in to create the account via SSO, update tickets created for him, allow them to reply to tickets created for them but NOT allow them to email the mailbox to create a ticket?

     

    Setup:

    -SSO Enabled

    -Users account is created while logging into the portal page or if a ticket is created for them by an agent

    -User needs to be able to reply to the ticket notification email, update the ticket via the portal but NOT have access to email the zendesk support address directly to create a ticket.

     

    I tried setting the domain as whitelisted, then set the blacklisting to reject:domain. This allows the following;

    -account can be created on login

    -user cannot email directly and create a support ticket

    -user can update tickets via the portal

    -user CANNOT update the ticket by replying to the ticket notification (This we need enabled)

     

    Thanks

    0
  • Brendon Murphy

    We have a CRM system here as well as zendesk. Sometimes people of the CRM system encounter an issue were they have an auto responder war between two emails due to an accidental email. So the users of this system contact the managers of the CRM system to stop this. They do so through our zendesk installation. So they are using words which are being flagged as an auto responder and these emails are being blocked. How can I stop them from being blocked without telling each user to be careful of the words they are using.

    0

Please sign in to leave a comment.

Powered by Zendesk