The Suspended Tickets view displays messages describing the cause of suspension for each suspended email.
The following table lists the possible descriptions in the view and what each one means.
Related articles:
| Cause of suspension | Description | Solution |
|---|---|---|
| Automatic email processing failed | Although rare, you might see this if a system-wide email processing error occurred. | Contact Zendesk Customer Support for further assistance with this cause of suspension, or refer to this article for help. |
| Automated response mail | This is used when the email header indicates that the message is an auto-generated email of any kind. | We do not support the un-suspended flow of automated emails into Zendesk. The API and Channels Framework are the only channels that support programmatic creation and updating of tickets. The following headers can lead to this Cause of Suspension:
|
| Automated response mail, out of office | Out of office and vacation auto-generated response emails are suspended. | Out-of-Office replies represent a threat to automated email systems. These are often suppressed by the sending domain, but should always be suspended if they do arrive at Zendesk. |
| CCs/followers limit reached | A ticket can have no more than 48 email addresses included as CCs. | Delete unnecessary email addresses from the CC line. |
| Detected as email loop | If you receive a large number of emails from a single sender in a short period of time, those emails are suspended and the sender's address is blocked for one hour. This also happens to tickets that are sent from an address equal to your default Reply To address. | Zendesk does not support the bulk creation of tickets via emails to Zendesk from the same sender. The API and Channels Framework are the only channels that support bulk creation of tickets. |
| Detected as spam | This email was flagged as spam by Zendesk's email detection filters. Some messages, if flagged with very high confidence of spam, are rejected entirely. This email may also be flagged as spam because it was sent from a suspended user. | Check if the user is suspended, and unsuspend if necessary. You can recover the suspended ticket, which can help improve the sender's reputation going forward. See the support tip What does "Detected as spam" mean? for more information. |
| Detected email as being from a system user | Email generated by a mail server (for example, messages sent from addresses beginning with mail-daemon@ and postmaster@) are suspended because it is assumed that they are not intended to be support requests. | Mail from these addresses will need to be sent from or redirected through non-system addresses. |
| Email authentication failed | The email is spoofed. The email appears to have originated from someone or somewhere other than the actual source. | The sender of this email must be permitted to send mail from your domain. Consider configuring SPF and DKIM for this sending source, or disabling Sender Authentication in email channel settings. Please submit a ticket to Zendesk Customer Support for further assistance. |
| Email for "noreply" address | The email address is a "no reply" email address, meaning that it is not intended to receive email. | Most no-reply addresses are not intended to be responded to, and emails to these accounts are frequently not checked. You may want to verify that your responses to these addresses are reaching your customers. |
| End user only allowed to update their own tickets | This indicates that an email response for the purpose of updating a ticket was received from an address or user that is different from the original submitter's email address. This might happen if the submitter forwarded the email to a different email account or user and then an attempt to reply back to your Zendesk was made. Multiple email addresses per user are supported but they must be added to the user's profile. | You can add the user as a CC to the ticket, otherwise their update will create a flagged comment. See Configuring CC permissions and notifications for more information. |
| Email is too large | The email sent by the end user exceeds the maximum size limit and was rejected by the server. | The user can try resending the email at a smaller size. This limit is for the email body itself and is separate from the attachment size limits. |
| Failed email authentication | The email did not pass Zendesk's DMARC authentication. | Disable DMARC authentication. See Authenticating incoming email using DMARC. |
| Malicious pattern detected | Some part of this ticket's message matched a pattern that is frequently associated with spam messages, or messages intended to steal information from recipients. | If you see important messages suspended for this reason, contact Zendesk Customer Support. |
| Malware detected | This indicates that possible malware was detected. | The user can scan the attachment for malware before resending. Alternatively, resend the email without the attachment. |
| Permission denied due to unauthenticated email update | This indicates that the email header doesn't contain the email token identifying the ticket. This can happen if an email client strips out email header information. | Verify that no headers are being removed by the forwarding mail server and that the body is intact. Please submit a ticket to support@zendesk.com if you're still seeing issues. |
