The Suspended Tickets view displays messages describing the cause of suspension for each suspended email.
The following table lists the possible descriptions in the view and what each one means.
Tip: You can export the suspended ticket list to obtain the
suspension Cause ID for each ticket. Then, cross-reference the cause ID with the
Cause of suspension reference.
Related articles:
| Cause of suspension | Description | Solution |
|---|---|---|
| Automatic email processing failed | Although rare, you might see this if a system-wide email processing error occurred. | Contact Zendesk Customer Support for further assistance with this cause of suspension, or refer to this article for help. |
| Automated response mail | This is used when the email header indicates that the message is an auto-generated email of any kind. | We do not support the un-suspended flow of automated emails into Zendesk,
including from custom built ticket forms. The API and
Channels Framework are the only channels that support programmatic creation and
updating of tickets. The following headers can lead to this Cause of Suspension:
|
| Automated response mail, out of office | Out of office and vacation auto-generated response emails are suspended. | Out-of-Office replies represent a threat to automated email systems. These are often suppressed by the sending domain, but should always be suspended if they do arrive at Zendesk. |
| CCs/followers limit reached | A ticket can have no more than 48 email addresses included as CCs. | Delete unnecessary email addresses from the CC line. |
| Detected as email loop | If you receive a large number of emails from a single sender in a short period of time, those emails are suspended and the sender's address is blocklisted for one hour. This also happens to tickets that are sent from an address equal to your default Reply To address. | Zendesk does not support the bulk creation of tickets via emails to Zendesk from the same sender. The API and Channels Framework are the only channels that support bulk creation of tickets. |
| Detected as spam | This email was flagged as spam by Zendesk's email detection filters. This email may also be flagged as spam because it was sent from a suspended user. Some messages, if flagged with very high confidence of spam, are rejected entirely and will not appear in the Suspended tickets view. | Check if the user is suspended, and unsuspend if necessary. You can recover the suspended ticket, which can help improve the sender's reputation going forward. See the support tip What does "Detected as spam" mean? for more information. |
| Detected email as being from a system user | Email generated by a mail server (for example, messages sent from addresses beginning with mail-daemon@ and postmaster@) are suspended because it is assumed that they are not intended to be support requests. | Mail from these addresses will need to be sent from or redirected through non-system addresses. |
| Email authentication failed | The email is spoofed. The email appears to have originated from someone or somewhere other than the actual source. | The sender of this email must be permitted to send mail from your domain. Consider configuring SPF and DKIM for this sending source, or disabling Sender Authentication in email channel settings. Contact Zendesk Customer Support for further assistance. |
| Email for "noreply" address | The email address is a "no reply" email address, meaning that it is not intended to receive email. | Most no-reply addresses are not intended to be responded to, and emails to these accounts are frequently not checked. You may want to verify that your responses to these addresses are reaching your customers. |
| End user only allowed to update their own tickets | This indicates that an email response for the purpose of updating a ticket was received from an address or user that is different from the original submitter's email address. This might happen if the submitter forwarded the email to a different email account or user and then an attempt to reply back to your Zendesk was made. Multiple email addresses per user are supported but they must be added to the user's profile. | You can add the user as a CC to the ticket, otherwise their update will create a flagged comment. See Configuring CC permissions and notifications for more information. |
| Email is too large | The email sent by the end user exceeds the maximum size limit and was rejected by the server. | The user can try resending the email at a smaller size. This limit is for the email body itself and is separate from the attachment size limits. |
| Failed email authentication | The email did not pass Zendesk's DMARC authentication. | Disable DMARC authentication. See Authenticating incoming email using DMARC. |
| Malicious pattern detected | Some part of this ticket's message matched a pattern that is frequently associated with spam messages, or messages intended to steal information from recipients. | If you see important messages suspended for this reason, contact Zendesk Customer Support. |
| Malware detected | This indicates that possible malware was detected. | The user can scan the attachment for malware before resending. Alternatively, resend the email without the attachment. |
| Permission denied due to unauthenticated email update | This indicates that the email header doesn't contain the email token identifying the ticket. This can happen if an email client strips out email header information. | Verify that no headers are being removed by the forwarding mail server and that the body is intact. Contact Zendesk Customer Support if you're still seeing issues. |
| Permission denied for unknown email submitter | When you require your users to register and create an account, email received from unregistered (unknown) users is suspended. | If you have a known customer base, we would suggest importing your customer base prior to them submitting tickets. See Bulk importing users. |
