A recent uptick in spam may have impacted your account over the past few weeks. This article outlines our recommendation for action that will discourage spammers who might try to target your account.
These tickets may have the web_widget tag, but in observed cases, the tag was actually added by the spammer. If you view the events of the spam ticket (see Viewing all events of a ticket) and look to the very bottom of the page, you’ll see that it was submitted via Web Service. This indicates it was created via API (see How are ticket channels defined across Zendesk?).
The primary goal of spammers is to use your triggers to pass spam content to other users via placeholders. To that end, we recommend removing placeholders from the default Notify requester of received request trigger. If you have customized triggers, you’ll also need to remove any of the placeholders that pass the comment or title content of the ticket to the end-user upon ticket creation.
Step 1: Remove placeholders that spammers target
In this example, we're updating Notify requester of received request.
- Under Meet ALL of the following conditions, add the condition Current User > is > (end-user)
- Under Actions, refer to the Email subject and Email body fields. Remove these two placeholders
Removing these placeholders renders your trigger useless to spammers, since it will no longer share their spam content with recipients. This will not immediately stop the flow of spam tickets, but will prevent spammers from reaching end-users, and you should eventually stop seeing spam come in.
Step 2: Create a new trigger for agent-created tickets
In step 1, we removed the placeholders that give your users context about tickets created on their behalf. If your agents create tickets on behalf of end-users (for example, sending out proactive emails), you'll need to create a new trigger that notifies users of the content of those tickets (but doesn't allow spammers to do the same).
In this example, we create a new trigger that we'll call Notify requester of new proactive ticket:
- Under Meet ALL of the following conditions, add the following conditions:
- Ticket > is > Created
- Privacy > is > Ticket has public comments
- Current user > is > (Agent)
2. Under Actions, select the following actions:
- Email user > (requester and CCs)
- Email Subject:
- Email Body:
This ticket was created on your behalf.
To add additional comments, please reply to this email.
Temporarily blocking email domains using the blocklist
While the above recommendations will protect your account from further spam, it will not immediately stop ticket creation. If you want to block ticket creation regardless of channel, you can use the blocklist found under Admin >> Settings >> Customers, with the blocklist modifier suspend: or reject: prepended to the domain.
blacklist: reject:firstname.lastname@example.org suspend:qq.com
For complete instructions about control access, see Using the whitelist and blacklist to control access to Zendesk Support.
For more information on spam prevention on other channels, please see Spam prevention resources.