You can control access to your Zendesk account by adding end users' email addresses and domains to your blocklist and allowlist. Using the blocklist, you can prevent specific users, or sets of users, from registering and submitting support requests. Using the allowlist, you can allow specific users, or sets of users, to access your Zendesk account and submit support requests.
This article contains the following sections:
About the blocklist and allowlist
The blocklist and allowlist can help you create rules for accepting, suspending, and rejecting users' emails. Any email that is suspended because of the blocklist will be added to the suspended queue and flagged. If you have set up user mapping, any email domains you add to the allowlist will automatically be included (see Automatically adding users to organizations based on their email domains).
Your allowlist will automatically override your blocklist. For example, if you blocked a specific domain, but allowed a user with that email domain, they will be given access.
Depending on how your Zendesk account is set up, you can use the blocklist and allowlist to apply additional settings to control who can access your account. If you allow anyone to submit tickets, such as in open support type, you can use the blocklist to filter out spam email addresses and domains (see Suspending a user). Any ticket from a user or domain on the blocklist is automatically sent to the suspended tickets queue. If you require users to register, you can use the blocklist to ensure that only approved email addresses and domains can submit support requests and authenticate accounts.
The blocklist and allowlist feature contains rules you can combine to restrict access.
See the section below for a list of the available blocklist and allowlist rules.
About the CC blocklist
The CC blocklist prevents an address from being added as a ticket CC, but still allows the blocked address to submit tickets. This can help you fine-tune your permissions.
To access the CC blocklist
- In Admin Center, click Objects and rules in the sidebar, then select Tickets > Settings.
- Enter the email address or the domain name of the users you want to prevent becoming CCs and followers by entering their email address or domain name into the blocklist. Use spaces to separate the addresses.
- When you are finished, click Save tab.
For more information, see Configuring CC and follower permissions.
Setting your blocklist and allowlist
- You can enter up to 10,000 characters in each of the allowlist and blocklist fields.
- Leave the allowlist blank to allow all users to submit tickets to your Zendesk account, except those added to the blocklist.
- To suspend ticket submissions from all users except for those added to the allowlist,
add a wildcard(*) in your blocklist.Important: The wildcard will send tickets from every user not added to the allowlist into the suspended tickets queue, preventing new users from creating accounts.
- Use keywords or symbols with a blocklist or allowlist entry to make the restrictions
broader or more specific:
- To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the allowlist or blocklist with "@".
- To completely block support requests from specific users, enter the keyword
reject:in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue, and there will be no record of the ticket in your Zendesk account.
reject:only applies to support requests and doesn't prevent users from creating an account.
- Being placed on the allowlist does not allow users to override their tickets from being suspended if the subject contains the text "Out of Office" or if the ticket comes from an email flagged as a "do not reply" address.
To edit your blocklist and allowlist
- In Admin Center, click People in the sidebar, then select Configuration > End users.
- Enter your Allowlist and Blocklist settings.
You can view some of the common blocklist and allowlist examples in the section below. If you are adding multiple email addresses or domains, separate them with a space.
- Click Save tab.
Allowlist and blocklist usage examples
You can use a combination of the blocklist and allowlist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk account.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk account by adding the domain in the allowlist and suspend all users with a different email domain by adding a wildcard (*) in the blocklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
allowlist: mondocamcorp.com blocklist: *
If you want to allow more than one domain access, you can enter multiple domains separated by a space. In the example below, email from the domains mondocamcorp, comdocam, and mondostore are permitted, and all other users will be suspended.
allowlist: mondocamcorp.com mondocam.com mondostore.com blocklist: *
Approve a domain, but suspend specific email addresses with the domain
suspend keyword, you can prevent a specific email address with
an allowed domain from accessing your Zendesk account.
allowlist: gmail.com blocklist: * suspend:email@example.com
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous example, you can block specific email addresses from using an
allowed domain by entering their email address in the blocklist. Use the
reject keyword to prevent a user's tickets from being added to your
Zendesk account at all.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets queue except for the email address firstname.lastname@example.org. Email from email@example.com will be rejected completely, and the ticket will not be recorded in your Zendesk account.
allowlist: gmail.com blocklist: * reject:firstname.lastname@example.org
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register, except for specific email address and domains. To allow all users to register, you can leave the allowlist blank, then enter any blocked users.
In the example below, everyone can access your Zendesk account except for
email@example.com and megaspam.com. Since the
reject: keyword is
used, all email from those accounts will be blocked completely, and the ticket will not be
recorded in your Zendesk account.
allowlist: blocklist: reject:firstname.lastname@example.org reject:megaspam.com
Suspend support request tickets from specific email addresses or domains
Simply adding an email address or domain to your blocklist suspends tickets from those users, but only if those tickets are submitted through the email channel.
allowlist: blocklist: suspend:email@example.com suspend:megaspam.com