| Received from support address | The email was sent by (not forwarded from) one of your support addresses. For information about support addresses, see Adding support addresses for users to submit support requests. | The email was received from one of your listed support addresses and is causing a mail loop. You will need to change the from: and reply-to: addresses on the email show the actual requester's email address. |
| Sender or domain is on the blocklist | The ticket came from an address or domain that you've blocked. See Using the allowlist and blocklist to control access to Zendesk Support. | If you need to accept these tickets, you can remove the address or domain from the blocklist (see Using the allowlist and blocklist to control access to Zendesk Support). |
| Sender domain not on allowlist | When your account is configured to only allow emails from a given set of domains (using the allowlist), this indicates that the sender's email address or domain is not within that set. | You will need to allow the email domain or address (see Using the allowlist and blocklist to control access to Zendesk Support). |
| Submitted by unverified user | This indicates that the user is known, but has not yet verified their email address. | The end user must verify their email address with the verification email sent to them. An agent or admin can also manually verify the email on the user's profile or re-send the verification email (see Verifying a user's email). |
| Submitted by unverified account owner | The account owner never clicked the link within the verification email to verify their account. Zendesk sends this email to the account owner when the account is created, or a new owner or owner email address is added to the account. | The account owner can locate the email in their inbox and click the link to verify the address. Alternatively, you can resend the verification email. |
| User must sign up to submit email, user notified | This is used when an account requires end users to register and therefore verify their email address before submitting tickets. Once their email address/user account is verified, they can submit tickets. | The user will be prompted to register for access (see Permitting only users with approved email addresses to submit tickets). Once the user has registered, their Suspended ticket will turn into a Support ticket without any action from an Admin required. |
| User does not have authority to update this ticket | This occurs when an end user attempts to reply to a ticket notification, but
they are not a participant. This can also happen if someone removes the encoded ID
when responding to the ticket. Note: If an agent recovers a ticket suspended for this reason, the end user
attempting the reply will be added to the ticket's CC list. Anything recovered
from this will thread into the given ticket and add the user as a CC. For more
information, see Guidelines for reviewing suspended
tickets.
|
28 Comments
We integrate with a system called tawk.to where our users can leave messages or chat with our support team. All chat transcripts or offline messages are sent to zendesk to be created as tickets. As of the last few days these are all ending up as suspended tickets with the reason "Detected email as being from a system user". But these are not coming from emails like postmaster or the like. The from address is set as the user's email address who is sending the request.
We are losing tickets as a result! please advise
Hi Moshe,
Emails from system users are always suspended and it is a hard system rule that cannot be disabled. Since you have confirmed that it is not coming from a system user, I highly suggest that you collect ticket samples and reach out to our Customer Support for further investigation.
Thank you. I have reached out to Customer Support.
Is there any way to determine as to why an email has been marked as spam? We have a substantial amount of suspended tickets and going through them 1 by 1 isnt a viable option.
Any help would be amazing!
Hi Sam.,
Are you seeing a common spam reason on the ticket itself? If yes, please check if that falls under the causes discussed in this article and follow the suggested resolutions. If the issue persists after following the same, I suggest that you grab at least 5 tickets, and reach out to our Customer Support so they can dig deeper into your account.
I wanted to share my workaround.
We had the issue that Zendesk was setting a lot of email as Spam and there was no other way then to recover them manually. This is what I was told.
It worked by creating organizations and end users profiles to let Zendesk recognize those emails.
It would be ideal to add this information to the article, if you consider this working for you too.
"Detected as email loop" - what is the threshold after which the mails from the same user are suspended? Do we have the access to manage this limit?
We have a limit of 20 emails from the same user within an hour. Beyond that, the next 20 updates will be suspended. If more than 40 are received, all additional updates within that hour will be rejected (meaning they won't even create suspended tickets).
There is no option to manage this limit, I'm sorry.
You can find more information on how email loops are handled in our article About mail loops and Zendesk email
Hello! Is there any way to permit the ticket creation of e-mails "Received from support address"? We have this issue in a client instance. A support address "X", as a sender ("from:"), sends an e-mail to another support address "Y" (receiver - "to:"). All these tickets are suspended.
Unfortunately there is no setting or anything along those lines available in Zendesk Support. If you have a support address added in your Email channel settings and that same email address is the requester on a ticket, the ticket will be suspended. If the original sender of a ticket is a unique end-user in your workflow, you may want to look into setting up an email redirect in your email client. Email redirects are different than forwarding in that redirecting preserves the header information so that the email appears to be from the original sender, not from address forwarding the email.
