Email sent to Zendesk Support can be suspended or rejected. Suspended emails are often, but not always, spam. This article explains what suspended tickets are and your options for managing them.
For information, see the support tip What does "Detected as spam" mean?
This article discusses the following topics:
What are suspended tickets?
In most cases, when an end user submits a support request by email, the email becomes a new ticket or adds a comment to an existing ticket. However, in certain cases, the email may be suspended. Suspending an email means putting it aside for further review. It's not necessarily spam. It's just not a ticket in Zendesk Support yet. It remains in limbo until somebody reviews it and decides whether to accept or reject it.
An email can be suspended for a variety of reasons. For example, one common reason is that the email is from an unregistered user when you require users to register.
Suspended emails are collected in a system-generated view. The suspended tickets view is visible to any agent with access to all tickets. We recommend that you review the suspended tickets frequently. If nobody reviews a suspended email, it is automatically deleted after 14 days.
- The email is spam. If the email is rated as having a 99% or better chance of being spam, it's rejected. If the rating is less than a 99%, the email is suspended to give you a chance to confirm that it's really spam.
- You blocked the email address or domain. See Using the allowlist and blocklist to control access to Zendesk Support.
Managing suspended tickets
For security purposes, Zendesk automatically performs some scanning of tickets to identify malicious content. However, the way you configure your account also influences how many emails are suspended.
- First, who do you allow to submit tickets?
If you have restricted ticket submission to only users with approved email addresses or closed ticket submission to everyone except the users you've added, you'll see more suspended tickets than you would if you allowed anyone to submit tickets.
- Have you enabled DMARC, SPF, or DKIM authentication for incoming emails?
Each of these methods works differently to detect spam and spoofed emails, so they do result in more suspended tickets, but they also add a layer of security to the inbound emails that generate tickets.
- Are you using the allowlist and blocklist?
Emails submitted by end users on the blocklist are suspended by default, but you can configure it so that they are rejected. The allowlist specifies who is exempt from the blocklist rules as well as bypassing some other standard causes for email suspension.
If you find that some of your security settings are resulting in too many suspended tickets, look for patterns of similarity to the valid tickets that are being suspended. Then use the allowlist and blocklist to permit emails that match that pattern.
We recommend implementing a process for reviewing suspended emails frequently. Any emails that remain in the suspended tickets queue for 14 days without review are automatically deleted.