| Permission denied for unknown email submitter | When you require your users to register and create an account, email received from unregistered (unknown) users is suspended. | If you have a known customer base, we would suggest importing your customer base prior to them submitting tickets. See Bulk importing users. |
| Received from support address | The email was sent by (not forwarded from) one of your support addresses. For information about support addresses, see Adding support addresses for users to submit support requests. | The email was received from one of your listed support addresses and is causing a mail loop. You will need to change the from: and reply-to: addresses on the email show the actual requester's email address. |
| Sender or domain is on the blocklist | The ticket came from an address or domain that you've blocked. See Using the allowlist and blocklist to control access to Zendesk Support. | If you need to allow the address or domain (see Using the allowlist and blocklist to control access to Zendesk Support). |
| Sender domain not on allowlist | When your account is configured to only allow emails from a given set of domains (using the allowlist), this indicates that the sender's email address or domain is not within that set. | You will need to allow the email domain or address (see Using the allowlist and blocklist to control access to Zendesk Support). |
| Submitted by unverified user | This indicates that the user is known, but has not yet verified their email address. | The end user must verify their email address with the verification email sent to them. An agent or admin can also manually verify the email on the user's profile or re-send the verification email (see Verifying a user's email). |
| User must sign up to submit email, user notified | This is used when an account requires end users to register and therefore verify their email address before submitting tickets. Once their email address/user account is verified, they can submit tickets. | The user will be prompted to register for access (see Permitting only users with approved email addresses to submit tickets). Once the user has registered, their Suspended ticket will turn into a Support ticket without any action from an Admin required. |
| User does not have authority to update this ticket |
This occurs when an end user attempts to reply to a ticket notification, but they are not a participant. This can also happen if someone removes the encoded ID when responding to the ticket.
Note: If an agent recovers a ticket suspended for this reason, the end user attempting the reply will be added to the ticket's CC list. Anything recovered from this will thread into the given ticket and add the user as a CC. For more information please check Guidelines for reviewing suspended tickets.
|
9 Comments
We integrate with a system called tawk.to where our users can leave messages or chat with our support team. All chat transcripts or offline messages are sent to zendesk to be created as tickets. As of the last few days these are all ending up as suspended tickets with the reason "Detected email as being from a system user". But these are not coming from emails like postmaster or the like. The from address is set as the user's email address who is sending the request.
We are losing tickets as a result! please advise
Hi Moshe,
Emails from system users are always suspended and it is a hard system rule that cannot be disabled. Since you have confirmed that it is not coming from a system user, I highly suggest that you collect ticket samples and reach out to our Customer Support for further investigation.
Thank you. I have reached out to Customer Support.
Hi Everyone,
Thank you for all of your questions on this post. We love your feedback. If you have more product feedback on this topic, we'd like to hear from you!
Please find some time to talk to our product directly at https://calendly.com/pooja-palan/30min?back=1&month=2021-08
Thanks!
Is there any way to determine as to why an email has been marked as spam? We have a substantial amount of suspended tickets and going through them 1 by 1 isnt a viable option.
Any help would be amazing!
Hi Sam.,
Are you seeing a common spam reason on the ticket itself? If yes, please check if that falls under the causes discussed in this article and follow the suggested resolutions. If the issue persists after following the same, I suggest that you grab at least 5 tickets, and reach out to our Customer Support so they can dig deeper into your account.
I wanted to share my workaround.
We had the issue that Zendesk was setting a lot of email as Spam and there was no other way then to recover them manually. This is what I was told.
It worked by creating organizations and end users profiles to let Zendesk recognize those emails.
It would be ideal to add this information to the article, if you consider this working for you too.
"Detected as email loop" - what is the threshold after which the mails from the same user are suspended? Do we have the access to manage this limit?
We have a limit of 20 emails from the same user within an hour. Beyond that, the next 20 updates will be suspended. If more than 40 are received, all additional updates within that hour will be rejected (meaning they won't even create suspended tickets).
There is no option to manage this limit, I'm sorry.
You can find more information on how email loops are handled in our article About mail loops and Zendesk email
Please sign in to leave a comment.