Question
Some of my tickets are getting suspended. What causes the Detected as spam suspension reason?
Answer
There are a variety of reasons a ticket could be detected as spam and placed within the suspended queue. Click through the tabs below to learn more about ticket spam detection, suspension, and recovery.
Types of spam
How spam is detected
Reasons for suspension
Types of "Detected as Spam" suspended tickets
There are two different types of "Detected as Spam" suspended tickets:
- Tickets in which the requester was suspended. Suspensions can happen when an agent uses the Mark as spam option on a ticket without realizing that it also suspends the ticket requester. All future tickets from that sender are suspended as spam. To solve this, un-suspend the user.
- The spam filter set for the customer account, either Cloudmark or the Rspamd EAP, finds characteristics of the content suspicious. Some of these suspicious characteristics are listed under the Reasons for suspension tab in this article.
How spam is detected in Zendesk Support
Zendesk Support uses a spam filter service, known as Cloudmark. To keep their processes safe and secure, Zendesk is not given any direct insight into Cloudmark’s algorithms. However, Zendesk is given information in the form of encoded “fingerprints” which can be used to examine the nature of the suspension.
Depending on your permissions, agents and admins can recover an email from the suspended queue. Recovery within Zendesk sends a coded message back to Cloudmark, letting them know that you believe the email is legitimate. Depending on the cause for the spam rating, this can resolve the issue for you over time, often just after a few recoveries. This allows for better results through dynamic analysis.
Gmail has more permissive spam detection than Cloudmark. It identifies spam based on your usage patterns and other factors to which Cloudmark doesn't have access. Therefore, Cloudmark may occasionally identify an email as spam even when Gmail doesn't.
Reasons for suspension
Find below some common causes for email suspensions.
- A handful of customers marked your outbound emails as spam. Using distribution groups or lists can lead end-users to mark emails as spam. Zendesk recommends the use of a dedicated support address that auto-forwards emails to your account.
- Domain temporarily blocked. Possibly due to a proactive outbound marketing campaign.
- The forwarding IP of your email is part of a shared-hosting setup such as GoDaddy, and this rating has nothing at all to do with you.
- The email address of the sender is recognized as a producer of spam. Sometimes, a local physical mailing address can be listed as engaging in questionable business practices or sales.
- The email was generated by an online form, such as PHP, which is associated with spam-like practices.
- Newsletters without a double opt-in option or mailing lists that include users who unsubscribed from your publication. An opt-in feature sends a confirmation email ensuring that the users want to receive your weekly or monthly mailouts.
- Email attachments include suffixes many filters will act upon, such as
.exe,.avi,.swf, or.zip. - Signature file links directly only to sales sites.
- Poorly formatted HTML. Sometimes this is caused by converting a Microsoft Word file to HTML.
- Emails with excessive use of bright colors, fonts, sizes, images, or links to social media sites.
- Emails that contain unapproved words such as "free", "sex", "viagra", "timeshare", "buy now", "urgent matter", "medical breakthrough", "money-back guarantee", "!!!!!!", and many others. In some cases, the excessive use of the word "opportunity" can cause a rise in the spam rate.
- A sending or relay server that isn't configured for a reverse DNS lookup.
- Bulk emails are sent using the BCC field.
- A website that doesn't let users update their profile details. This can result in email bounce-backs. Or, your autoresponder doesn't require confirmation, which allows people to fill your lists with false addresses.
For more information, see the article: Understanding and managing suspended tickets and spam.
20 Comments
Hi team,
I blocklisted a couple of emails on the Zendesk instance that were detected as spam to ensure that they do not appear in the suspended ticket view however the tickets are still trickling in. Are you possibly able to look into this for me. Thanks.
Thank you for messaging us. You can doing a "reject" command for this sos that specific emails will be blocked completely. Here's an example:
Here's a link on guide how to use blocklist feature to it's maximum potential: Using blocklist feature
How do I report excessive spam detection? We have seen an uptick in suspensions across multiple users and channels where there didn't appear to be cause.
