Question
Some of my tickets are getting suspended. What causes the Detected as spam suspension reason?
Answer
There are a variety of reasons a ticket could be detected as spam and placed within the suspended queue. Click through the tabs below to learn more about ticket spam detection, suspension, and recovery.
Types of spam
How spam is detected
Reasons for suspension
Types of "Detected as Spam" suspended tickets
There are two different types of "Detected as Spam" suspended tickets:
- Tickets in which the requester was suspended. Suspensions can happen when an agent uses the Mark as spam option on a ticket without realizing that it also suspends the ticket requester. All future tickets from that sender are suspended as spam. To solve this, un-suspend the user.
- The spam filter set for the customer account, either Cloudmark or the Rspamd EAP, finds characteristics of the content suspicious. Some of these suspicious characteristics are listed under the Reasons for suspension tab in this article.
How spam is detected in Zendesk Support
Zendesk Support uses a spam filter service, known as Cloudmark. To keep their processes safe and secure, Zendesk is not given any direct insight into Cloudmark’s algorithms. However, Zendesk is given information in the form of encoded “fingerprints” which can be used to examine the nature of the suspension.
Depending on your permissions, agents and admins can recover an email from the suspended queue. Recovery within Zendesk sends a coded message back to Cloudmark, letting them know that you believe the email is legitimate. Depending on the cause for the spam rating, this can resolve the issue for you over time, often just after a few recoveries. This allows for better results through dynamic analysis.
Gmail has more permissive spam detection than Cloudmark. It identifies spam based on your usage patterns and other factors to which Cloudmark doesn't have access. Therefore, Cloudmark may occasionally identify an email as spam even when Gmail doesn't.
Reasons for suspension
Find below some common causes for email suspensions.
- A handful of customers marked your outbound emails as spam. Using distribution groups or lists can lead end-users to mark emails as spam. Zendesk recommends the use of a dedicated support address that auto-forwards emails to your account.
- Domain temporarily blocked. Possibly due to a proactive outbound marketing campaign.
- The forwarding IP of your email is part of a shared-hosting setup such as GoDaddy, and this rating has nothing at all to do with you.
- The email address of the sender is recognized as a producer of spam. Sometimes, a local physical mailing address can be listed as engaging in questionable business practices or sales.
- The email was generated by an online form, such as PHP, which is associated with spam-like practices.
- Newsletters without a double opt-in option or mailing lists that include users who unsubscribed from your publication. An opt-in feature sends a confirmation email ensuring that the users want to receive your weekly or monthly mailouts.
- Email attachments include suffixes many filters will act upon, such as
.exe,.avi,.swf, or.zip. - Signature file links directly only to sales sites.
- Poorly formatted HTML. Sometimes this is caused by converting a Microsoft Word file to HTML.
- Emails with excessive use of bright colors, fonts, sizes, images, or links to social media sites.
- Emails that contain unapproved words such as "free", "sex", "viagra", "timeshare", "buy now", "urgent matter", "medical breakthrough", "money-back guarantee", "!!!!!!", and many others. In some cases, the excessive use of the word "opportunity" can cause a rise in the spam rate.
- A sending or relay server that isn't configured for a reverse DNS lookup.
- Bulk emails are sent using the BCC field.
- A website that doesn't let users update their profile details. This can result in email bounce-backs. Or, your autoresponder doesn't require confirmation, which allows people to fill your lists with false addresses.
For more information, see the article: Understanding and managing suspended tickets and spam.
10 Comments
Hi team,
I blocklisted a couple of emails on the Zendesk instance that were detected as spam to ensure that they do not appear in the suspended ticket view however the tickets are still trickling in. Are you possibly able to look into this for me. Thanks.
Thank you for messaging us. You can doing a "reject" command for this sos that specific emails will be blocked completely. Here's an example:
Here's a link on guide how to use blocklist feature to it's maximum potential: Using blocklist feature
How do I report excessive spam detection? We have seen an uptick in suspensions across multiple users and channels where there didn't appear to be cause.
+1 to Matthew's comment. We get a huge false positive rate on incoming emails, approaching double digits. How can we loosen these rules to ensure valid tickets aren't suspended?
We also see this increase in false rating.
Could you share with us the cause of suspensions in the tickets?
@... they are exclusively "Detected as spam". But many are from our customers, email addresses like "john@company.com" and bodies containing product questions, i.e. not spammy things like "sign up for access to your own crypto account" etc.
Thank you. Most common cause is that the user is suspended but if it's not, the email was flagged as spam by Zendesk's email detection filters. Some messages, if flagged with very high confidence of spam, are rejected entirely.
For now, I would highly suggest recovering these tickets that are suspended which can help improve the sender's reputation going forward.
Hey Zendesk Support!
Question about how spam is stored in our metrics.
Within Explore, are "suspended" and "spam" tickets counted towards the `unreplied tickets` metric?
Messages that are caught in the Suspended tickets folder aren't counted as actual ticket records so these aren't included in the metric calculations. For tickets that were marked as spam, since these tickets are deleted, they are also removed from the calculations in Explore.
Please sign in to leave a comment.