You can control access to your Zendesk by adding end users' email addresses and domains to your blacklist and whitelist. Using the blacklist, you can prevent specific users, or sets of users, from registering and submitting support requests. Using the whitelist, you can allow specific users, or sets of users, to access your Zendesk and submit support requests.
) > Settings > Customers.This article contains the following sections:
About the blacklist and whitelist
The blacklist and whitelist can help you create rules for accepting, suspending, and rejecting users' emails. Any email that is suspended because of the blacklist will be added to the suspended queue and flagged. If you have set up user mapping, any email domains you add to the whitelist will automatically be included (see Automatically adding users to organizations based on their email domains).
Your whitelist will automatically override your blacklist. For example, if you blacklisted a specific domain, but whitelisted a user with that email domain, they will be given access.
Depending on how your Zendesk is set up, you can use the blacklist and whitelist to apply additional settings to control who can access your Zendesk. If your Zendesk permits anyone to submit tickets, such as in open support type, you can use the blacklist to filter out spam email addresses and domains (see Suspending a user in the Zendesk Agent Guide). If you require users to register, you can use the blacklist, so only approved email address and domains can submit support requests and authenticate accounts.
The blacklist and whitelist feature contains rules you can combine to easily restrict access. See the section below for a list of the available blacklist and whitelist rules.
Setting your blacklist and whitelist
- You can enter up to 10,000 characters in each of the whitelist and blacklist fields.
- To allow all users to submit tickets to your Zendesk, except those added to the blacklist, leave the whitelist blank.
- To suspend ticket submissions from all users, except for those added to the whitelist, add a wildcard(*) in your blacklist.
Important: The wildcard will send tickets from every user not added to the whitelist into the suspended tickets queue, and prevents new users from creating accounts.
- Use keywords or symbols with a blacklist or whitelist entry to make the restrictions broader, or more specific:
- To route tickets from specific users submitted through any channel to the Suspended Tickets queue, enter the keyword
suspend:in front of an email address or domain in your blacklist. Usage example - To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the whitelist or blacklist with "@".
- To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blacklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk. This applies to tickets submitted through any channel.
- To route tickets from specific users submitted through any channel to the Suspended Tickets queue, enter the keyword
- To send support requests from specific users to the suspended tickets queue, enter the keyword in front of an email address or domain in your blacklist. This is identical to blacklisting without a keyword.
- To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the whitelist or blacklist with "@".
- To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blacklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
reject: only applies to support requests and doesn't prevent users from creating an account in your Zendesk.To edit your blacklist and whitelist
- Click the Admin icon () in the sidebar, then select Settings > Customers.
- Enter your whitelist and blacklist settings. You can view some of the common blacklist and whitelist examples in the section below. If you are adding multiple email addresses or domains, separate with a space.
- Click Save tab.
Whitelist and blacklist usage examples
You can use a combinations of the blacklist and whitelist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk by adding the domain in the whitelist and suspend all users with a different email domain by adding a wildcard (*) in the blacklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
whitelist: mondocamcorp.com blacklist: *
If you want to allow more than one domain access, you can enter multiple domains separated by a space. In the example below email from the domains mondocamcorp, comdocam, and mondostore are permitted and all other users will be suspended.
whitelist: mondocamcorp.com mondocam.com mondostore.com blacklist: *
Approve a domain, but suspend specific email addresses with the domain
You can prevent a specific email address with a whitelisted domain from accessing your Zendesk by using the suspend keyword.
whitelist: gmail.com blacklist: * suspend:randomspammer@gmail.com
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous example, you can block specific email addresses from using a whitelisted domain by entering their email address in the blacklist. You can use the reject keyword to prevent a user's tickets from being adding to your Zendesk at all.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets cue, except for the email address randomspammer@gmail.com. Email from randomspammer@gmail.com will be rejected completely, and the ticket will not be recorded in your Zendesk.
whitelist: gmail.com blacklist: * reject:randomspammer@gmail.com
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register, except for specific email address and domains. To allow all users to register, you can leave the whitelist blank, then enter any blacklisted users.
In the example below, everyone can access your Zendesk, except for randomspammer@gmail.com and megaspam.com. Since the reject: keyword is used, all email from those accounts will be blocked completely and the ticket will not be recorded in your Zendesk.
whitelist: blacklist: reject:randomspammer@gmail.com reject:megaspam.com
Suspend support request tickets from specific email addresses or domains, submitted through any channel
Simply adding an email address or domain to your blacklist suspends tickets from those users, but only if those tickets are submitted through the email channel.
However, if you add "suspend:" before each address or domain, tickets submitted through any channel (such as Chat, Twitter, and the like) are routed to the Suspended Tickets queue.
whitelist: blacklist: suspend:randomspammer@gmail.com suspend:megaspam.com
84 Comments
Plus one vote for actually supporting multiple Brands properly. We are struggling with having email work properly across brands as well. We have free, SMB and Enterprise brands. We can't seem to create a proper experience for each because everything is per account rather than per brand as it should be, and not having an API for this feature as well is amazing disappointing.
Thanks for the feedback, Damian. I've asked one of our product managers to read through the comments in this thread.
