Question
Some of my tickets are getting suspended. What causes the "Detected as Spam" suspension reason?
Answer
Nobody likes spam, and nobody likes having legitimate emails suspended as spam, yet the spam is a recurring issue with email, making spam filters an everyday part of the process. Few would use email if spam filters were not in place and highly effective. Also, there are existing laws in place that require that companies act responsibly in this regard.
There are a variety of definitions of spam, ranging all the way from unsolicited bulk emails to individual emails that arrived questionably. Companies that are less than professional with your email address might sell them to a listing service, of which there are many. Or, a-lone emailer might be abusing one of the free email accounts that are offered by Gmail, Yahoo, Outlook, Hotmail, etc.
Types of "Detected as Spam" suspended tickets
There are two different types of "Detected as Spam" suspended tickets:
- One type occurs when the ticket requester is suspended. That is resolved by un-suspending the user. This is generally caused by an agent using the "Mark as Spam" option on a ticket without realizing that it also suspends the ticket requester and causes all future tickets from that sender to be suspended as spam.
- Another type is where the spam filter that is set for their account (either Cloudmark or the RSPAMD EAP) finds the content to be spammy. Reach out to support if this is a false positive.
How spam is detected in Zendesk Support
Zendesk Support uses one of the most respected spam filter services in the world, known as Cloudmark. While we have no direct insight into their algorithms, which keeps their process safe and secure, we are given some information in the form of encoded "fingerprints" which we can then use to examine the nature of the suspension.
You, as a Zendesk Support customer, can participate in the process also just by recovering an email from your suspended queue. Doing this sends a coded message back to Cloudmark letting them know that you believe the email to be legitimate. Depending on the cause for the spam rating this can resolve the issue for you over time, often just after a few recoveries. This allows for better results through dynamic analysis.
A sudden increase in suspended tickets for being detected as spam can cause you to feel that something has changed on Zendesk Support's side. While Cloudmark is a self-correcting mechanism its ratings can also change quickly to account for several factors that might be beyond your control.
A common question, particularly in a forwarding situation, is "Why doesn't Gmail recognize it as spam, but you do?" Gmail's algorithms are among the best in the world and are somewhat customized just to your usage patterns. They are designed to be permissive, particularly to emails that you have responded to from within that account, which is a thing that Cloudmark can not possibly know as there is a more tenuous relationship between the sender, your forwarding domain, and Zendesk Support, as well as Cloudmark's ability to document those historical relationships.
Reasons for suspension
Here are just a few common causes for suspensions:
- A handful of end-users marked your outbound emails as spam.
- The use of distribution groups/lists is a common cause of end-users marking emails as spam. We recommend using a dedicated support address auto-forwarding to us as outlined in this article to ensure greater deliverability.
- Your domain becomes temporarily blocked or blacklisted, possibly due to a proactive outbound marketing campaign.
- Your email forwarding IP is part of a shared-hosting setup like GoDaddy, and this rating has nothing at all to do with you.
- The sender's email address is recognized as a producer of spam.
- The email was generated by an online form, like a PHP, which is associated with spam-like practices.
- Your newsletters do not require a "double opt-in" that sends a confirmation email ensuring that the users want your weekly or monthly mailouts.
- Your attachments included suffixes many filters will act upon, such as .exe, .avi, .swf, .zip, etc.
- Poorly formatted HTML is a hallmark of spam, sometimes the result of converting an MS Word file to HTML.
- Excessive use of bright colors, fonts, sizes, images, etc.
- Multiple or excessive links to social media sites
- Having words like free, sex, Viagra, timeshare, buy now, urgent matter, medical breakthrough, money-back guarantee, !!!!!!, etc. Even excessive use of the word "opportunity" can cause a rise in the rate.
- A sending or relay server is not configured for a reverse DNS lookup.
- Bulk emails are sent using the BCC field.
- Signature file links directly only to sales sites.
- Your mailing lists still include users that have clicked your Unsubscribe link (or you don't have an Unsubscribe at all in your marketing emails)
- Your website doesn't let users update their profile details, which results in a lot of bounce-backs. Or, your autoresponder doesn't require confirmation, which allows people to fill your lists with false addresses.
- Even your local physical mailing address can be listed as engaging in questionable business practices or sales
There are more examples, but that covers several of the basics, just to give you an idea of how a cumulative score can add up pretty quickly. Some of these things are easily remedied while others might be out of your control, and the suspension might have nothing at all to do with your practices. Sometimes it is the order in which these things occur in the email that determines their "weight" against the threshold, particularly if an email is relayed through several servers before it gets to you.
Don't panic if you start to get several emails in your suspended queue. Try to see if there is a relationship between them—like if they are all being forwarded through your support email address, or if they're coming from an online form—then open a ticket with us if you feel that you have any more questions. We're always happy to take a look and try to give you a better idea of what might be happening.
For more information, see the article: Understanding and managing suspended tickets and spam.
10 Comments
Hi team,
I blocklisted a couple of emails on the Zendesk instance that were detected as spam to ensure that they do not appear in the suspended ticket view however the tickets are still trickling in. Are you possibly able to look into this for me. Thanks.
Thank you for messaging us. You can doing a "reject" command for this sos that specific emails will be blocked completely. Here's an example:
Here's a link on guide how to use blocklist feature to it's maximum potential: Using blocklist feature
How do I report excessive spam detection? We have seen an uptick in suspensions across multiple users and channels where there didn't appear to be cause.
+1 to Matthew's comment. We get a huge false positive rate on incoming emails, approaching double digits. How can we loosen these rules to ensure valid tickets aren't suspended?
We also see this increase in false rating.
Could you share with us the cause of suspensions in the tickets?
Josh they are exclusively "Detected as spam". But many are from our customers, email addresses like "john@company.com" and bodies containing product questions, i.e. not spammy things like "sign up for access to your own crypto account" etc.
Thank you. Most common cause is that the user is suspended but if it's not, the email was flagged as spam by Zendesk's email detection filters. Some messages, if flagged with very high confidence of spam, are rejected entirely.
For now, I would highly suggest recovering these tickets that are suspended which can help improve the sender's reputation going forward.
Hey Zendesk Support!
Question about how spam is stored in our metrics.
Within Explore, are "suspended" and "spam" tickets counted towards the `unreplied tickets` metric?
Messages that are caught in the Suspended tickets folder aren't counted as actual ticket records so these aren't included in the metric calculations. For tickets that were marked as spam, since these tickets are deleted, they are also removed from the calculations in Explore.
Please sign in to leave a comment.