Zendesk has a built in allow/deny system via the
allowlist and blocklist.
We often use this to help mitigate attacks on Zendesk (such as spam). This is
accessed via Admin
> Customers
> Settings
. Quick links for these would
be:
There are two types of items you can put in an allowlist or blocklist:
For users, simply put the full email address. For domains, simply put the
domain itself (do not put the @
sign, as this will cause it to not work
properly).
This is what determines who is automatically allowed to submit tickets. By default, we tend to allow all users and domains to submit tickets. This is most useful in cases where users/domains get marked as spam when submitting tickets. In such cases, it helps to put the user/domain on the allowlist to prevent that from occurring.
The separator for the allowlist is whitespace (e.g. ` `). To have it apply to multiple, simple have whitespace between them:
gitlab.com reports@example.com
When it comes to use the blocklist, there are 3 different actions you can take:
The separator for the blocklist is whitespace (e.g. ` `). To have it apply to multiple, simple have whitespace between them:
example.com reject:bad_user@example.com suspend:i_am_spammer@example.com
This ability automatically suppresses tickets from specific users or domains. The caveat here being they have to be registered users, so often this only works in cases of simple attacks. The format for doing this is simple:
example.com
im_not_real@example.com
This ability automatically rejects tickets from specific users or domains. This prevents their creation entirely. You can automatically reject a ticket using the following format in the blocklist:
reject:example.com
reject:bad_user@example.com
This ability automatically suspends users when they submit tickets. We rarely use this function, as normally auto-suppression or auto-rejection will accomplish our goals. But should the case arise, you can automatically suspend a user using the following format in the blocklist:
suspend:example.com
suspend:i_am_spammer@example.com
From time to time, we might need to review the list to make sure it is still working for us. This is especially true in cases of the blocklist. We use this often to help mitigate attacks. But legitimate users can get caught in this. Because of this, we should review the list rules from time to time to make sure they are still valid and required.