You can control access to your Zendesk by adding end users' email addresses and domains to your blocklist and allowlist. Using the blocklist, you can prevent specific users, or sets of users, from registering and submitting support requests. Using the allowlist, you can allow specific users, or sets of users, to access your Zendesk and submit support requests.
) > Settings > Customers. This article contains the following sections:
About the blocklist and allowlist
The blocklist and allowlist can help you create rules for accepting, suspending, and rejecting users' emails. Any email that is suspended because of the blocklist will be added to the suspended queue and flagged. If you have set up user mapping, any email domains you add to the allowlist will automatically be included (see Automatically adding users to organizations based on their email domains).
Your allowlist will automatically override your blocklist. For example, if you blocked a specific domain, but allowed a user with that email domain, they will be given access.
Depending on how your Zendesk is set up, you can use the blocklist and allowlist to apply additional settings to control who can access your Zendesk. If your Zendesk permits anyone to submit tickets, such as in open support type, you can use the blocklist to filter out spam email addresses and domains (see Suspending a user in the Zendesk Agent Guide). If you require users to register, you can use the blocklist, so only approved email address and domains can submit support requests and authenticate accounts.
The blocklist and allowlist feature contains rules you can combine to easily restrict access. See the section below for a list of the available blocklist and allowlist rules.
Setting your blocklist and allowlist
- You can enter up to 10,000 characters in each of the allowlist and blocklist fields.
- To allow all users to submit tickets to your Zendesk, except those added to the blocklist, leave the allowlist blank.
- To
suspend
ticket submissions
from
all users, except for those added to the
allowlist,
add a wildcard(*) in your
blocklist.Important: The wildcard will send tickets from every user not added to the allowlist into the suspended tickets queue, and prevents new users from creating accounts.
- Use keywords or symbols with a
blocklist
or
allowlist
entry to make the restrictions broader, or more specific:
- To route tickets from specific
users
to the Suspended Tickets queue, enter the keyword
suspend:in front of an email address or domain in your blocklist. Usage example - To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the allowlist or blocklist with "@".
- To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
- To route tickets from specific
users
to the Suspended Tickets queue, enter the keyword
- To send support requests from specific users to the suspended tickets queue, enter the keyword in front of an email address or domain in your blocklist. This is identical to blocklisting without a keyword.
- To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the allowlist or blocklist with "@".
- Being placed on the allowlist does not allow users to override their tickets from being suspended if the subject contains the text "Out of Office" or if the ticket comes from an email flagged as a "do not reply" address.
- To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
reject:
only applies to support requests and doesn't prevent users from creating an account in
your Zendesk. To edit your blocklist and allowlist
- Click the Admin icon () in the sidebar, then select Settings >
Customers.
- Enter your
allowlist
and
blocklist
settings. You can view some of the common
blocklist
and
allowlist
examples in the section below. If you are adding multiple email addresses or domains,
separate with a space.
- Click Save tab.
Allowlist and blocklist usage examples
You can use a combinations of the blocklist and allowlist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk by adding the domain in the allowlist and suspend all users with a different email domain by adding a wildcard (*) in the blocklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
allowlist: mondocamcorp.com blocklist: *
If you want to allow more than one domain access, you can enter multiple domains separated by a space. In the example below email from the domains mondocamcorp, comdocam, and mondostore are permitted and all other users will be suspended.
allowlist: mondocamcorp.com mondocam.com mondostore.com blocklist: *
Approve a domain, but suspend specific email addresses with the domain
You can prevent a
specific email address with an
allowed
domain from accessing your Zendesk by using the suspend keyword.
allowlist: gmail.com blocklist: * suspend:randomspammer@gmail.com
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous
example, you can
block specific email addresses from using
an
allowed
domain by entering their email address in the
blocklist.
You can use the reject
keyword
to prevent a user's tickets from being adding to your Zendesk at all.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets cue, except for the email address randomspammer@gmail.com. Email from randomspammer@gmail.com will be rejected completely, and the ticket will not be recorded in your Zendesk.
allowlist: gmail.com blocklist: * reject:randomspammer@gmail.com
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register, except for specific email address and domains. To allow all users to register, you can leave the allowlist blank, then enter any blocked users.
In the example
below, everyone can access your Zendesk, except for randomspammer@gmail.com and
megaspam.com. Since the
reject:
keyword is used, all email from those accounts will be blocked completely and the ticket
will not be recorded in your Zendesk.
allowlist: blocklist: reject:randomspammer@gmail.com reject:megaspam.com
Suspend support request tickets from specific email addresses or domains
Simply adding an email address or domain to your blocklist suspends tickets from those users, but only if those tickets are submitted through the email channel.
allowlist: blocklist: suspend:randomspammer@gmail.com suspend:megaspam.com
99 Comments
Is it possible to black list an entire top-level domain (.e.g *.ru)?
This would help significantly with our suspended tickets (spam) coming from Eastern European countries.
Hello William,
You cannot blacklist TLDs by themselves. You need at least the second level domain attached to it, as well. Blacklisting mail.ru, for instance, would save you a good deal of trouble, but .ru by itself won't take.
As far as other ways to mitigate things, you can set up an automation to remove the tickets that already exist if they have some commonality between them, like a string of words in the comment text. Take a look at the following for more info on that:
https://support.zendesk.com/hc/en-us/articles/360001481448-How-can-I-bulk-delete-spam-tickets-in-Zendesk-
Additionally, you can try adding DKIM authentication to your instance to add some security to your instance:
Lastly, the notify requester of received request trigger has a placeholder in it -- I might suggest removing that, as it provides a clickable link for the spammers to loop off of.
Give those a shot and let me know if you have any further questions.
Best regards.
Hi there, I've just put the * in our blocklist and put our clients domains in allow but when I tested raising a ticket from my personal email (not one of the allowed domains), the ticket was still raised. Is there something else I'm missing?
Any thoughts on how to resolve?
Lucinda Bianchi I've had this happen once (pretty long time ago though), and it took 1 hour to actually have it active. Maybe that is also the case. Let me know if that is the case.. If not could you share a screenshot of your blocklist and allowlist (with part of the domains blurred)?
Thanks Kay you were right, it was activated by the morning, I just needed a little patience ;)
I am familiar with the 20 messages per email address limit, but I have heard that if we whitelist a specific email address, that will increase the limit within an hour per email address.
- Can you please confirm that feature?
- What happens after the increased limit? Account suspended for an hour? Suspended tickets?
Hi Jamie, Once a sender exceeds both our acceptance and suspension rates then their emails will be rejected. Our email channel currently does not support integrations with automated email senders, (mentioned in our Suspended Tickets article: "The sender is not a person"). The API is the channel that is best suited for all automated traffic. The current supported limits for email acceptance are 20 per hour, per human sender, another 20 emails from that same sender will become suspended, after that we reject further submissions. We may limit the acceptance of any email traffic that we detect is automated or in any way dangerous, as in the possible creation of an email loop, whether the address is allowlisted or not. If you have any further questions please open a ticket with us to discuss your specific needs.
Just to confirm - I can list specific emails in my allow list and put an * in my blocklist? By doing so only those email within the allowlist can submit support request via web widget and submit request link in help center and all others will not be able to.....? I ask because I tried this specific setup with one of my other emails and my tickets are still getting through. They aren't even going to a "suspended" queue.
Hey Mandy,
That should be the case. If you add * to the blocklist then you would only be allowing ticket creating from users that are in the allowlist field. If this isn't happening on your end we may need to create a ticket on your behalf so we can look into some examples. Is this still the case for you?
Please sign in to leave a comment.