Typically, when an end user submits a support request by email, the email becomes a new ticket. However, you can control what happens to email support requests by using the allowlist or blocklist.
For example, you can block specific users from creating tickets or suspend their tickets so you can review them first. Or, you can only allow users from a particular email domain to create tickets. See Understanding the allowlist and blocklist for usage examples, limitations, and considerations.
This article covers the following topics:
Setting your blocklist and allowlist
Zendesk reads email headers of incoming support requests to determine whether an email should become a ticket or be suspended or rejected based on the rules you’ve configured.
To edit your blocklist and allowlist
- In Admin Center, click
People in the sidebar, then select Configuration > End users. - Enter your Allowlist and Blocklist settings. See Rules for setting your blocklist and
allowlist.
You can enter up to 10,000 characters in the allowlist and blocklist fields. If you are adding multiple email addresses or domains, separate them with a space.
- Click Save tab.
Rules for setting your blocklist and allowlist
- Leave the allowlist blank to allow all users to submit tickets to your Zendesk account, except those added to the blocklist.
- Use keywords or symbols with a blocklist or allowlist entry to make the restrictions
broader or more specific:
- To block or allow an entire email domain, do not include the "@" symbol. An email domain with "@" will not be successfully added to the allowlist or blocklist.
- When using keywords, type the keyword followed by a colon with no space after
the colon (for example,
reject:megaspam.com). Separate multiple entries with a space, and add the keyword before each entry (for example,reject:randomspammer@gmail.com reject:megaspam.com reject:spammerspace.com). See Allowlist and blocklist usage examples. - To send support requests from specific users to the suspended tickets queue,
enter the keyword
suspend:in front of an email address or domain list in the blocklist. - To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue, and there will be no record of the ticket in your Zendesk account. - The keywords
reject:andsuspend:apply only to support requests and don't prevent users from creating an account. See Limitations when using the allowlist and blocklist with other Zendesk channels.
- Add a wildcard (*) in your blocklist to suspend ticket submissions from all new
users except those added to the allowlist. This sends tickets from every user not added
to the allowlist into the suspended tickets queue, preventing new users from creating
accounts.
- A wildcard in the blocklist won't prevent tickets from being created by users who already have profiles; however, blocklisting a domain or email address will. To prevent traffic from a specific user with a profile, suspend or delete the user.
- Use the keywords
suspend:andreject:when using wildcards to suspend most users but reject others.
- If an address or domain conflict exists between
suspend:andreject:, then Zendesk defaults to suspension.
65 Comments
Just to confirm - I can list specific emails in my allow list and put an * in my blocklist? By doing so only those email within the allowlist can submit support request via web widget and submit request link in help center and all others will not be able to.....? I ask because I tried this specific setup with one of my other emails and my tickets are still getting through. They aren't even going to a "suspended" queue.
Hey Mandy,
That should be the case. If you add * to the blocklist then you would only be allowing ticket creating from users that are in the allowlist field. If this isn't happening on your end we may need to create a ticket on your behalf so we can look into some examples. Is this still the case for you?
hi, we would like to block entire domain, but allow one email from that domain and everybody else. For now I have set: in the approve field like this: email@domain.com, in the blocked field reject:domain.com But it is not working, it is still blocking all mails from this domain. What should I do?
Hi Jozsef, You should be able to remove the reject: portion from the blocklist. This will cause emails from that domain to be suspended, but it should allow the one address that you have in your allowlist to be processed as expected. Any time you use the reject: syntax it will reject all traffic from that domain.
I have removed the permalink, and it is not working the suspension. It allowed from my email address to create a ticket
Hi Jozsef, Because assisting you further will require us to inspect your account setup and to examine specific examples, could you open a ticket with us at support@zendesk.com so that we can investigate further? Thanks, Sean
We get a TON of spam via Zendesk tickets, and I understand that using the "Mark as Spam" option not only deletes the ticket, it suspends the user to prevent further incoming messages from adding to the noise.
My question is... when I need to add someone to the CC field on a ticket, all of those suspended people show up in the CC selection list (yes, flagged as suspended), which still makes it a pain in the butt to actually choose a "legit" customer or light agent. Is there ANY way to exclude the suspended offenders from appearing in the CC field?
Hi Shelley,
I'm afraid this is the expected behavior, and that there's no workaround for this. The CC field will suggest users that are currently saved in your Zendesk, regardless if they're suspended or not. I agree that it might be convenient if suspended users will be excluded from the list; I encourage you to create a new post in the Support Product Feedback topic in our community to engage with other users who have similar needs. Thanks Shelley!
