Today we announce two small changes to our email processing which will improve our Email channel's security. Zendesk Support currently has checks in place to stop spam, and block malware and other delinquent emails. This change handles some cases which should reduce the likelihood of spam or malicious emails from making their way into your tickets.
Suspending messages with uncertain authentication
Zendesk will now automatically suspend any email which fails a DKIM check. These messages are frequently suspended now because of our spam checking tools, but this change will make that automatic. We won't automatically suspend if the header is missing, only if it actually fails a check. This standard is widely supported, failures are rare, but they're a great indication of spoofing or phishing attempts. The suspension type for this will be spam.
If you haven't already, you can keep up to date with your suspended tickets by subscribing to a suspended tickets notification.
Blocking spoofed Zendesk messages
In addition to the above, we'll be using an extra sense of caution when we see email which appears to be from Zendesk. Because we have already set up a DMARC reject policy, we will now be blocking any email which claims a sending address in the Zendesk domain. If it fails a DKIM check, we will reject it. Malicious actors could always pose as Zendesk to attempt to get sensitive information, so we've elected to block them completely.
As we continue to grow we will continue to make changes to protect your email channel. This is not the last stop on this destination.