+1 to Matthew's comment. We get a huge false positive rate on incoming emails, approaching double digits. How can we loosen these rules to ensure valid tickets aren't suspended?
We also see this increase in false rating.
Could you share with us the cause of suspensions in the tickets?
@... they are exclusively "Detected as spam". But many are from our customers, email addresses like "john@company.com" and bodies containing product questions, i.e. not spammy things like "sign up for access to your own crypto account" etc.
Thank you. Most common cause is that the user is suspended but if it's not, the email was flagged as spam by Zendesk's email detection filters. Some messages, if flagged with very high confidence of spam, are rejected entirely.
For now, I would highly suggest recovering these tickets that are suspended which can help improve the sender's reputation going forward.
Hey Zendesk Support!
Question about how spam is stored in our metrics.
Within Explore, are "suspended" and "spam" tickets counted towards the `unreplied tickets` metric?
Messages that are caught in the Suspended tickets folder aren't counted as actual ticket records so these aren't included in the metric calculations. For tickets that were marked as spam, since these tickets are deleted, they are also removed from the calculations in Explore.
I wanted to ask about a problem I've been having which is really frustrating. We noticed soon after migrating to Zendesk that on some occasions, emails that a member of our staff send to our Zendesk system in order to create a new ticket are being marked as spam and this in turn suspends the member of staff automatically. This means they cannot raise further tickets until we realise and manually recover the suspended ticket and unsuspend their account.
I've added our company domain to the email allow list but it is ignored, it still randomly marks as spam and suspended them. This is not acceptable; we want to ensure that any mail sent from our own domain is allowed through and we'll judge whether or not it is spam, but what is not acceptable is the suspension of their account.
Please advise.
Hi James,
I'd like to look at examples of this. Hence, I created a ticket on your behalf and will continue to assist you from there. Kindly check your email for updates. Thank you!
Is there a reason why some replies to our agents also get flagged as spam? I just unsuspended several tickets and some of them were replying to a response from one of our reps.
We are also seeing an increase in the last few weeks of messages and replies getting flagged as spam. What is going on?
We also had an extreme increase in responses marked as spam over the past week.
We are also experiencing an increasing amount of legit responses from our customers ending up in Suspended tickets with Cause of suspension = Detected as spam. Please resolve ASAP!
Huge increase in false positives since ~ July 28 2023. We have customers that have successfully emailed us for years ending up in the Suspended List. Perhaps the email addresses have ended up on a compromised list that CloudMark is checking?
Anyway, this is not a new issue (I first ran into + reported it in 2021) and it seems to go through phases where it's particularly bad.
Save yourself the headache and make it SOP to review the suspended ticket listed every day (that way, it'll also be easier to manage/get it done).
Also, fwiw:
Recovering an email from your suspended queue can help improve the sender's reputation going forward. Doing this sends a coded message back to Cloudmark letting them know that you believe the email to be legitimate. Depending on the cause for the spam rating this can resolve the issue for you over time, often just after a few recoveries. This allows for better results through dynamic analysis.
We've been noticing lately that customer replies to our agents are also getting suspended, though it's rare. There are even situations where we go back and forth with a customer several times, then all of a sudden one of the replies gets suspended.
Is anyone aware of a trigger/automation/workaround to prevent this from happening?
Just adding on to the thread that we've also seen a significant increases in false positives marking emails as "Detected as Spam" including for users that had previously sent in emails successfully within the same ticket.
There are a lot of factors on why an email is being marked as Spam. Indeed, recovering the email from the Suspended Tickets view will help train Cloudmark’s algorithms not to mark subsequent emails as spam; however, it can take some time for the algorithms to update, so it may take a while to see the effect.
If you continue to see these emails being marked as spam in a few days, please do let us know by reaching out to our Support Team via the Widget, and provide a few samples of Suspended Ticket ID and Message ID. For more information, please refer to this article Contacting Zendesk Customer Support.
Best,
Paolo | Technical Support Engineer | Zendesk
Please sign in to leave a comment.