Update: This feature has been rolled out to all Zendesk Support accounts.
This change is being made to address a rare security concern. It was possible, through the use of subject matching, to expose a ticket's content to a user who should not be authorized to see it. We did not mention this ahead of time out of concern it would be exploited, but we are explaining it now for transparency's sake.
Because subject matching only happened when the sender of an email was also the requester of an existing ticket with the same subject, this was very rare. However, Zendesk Support adds CCs to a ticket when they're included in an email, making it possible to merge unrelated email threads. If one of your customers or partners sends you an email and CCs another party, a ticket is created. They might later send a new email, CC different party, and use the same subject. We would have then updated the same ticket, and notified the first CC of the new message, which they were never meant to see.
With this update, we have eliminated this possibility.
It should come as no surprise that Zendesk processes a lot of email. We receive millions of messages a day and make a number of decisions about each; whether to reject, suspend, create a new ticket, or associate a message with an existing ticket. The last decision has a lot of moving parts.
We primarily rely on message IDs (which should always be unique), our own "encoded IDs" (which we know are unique), and in certain circumstances the regular numerical IDs of tickets. We've also, for some time now, occasionally matched an incoming email with an existing ticket because of a matching subject line.
Beginning November 21st, 2016, Zendesk will no longer match incoming email with existing tickets by means of subject.
Why this change?
As we've grown, we've seen more false positive matches. Mailing lists and automated emails re-use subject lines. While, contact between the inboxes people use is safe, the amount of automated email in the world has made this feature more trouble than it's worth. We'll continue to rely on reliable, unique identifiers.
Subject matching in Zendesk is already very uncommon. We've made it our lowest priority matching criteria, and have limited it so that it only associates two tickets when there is an exact match, and when the person sending the email is the same as the requester of the existing ticket. For this reason, there are a very low number of subject matches each day in each account.
What will the effects be?
You will see some messages create a new ticket when they would have previously created a comment on an existing ticket. In most cases the messages were not directly related in the first place. In some rare occasions we receive a malformed email that lacks identifiers. This may cause a message not to be threaded. After extensive research, we are confident this will be uncommon. The reduction in false positives and unintended associations (which have caused many concerns from Zendesk users) far outweighs this, in our opinion.
What if we don't want this change?
If for any reason this change seems wrong to you, or if you are currently relying on Subject Matching for any reason, let us know by adding a comment.