Using the whitelist and blacklist to control access to Zendesk Support Follow

all plans

You can control access to your Zendesk based on your end-users' email addresses; either accepting or rejecting their attempts to register as a user in Zendesk Support or to submit support requests. You do this using the whitelist and blacklist. The whitelist can be used to allow access to everyone or just specific email addresses and domains. The blacklist, used with the whitelist, prevents access to all users who have not been added to the whitelist or specific users by email addresses and domains.

Email received from blacklisted users' domains and email addresses can be immediately routed into the suspended email queue or completely rejected, preventing tickets and accounts from being created.

The whitelist and blacklist are end-user settings.

In this example, the whitelist contains the MondoCam corporate domain. All email originating from this domain (including subdomains) are accepted. The blacklist is then used to declare that all other email is not users are blocked. This is done by adding an asterisk (*), which is a wildcard that blacklists (suspends) everything, meaning that all users will be blocked and prevented from creating and authenticating accounts. All email not received from the mondocamcorp.com domain is sent to the suspended tickets queue.

You can however also reject users' email, meaning that it will not be added to the suspended tickets queue. There will be no record of the email in your Zendesk.

If you've configured Zendesk Support to accept requests from anyone, you can use the blacklist to filter out specific unwelcome users' email domains and addresses, such as spam.

Email that has been suspended as a result of having been blacklisted is added to the suspended ticket queue and flagged as blacklisted.
Note: To access your blacklist and whitelist, you must have Enabled selected next to the Anybody can submit tickets option under Admin () > Settings > Customers.

To edit your whitelist and blacklist settings

  1. Click the Admin icon () in the sidebar, then select Settings > Customers.
  2. Enter your whitelist and blacklist settings (see examples below).
  3. Click Save tab.
Note: If you place a wildcard (*) in the Blacklist, all users will no longer be able to create or authenticate accounts in any way, including via the interface, API, SSO, etc. You must add specific users to the whitelist.

Whitelist and blacklist usage examples

The whitelist and blacklist are used together to create rules for accepting, suspending, and rejecting users' email. Aside from the asterisk (*), which suspends all users', you can use the reject keyword to make the email bypass the suspended tickets queue and get deleted. However, note that reject only affects email and doesn't prevent users from creating an account in your Zendesk. The whitelist will automatically override the blacklist.

Approve a domain, suspend all others

This example whitelists one user's domain and suspends all others.

whitelist: mondocamcorp.com
blacklist: *

You can also add more than one user's domain or email address to the whitelist. Separate each with a space.

whitelist: mondocamcorp.com mondocam.com mondostore.com
blacklist: *

Approve a domain, but suspend specific email addresses within it

In this example, an entire domain is approved in the whitelist, all other users are suspended by using an asterisk in the blacklist, and then a specific email address within the approved domain aresuspended using the suspend keyword.
whitelist: gmail.com
blacklist: * suspend:randomspammer@gmail.com

Using this method, you can suspend specific email addresses from a domain that you have approved in the whitelist.

Approve a domain, but reject specific email addresses and domains within it

Similar to the previous example, a domain is approved in the whitelist and then exceptions to that approval are made in the blacklist. Instead of suspending a specific user's email address, it is instead rejected.
whitelist: gmail.com
blacklist: * reject:randomspammer@gmail.com

This example also shows that you can add multiple email addresses and domains to the blacklist.

Approve all, but reject specific email addresses and domains

You can also leave the whitelist empty, meaning that all users are accepted, and then make exceptions for specific user's email addresses and domains.

whitelist: 
blacklist: reject:randomspammer@gmail.com reject:megaspam.com

Marking tickets as spam and suspending users

If email somehow makes it through the spam filter and your blacklist and tickets and new user accounts are created, you have two options for purging your Zendesk of both.

One of the ticket update options is Mark as spam and suspend user, which deletes the ticket and suspends the ticket requester. You can also select a user's account and suspend their access. For more information, see Suspending a user in the Zendesk Agent Guide.

A note about blacklisting people who have been CC'd on tickets

If you blacklist a user that has already been added to tickets as a CC, please note that blacklisting the user's email address will not remove themfrom those existing tickets. Also be aware that it is possible for agents to add blacklisted email addresses as CCs to new tickets.

Have more questions? Submit a request

Comments

  • 0
    Are you able to blacklist everyone within a domain except for a specific user? The reason is because my organization charges for support and the client wants only one person to be responsible for contacting support so that they don't run up a huge support bill
  • 0

    You sure can. Add the domain you want to block to your blacklist and the address you want to allow to your whitelist. Something like:

    That will block incoming tickets from everyone at "sample.com" except "theguy".

  • 0

    We want to keep "anybody can submit tickets" unchecked as we have it tied to SSO for our website. However, we are seeing legitimate customers that send tickets to our support email address get suspended. Is there a way to modify the whitelist with "anybody can submit tickets" unchecked?

    Or better yet, can we just turn off the ticket suspension feature? Its very annoying.

