← back home

Combating the Deluge: Understanding and Filtering Unwanted Zendesk Reply Spam

January 30, 2026
Zendesk Email Spam Reply Spam Email Filtering System Vulnerability Sieve Filter Proton Mail Support Tickets Automated Emails Email Security
View original discussion on Hacker News

The digital world is increasingly plagued by unwanted email, and a recent surge points to a peculiar form: "Zendesk reply spam." This isn't your typical phishing attempt or advertising junk, but rather legitimate-looking emails from various Zendesk customers, often announcing "request received" or "new support ticket." Many individuals are reporting being deluged with these messages, sometimes receiving dozens or even hundreds in a short span.

The Problem: Legitimate Emails, Unwanted Content

The core issue lies in the nature of these emails. They are not mass unsolicited advertisements but genuine automated replies from Zendesk's customer support system. This makes them particularly difficult to filter using standard spam detection, as they originate from reputable domains and contain expected transactional content. Email providers like Gmail are catching some, but often only a fraction, leaving many to flood inboxes. The problem affects users across various email services, including Gmail, Proton Mail, and those with custom domains, indicating a widespread system-level vulnerability rather than a targeted attack on a specific provider.

Understanding the Root Cause

The prevailing theory suggests that the issue stems from Zendesk's system design, specifically its mechanism for creating support tickets. It appears that Zendesk may be configured to accept any email address as the source of a ticket, and then automatically replies to that address with ticket confirmations and updates. This vulnerability allows malicious actors to initiate support requests using arbitrary email addresses, effectively weaponizing Zendesk's legitimate communication channels to inundate unsuspecting individuals with unwanted messages. Data breaches, such as a recent one potentially affecting Discord users, could further exacerbate this problem by providing spammers with lists of valid email addresses. Zendesk itself has acknowledged this problem, with an official support article noting awareness of "recent spam emails via Zendesk" since at least last year.

Mitigating the Influx

Given the legitimate nature of these emails, direct blocking can be challenging. However, some proactive measures can help:

  • Custom Filtering (e.g., Sieve Filters): For email services that support advanced filtering rules, such as Proton Mail, creating custom filters can be highly effective. One user shared a Sieve filter example designed to move emails from Zendesk to a specific folder or to trash if the recipient address is not associated with any legitimate Zendesk interactions. This approach targets the specific X-Mailer or Precedence headers common in Zendesk emails.
  • Leveraging Provider-Specific Features: While not always perfect, continue to mark these emails as spam within your email client. This feedback helps improve the algorithms of services like Gmail.
  • Awareness of Zendesk's Stance: Stay informed about any official updates or solutions Zendesk may implement to address this systemic vulnerability. Their continued awareness, as noted in their support documentation, suggests ongoing efforts, though a definitive fix for users remains elusive.

Until a comprehensive solution is implemented by Zendesk, a combination of vigilant filtering and understanding the mechanism behind this "spam" can help manage the influx.

Get the most insightful discussions and trending stories delivered to your inbox, every Wednesday.