Question
How can I combat spam submitted via web service?
Answer
The primary goal of spammers is to use your triggers to pass spam content to other users through placeholders. Zendesk automatically suppresses certain placeholders when certain criteria are met. For more information, see the article: Understanding placeholder suppression rules.
However, if you have customized triggers, you may still have placeholders that pass content of the ticket to the end user upon ticket creation, for example, {{ticket.title}}
.
Instructions
Step 1: Remove placeholders that spammers target
Update your account's version of the Notify requester and CCs of received request trigger.
- If the trigger in your account that notifies requesters and CCs of received request doesn't have it yet, add the condition Current user | Is | (end user)
- Under Actions, refer to the Email subject and Email body fields. Remove any reference to the placeholder
{{ticket.title}}
or any other placeholder that renders content.
Removing this placeholder renders your trigger useless to spammers since it will no longer share their spam content with recipients. This step doesn't immediately stop the flow of spam tickets but prevents spammers from reaching your customers, and you should eventually stop seeing spam come in.
Step 2: Make sure you have a trigger for agent-created tickets
If your agents create tickets on behalf of end users, for example, sending out proactive emails, you need a trigger that notifies users of the content of those tickets but doesn't allow spammers to do the same.
Newly created Support accounts already have the default Notify requester of new proactive ticket trigger enabled in their accounts. However, older accounts may need to create one from scratch.
Temporarily blocking email domains using the blocklist
While the above recommendations will protect your account from further spam, it will not immediately stop ticket creation. If you want to block ticket creation regardless of channel, use the blocklist feature with the blocklist modifier suspend: or reject: prepended to the domain.
blocklist: reject:randomspammer@gmail.com suspend:qq.com
For more information on spam prevention on other channels, see the article: Spam prevention resources.