In order for these these tickets to avoid being suspended, you will either need to remove the support address that's set as the requester from your Email settings or somehow change the email address these tickets are coming from. I hope this information helps!
Email from customer are being suspended with reason "Email is too large". However this is an small email <1MB.???? if anyone can help!!!
Hi prakash.sati, I can see you have raised a ticket with us and our team is investigating this for you. You should receive an update once we have checked or if we need any more information from you. Thank you! :)
Hi all,
Is there a way to view the original email that has been suspended if one of our users is saying the email didn't come from then in out support email address?
Thanks in advance
Hey Lucy Mills,
Unfortunately, this is not possible if the email is suspended. But, you can view original email from your provider's mailbox. Remember, emails that were forwarded to Zendesk came from your mail provider's inbox. For reference:
I hope this helps!
Best regards,
Hiedi Kysther
Hi Team! Is there anything in the works to let admins 'allow-list' certain addresses please?
We see more and more emails getting caught by 'Detected email as being from a system user' - but they're legit emails (yes, they're automated but need action from our teams).
For example our accounts team in particular deal with a lot of invoices which come through from automated systems but can also then sometimes need replies. The emails are not coming from any of the examples in the table above - e.g. one comes from order@exampledomain.com.
Is there any way to configure 'don't suspend this domain / this sender, deliver them as normal' anywhere please?
Thank you!
Hi Tim G
Usually adding the email addresses in the allowlist would resolve the ticket suspensions. If the emails in the allowlist are still getting suspended, there may have been an x-header: included that could be causing the suspensions. By that time I would suggest creating a ticket with us so we can check the email logs to help identify what's causing the suspension.
We had some tickets that were getting suspended because Zendesk "Detected email as being from a system user", but adding the email address to the allowlist indeed fixed the issue. I did confirm that there was nothing about an "x-header:" string in the email header as well. I suggest this solution be added to the guidance in this article for that particular suspension reason.
Will a ticket get suspended if the email subject includes FWD: or [EXT]?
Email subject alone is not enough for the ticket to be suspended. It must either come from your support address, domain with bad reputation, system user and other factors mentioned above.
Hi Dane,
But the reason of suspension is mentioned as Automated response email. But the email we got was clearly not auto-generated.
Can you tell us the possible reasons why zendesk detected it as such?
The email says that it originated from outside Client since the employee used their local Client email. Do you think that has to do with it being suspended and detected as auto-generated?
Will greatly appreciate your response.
Hi Manisha,
That's definitely a weird behavior.
I'll create a ticket for our team to investigate further. Please wait for their update via email.
I've added a number of prolific spam email addresses to the blacklist on the People > End-users page however they are still being shown as "blocked" in the suspended ticket list. How can we completely block these so they don't even get processed at all? I don't want to have to trawl through the same spamming emails every day etc.
Thanks
James
Hi James,
You can do so by putting "reject:" in front of users email address. See here for more info (just search for a "reject" keyword): https://support.zendesk.com/hc/en-us/articles/4408886840986-Using-the-allowlist-and-blocklist-to-control-access-to-Zendesk-Support
Give this a try!
Thanks! Sorry I missed this in the article!
To confirm, I can permanently block full domains like so:
reject:domain.com
Thanks,
James
That is correct!
Regards,
Serg
Hi, recently we have been receiving almost all the tickets in Suspended Section and most of them have reason for suspension as "Detect as Spam" while all the tickets are received from the unsuspended users, in fact we have not suspended any users. What may be the reasons and solutions for this issue??
Regards.
Heemal.
If these emails are not coming from suspended user then one other reason for this is the spam filter that is set for your account (either Cloudmark or the RSPAMD EAP) finds the content to be spammy.
There are a lot of reason how spam is being detected by Zendesk stated in this article.
Dear Zendesk team,
When the reason for suspension is "Detected as spam" there are actually two causes, either the email is flagged as spam by Zendesk's email detection filters or it was sent from an already suspended user.
Your recommendation is to check if the sender is suspended. We have 700+ suspended end-users and growing daily. If we would be able to recognize the emails arriving from the already suspended end-users, it would avoid a lot of double-checking. Therefore, wouldn't it be possible to add a reason "Sent by suspended user". This way we would be able to distinguish the two types directly in the Suspended Ticket View.
Thanks, Patrizia
Please sign in to leave a comment.