    --Thor

  • 0

    Thanks, Thor! This is a useful question. 

    It sounds like you're using SSO with a closed Zendesk, which should not be causing customers that are already a part of your organization with sign-in credentials to be suspended. You can read more about that here: 

    https://support.zendesk.com/hc/en-us/articles/203663746-Setting-up-a-closed-Zendesk#topic_qpm_rs2_hj

    If these are legitimate customers that don't already have login credentials through your SSO, then there's unfortunately not much we can do, as Suspended Tickets will always be an inherent part of the Zendesk interface.

    However, this sounds like we will need to dig deeper into what might be happening specifically with your account. Would you mind opening up a ticket with us so we can take a closer look?

  • 0

    Okay I am getting bounced. I submitted a ticket as requested and now being bounced back to the forums. We know of another company using Zendesk that is doing exactly what were attempting to do (as told to us by a previous employee), yet we cannot figure out how to do this. Let me try and explain this a different way in case I am just not being clear...

    We have two ways in which customers can submit tickets to us.. first way is just send an email into our support email address (support@brightlocker.com). The other is through the Zendesk "submit a ticket form". When customers use the form, we want them to be authenticated so we want to keep "anybody can submit tickets" unchecked as we have it tied to SSO for our website. However, we are seeing legitimate customers that send tickets to our support email through the support@brightlocker.com address (not using the ticket form) get suspended. Is there a way we can allow ANYONE to submit tickets to support@brightlocker.com without having an account or using SSO, while making it so that if you are on our website (signed in) and want to use the ticket form, we do force you to login if your not? is this possible? Right now if people submit tickets to support@brightlocker.com their tickets are coming in, but they are falling into the suspension box, can we make it so that tickets sent to support@brightlocker.com dont end up in the suspension box and go right into the main boxes so agents can work on them?

     

  • 0

    Hi Thor. So sorry that you've been feeling like you're being bounced around. I think it's sometimes hard to coordinate these channels. 

    Seeing what you're trying to do, I would recommend this: 

    • Check the anyone can submit a ticket box. Once that's checked, you'll be able to whitelist and blacklist whole domains and/or single addresses, still limiting who can submit email messages.
    • Go to your Help Center settings and make sure that require sign-in is checked. This will make it so that if anyone comes to your help center who is not a member, they will be prompted to sign in before proceeding.

    Having this set-up instead of a strictly closed Zendesk will allow you the flexibility you're looking for. The only tickets you'll get from *anyone* will be email messages, which sounds to be okay by you.

  • 0

    Hi there,

    Is there a way to use this "whitelist & blacklist" through the API? I want to add and remove emails to those lists using your API.

    Best regards

  • 0

    Hello Ulises,

     

    I am afraid that you cannot currently update the white and black list through our API at the moment.

  • 0

    Our white and black list settings are wide open, meaning that nothing is blocked. However I wonder if I set one domain, will that mess things up for the rest of our client base, as I really don't want to be including hundreds of domains and have to maintain it.

    I suspect yes, but want to confirm.

  • 0

    Can you blacklist Out Of Office

  • 0

    Hey Christine!

    It's not possible to blacklist emails by type, only by email address or domain. However, Zendesk automatically filters out Out of Office auto-responders, so there's no need to blacklist them.

    Can you go into more detail about what issue you're encountering?

  • 0

    Hello,

     

    In our organisation our clients are occasionally contacting us about a auto-reply war (two emails auto reply to each other constantly) within one of our systems. We have whitelisted our email domain but these emails still get suspended due to "Automated response mail, out of office" any advice on how to allow these through?

  • 0

    Hey Brendon!

    Zendesk is set up to automatically suspend auto-responders, since they're not generally useful in the context of a ticket.

    I'm not totally clear on what you're asking here...are auto-responders sneaking through to your Zendesk when they shouldn't? Or are you saying that you want automated responses to be added to a ticket?

  • 0

    We have a CRM system here as well as zendesk. Sometimes people of the CRM system encounter an issue were they have an auto responder war between two emails due to an accidental email. So the users of this system contact the managers of the CRM system to stop this. They do so through our zendesk installation. So they are using words which are being flagged as an auto responder and these emails are being blocked. How can I stop them from being blocked without telling each user to be careful of the words they are using.

  • 0

    Hey Brendan, sorry for the delay in getting back to you.

    The easiest way to get around this would be to works with the CRM managers outside of Zendesk, but I realize that might not be feasible depending on your workflow.

    Otherwise I don't have any good suggestions, but I'm going to check with our Support team to see if they can shed any more light on this for us.

  • 0

    Hey Brenden, 

    Unfortunately, the only way for you to prevent these e-mails from being suspended is by having the CRM users change the wording of the e-mail. You will need to have them remove the word 'vacation', 'Out of Office', 'Auto-reply', or any similar terminology from the email header in order to prevent the system from detecting these as automated responses. 

Please sign in to leave a comment.

Powered by Zendesk