What is the problem?
Some of our customers are using email scanners in their environment. These email scanners are "clicking" on links to check them for security issues. The act of clicking on the "Yes, close my request" is authenticating the user and closing the request.
Why is it a problem?
In general, these closures are not deliberate and cause customer satisfaction issues.
How do you solve the problem today?
Right now, we are trying to come up with a solution using triggers and tags to target disable the Answer Bot for customers that we know are using these scanners. This removes very important functionality for my team.
How would you ideally solve the problem?
There are two options I see:
- (CRITICAL) The link in the email should NOT, under any circumstances, include an authorization token that lets people view articles. We lock down our support site so that only approved users can see content. The button including an auth token is something that must be removed. The side effect is that removing the auth token will make it so an email scanner clicking will not be able to close the ticket.
- Even if you keep the auth token in the URL, add a second validation of some kind that the ticket should be closed. Perhaps this can be requiring logging in to the support site, or a modal that says "click here to confirm closing the ticket."
How big is the problem (business impact, frequency of impact, who is impacted)
This is a fairly large issue for us. Many companies have some kind of email scanner, so this will become a bigger issue as we add more corporate customers. Answer Bot is a large metric I am tracking, as it related to KB quality. If we are getting false positives on Answer Bot, it can literally cost us money, and it is causing customer satisfaction concerns.
Please sign in to leave a comment.