Regarding announcement
https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests
Please add the ability to turn off this feature, do not make a decision for us. We do not want to burden our customers with an unnesesary additional email.
Under Review
Verification for anonymous help center requests
Amber, on the announcement there's a bullet point under "It does not apply to" that says this workflow doesn't impact "Requests created by sending an email to your support email address". That sounds like the use case you're describing?
I'm looking into our settings today and don't see the specific option to opt out of the Account Verification - can you please provide a screenshot of this setting? or.. is it not in the UI yet? Thanks
Thank you for the update with a toggle to control this feature.
There is one detail from the announcement which I would like further clarification on:
- “Important: Turning off this setting can allow your account to be used in email spam attacks. If a spam attack is detected, Zendesk may reactivate this feature to protect your account.”
Questions:
- What defines a “spam attack”?
- What are the thresholds for Zendesk to automatically enable the feature?
- Are there alerts prior to Zendesk making this change, and if Zendesk does make this change?
Sally — The feature should be on all accounts now, and for the last 3 hours. We went through our normal rollout procedures today, and have successfully deployed just the setting. You can opt out now.
Vaughn —
- What defines a “spam attack”?
- The pattern we are on the lookout for is generally a large flood of messages being created within a Zendesk instance, all from an anonymous submitter with different email addresses referenced as requesters. These are the hallmarks of a relay spam attack.
- What are the thresholds for Zendesk to automatically enable the feature?
- We haven't defined a threshold for the number of tickets that would bring us to this measure, but we do not intend this to be something we do lightly. It will not be automated, either, our spam and abuse prevention teams would deploy this as one potential method of resolving an ongoing issue.
- Are there alerts prior to Zendesk making this change, and if Zendesk does make this change?
- We have a few other mitigations that we have deployed in the past, and we will always inform customers when we do.
More generally, I do want to say this is not our preferred method for stopping spam. We have a number of other protections in place now and more forthcoming — most of these are rate limits or detection mechanisms that can stop just the bad actors. We are optimistic about our ability to stop these attacks without email verification, though we do still strongly recommend its use.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.