You cannot blacklist TLDs by themselves
That's too bad, because we now get spam from @*.shop, with a constantly rotating number of domains under the .shop TLD. There is absolutely no reason why we would want to receive emails from anyone at .shop.
Hi Everyone,
Thank you for all of your questions on the blocklist / allowlist settings. We love your feedback. If you have more product feedback on this topic, we'd like to hear from you!
Please find some time to talk to our product directly at https://calendly.com/pooja-palan/30min?back=1&month=2021-08
Thanks!
When a specific email address or domain is on the blocklist, will it prevent them from creating an account in Guide or will it just prevent them from creating tickets? We are trying to prevent certain users from commenting in our community and help articles.
We currently have our help site open to all users and use the web widget. All users can submit tickets through the web widget. They do not submit tickets through email.
Hi Melody,
The blocklist only applies to the creation of tickets, but you can also suspend a user, which prevents them from logging in (and therefore posting or commenting in your help center and community): Suspending a user
Hi,
Is there any way to update allowlist/blocklist via API?
Regards.
If I've previously added a list of end users manually, and then later put a wildcard into the blocklist, will all end user tickets be automatically rejected?
Hi Dave,
Thanks for the answer!
Is there an intelligent way to transition my help center from being completely closed down (only adding end users one at a time) to having users in allowlisted domains sign up -- without totally blocking the end users we've already added?
First Assignee User I can't find any reference in the API docs for the blocklist either.
@... Do you have any knowledge of where one might view or modify the various blocklists via API?
First Assignee User & Plugabot, the allowlists and blocklists are not accessible via our API. For visibility to our product team, it'd be great if one of you could post to our Feedback - Platform: Apps & Integrations topic, using the Product Feedback Post Template to format your post.
Josh McCrowell let me see what i can find out.
Hi @...,
Just a follow-up to my earlier question. Is there a way to block a domain from creating accounts? We are trying to prevent users from an entire company from commenting in our community and help articles.
I know we can suspend accounts after they are created, but am looking for a way to prevent them from being created.
Hi All ,
I am trying to block one particular email ID from creating tickets in Zendesk , but the other uses with the same domain should be able to create tickets , so will the below option work :
We often have users forward "DELIVERY FAILED" messages asking the IT team to investigate them. Is there any way we can unblock these, instead of manually restoring them?
With the recent update where in the wildcard (*) in the blocklist is now for all channels (not just email).
For everyone who are using
(*)in their blocklist setting and also have custom webforms / API integrations which were previously working regardless of the (*), will now need to be added to the allowlist.Suggestion is to leverage
allowlistto allow anything that we do not want to block.+1 to Gaurav's question. I'm trying to block one specific user email address from a domain but allow all other users from that same domain to create tickets. However, I get the following message:
Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organisations: reject:donotreply@email.com
Please help!
This warning would happen in this circumstances (blacklisting) if there is an existent Organization with that name "email" and probably the domain is on the allowing list. Ex: In Organizations > find the Organization in question > Remove the allowed domain.
I hope this helps.
Best,
Thanks for the response Fabricio but it doesn't answer what I need.
For my screenshot below, I want to ensure all users from Test Organisation with an email domain @email.com can create tickets in ZenDesk however, I want to block one specific user from this organisation, donotreply@email.com from creating tickets. Seems ZenDesk cannot do this or am I missing something?
Want to confirm as it's not really clear. If I want to only accept issues from the folks with specific domains, I need to do the following:
1. Turn off this option
2. Add the allowed users domains to this list
Thanks in advance
Hello Jed, thank you for your question!
That is correct, you will need to disable the "anybody can submit tickets" option, enter the email domains you wish to be able to contact you, and also, enter a "*" symbol on the blocklist, so that all other email domains are blocked, like the example on this article:
I hope that was helpful!
I am also interested in Micheál McArdle comment/question, can someone at Zendesk, please respond?
Hi
Is it possible to send an automatic email response for suspended users? At the moment they can send us emails, but we will not receive them and the user is not aware, that we did not receive their email. It would be great if there would be an automatic email sent to the user, that he is not allowed to open tickets or to send emails to this email address.
is this something we could solve with triggers?
thanks for any suggestions.
Hi Ad Astra,
Have you already followed the steps in "Approve a domain, but reject specific email addresses and domains within it"? If you did and the issue persisted, you can directly contact support and we'll help out to determine what could be causing it
Please sign in to leave a comment.