Seems like having "reject:somedomain.com" in blacklist does not make emails from that domain skip suspended queue anymore.
I have two questions. First, where do you see rejected emails? Second, I want one of my support email support1@test.com to accept emails from gmail.com, however my second support email support2@test.com to reject emails from gmail.com.
Is this possible? Looking at the comments this seems to be a multibrand request that is not supported.
Is the Regex working within the blacklist now? Any update on this?
@Martynas it looks like there was a fix deployed recently that addresses this issue. Can you confirm on your end?
@Louis, when using reject there will be no record within Zendesk to track these emails. As for setting up separate blacklisting rules, I'm afraid this cannot be done. This setting is account wide and not specific to support addresses. You may need to set up a rule on your email provider side to account for this.
@Lijun see my response to Martynas above. If you still don't see emails being rejected and showing in the suspended tickets view let me know!
@Brett I haven't had any new occurrences in Suspended queue since the fix was put in place. Still keeping an eye out, but it looks like it was fixed. Thanks!
Glad to hear it Martynas :)
Hi, I am trying to whitelist all noreply emails. Would this rule do anything? I am afraid to try because of the wildcard on it.
Hi there,
Is there a way to ONLY suspend a ticket IF the sender or sender domain is in the Block List?
Hi James,
Surrounding ticket suspension, unfortunately, there aren’t any “exceptions” that we can make for our filters so that only emails in the blacklist field are suspended. If there are legitimate emails being sent to your suspended tickets view, you'll want to take a look at the cause of suspension as mentioned in the article I've attached.
Let us know if you have any other questions.
Hello,
We have "Anybody can submit tickets" disabled because we are running a closed email-only support desk. The idea is to only make tickets for end users we have registered manually. We register the end users and they email us.
Is it possible to notify a requester that their email has been suspended?
We can only accept tickets from nominated individuals. However, we want to inform others who may send requests to our support email address that they can reach us through a nominated individual in their organisation, rather than give them no indication that they are unregistered and that their message was suspended.
Any advice?
@Colum I had a Zendesk setup like that a while back. What I would recommend is to add a tag to the nominated end-user profiles. Maybe something like "nominated" :)
Then you can set a trigger to respond with an auto-reply when a ticket is created and doesn't have the "nominated" tag which should be inherited from the end-user tag and onto every ticket created by a nominated individual.
You can set the Status to Closed in the auto-reply trigger and maybe add a tag like "auto-closed" so that you can setup a view to monitor those tickets. And include message body saying something like "Ask your org's nominated member" and put something very clear in the subject line of the auto reply that says something like "NOT AUTHORIZED -- Please Read" (or something a bit softer if you prefer).
I have added "rejected:spam.com" [spam=the domain name] in the blacklist field and click save, but I'm still receiving emails from them.
Any advice?
Add another vote for white/ blacklisting with multiple Brands
@PenN I'm having the same issue. I recently rejected a new domain and am still receiving emails from them in our queues. I already submitted a ticket to inquire about it, I'd recommend you do the same.
Can I use regex on the black list? For example I want to blacklist any email that has 10 digits email address and are from spammer.com domain. For example qwertyuiop@spammer.com or 1234567890@spammer.com
Hey Leonardo,
I was able to check with our internal team and it looks like the blacklist field is string only. You wouldn't be able to use regex in this case. You could blacklist the domain as a whole using suspend:qq.com or reject:qq.com but that may not be the exact solution you're looking for.
Let me know if you have any other questions.
Cheers!
In the view "suspended tickets", when we push the button "recover automatically", is that email automatically added to the white-list?
In other words, after "recover automatically" will future email from that domain end up in the "suspended tickets" view?
Hey Helder,
Once you select recover automatically this will train the spam filter to generate these tickets instead of sending them to the suspended tickets view. You may need to select this option a couple of times to train the spam filter but that should resolve the issue of legitimate tickets going to the suspended view.
Let me know if you have any other questions.
Cheers!
Looks like spam filter does not apply to tickets created Via Mobile SDK (web widget with answer bot).
Added reject:qq.com to blacklist, however, spam tickets are created regardless. Any ideas on how to resolve this?
Got the same issue like Carlos, spam from qq domain via mobile SDK, but qq.com is blacklisted.
More than that - mobile SDK is not active, so i can't do anything with this. So, is any way to resolve this?
Hey Nick and Carlos Posadas,
In general to remove all incentive from spammers targeting your account, we recommend changing your triggers to not relay the original message back to the requester on ticket creation (the spammers are using their target's email as requester, then sending their message to them by way of your trigger).
More details can be found here:
https://support.zendesk.com/hc/en-us/articles/360025895613-Combating-spam-submitted-via-web-service-
If you have any questions about the above, please write into Support, and our advocates may be able to assist you further.
----
As for the Mobile SDK bit in general -- The "Via" is just a cosmetic change to the ticket itself (left open for various integrations and customizations on your side, to denote your ticket how you would like). This spam is still likely coming through the API, so the above article should be useful.
We've tried what was listed and we are still getting spam. Would be nice if we could black list TLDs, IP ranges, and have the native blacklist feature do more than just blacklist the envelope sender.
Please sign in to leave a comment.