Tips to combat spam and protect your business

Return to top
Have more questions? Submit a request


  • Heather Cook

    This covers protecting our Zendesk support from spam ticket from the help centre and email, but does not cover API. With the anonymous feature anyone could create a ticket in zendesk support (if the setting "anyone can submit tickets" is on). If we need that setting on because we may not know where our customers are coming from but how do we stop an attack via API?

  • Brett Bowser
    Zendesk Community Team

    Hey Heather,

    For spam tickets created via the API, you'll want to take a look at this article: Combating spam submitted via web service

    I hope this helps!

  • Heather Cook

    Brett Bowser

    Thank you for the suggestion. But to be honest that isn't actually helpful. If a help desk agent raises a ticket on behalf of a customer, the solution in that articles means the customer wouldn't get a notification. Additionally in general it seems odd that Zendesk don't have tighter control over the anonymous API feature. This could allow someone to DDOS Zendesk. Quite a big security concern that it appears zendesk is not concerned by.

  • Ryan
    Zendesk Team Member

    Hey Heather Cook,

    We have various protections that protect customers from DDOS attacks, you can read more about it under "DDOS mitigation" HERE. If you're concerned over being spammed (which is separate from a DDOS), please follow the instructions in that article mentioned above.

    Step 2 (Creating a trigger for proactive messages) covers the use case you're concerned about (and is a default trigger for newer accounts). We do this in support [at] -- Feel free to write in to see how we've tackled it.

    As for tighter controls, there is presently a way to turn off ---

    If you believe there needs to be more, I highly encourage you to reach out to your account manager with your concerns and product feedback.

    Feel free to write into Support if you have any additional questions or concerns, we would be glad to help.

  • Shawn Tamaribuchi

    We need to filter out incoming support tickets from legitimate email addresses that contain identified suspicious links. I tried using a customer Trigger on new tickets that contain the link in the Comment Text, but this isn't catching them. 

    Can you advise how to set a Trigger that targets tickets that contain specific URLs embedded in the content?



Please sign in to leave a comment.

Powered by Zendesk