You can control access to your Zendesk account by adding end users' email addresses and domains to your blocklist and allowlist. Using the blocklist, you can prevent specific users, or sets of users, from registering and submitting support requests. Using the allowlist, you can allow specific users, or sets of users, to access your Zendesk account and submit support requests.
This article contains the following sections:
About the blocklist and allowlist
The blocklist and allowlist can help you create rules for accepting, suspending, and rejecting users' emails. Any email that is suspended because of the blocklist is added to the suspended queue and flagged.
Your allowlist automatically overrides your blocklist. For example, if you add a specific domain to the blocklist but allow a user with that email domain, they will be given access.
Additional considerations for the blocklist and allowlist include the following:
- If you've set up user mapping, any email domains you add to the allowlist will automatically be included (seeAutomatically adding users to organizations based on their email domains).
- If you blocklist a user that is CC'd on a ticket, they will not be removed from existing tickets. If an email address is blocked, an agent can still add the user as a CC, and they will still receive CC email notifications. To prevent CC notifications, you will need to suspend the user. The email address will still be visible, but agents cannot add the user to the ticket.
- If a user's domain is present in the blocklist but their full email address is present in an organization's Domains field, the system functions as though that address is allowlisted even if that specific address or domain is blocklisted.
- Being placed on the allowlist does not allow users to override their tickets from being suspended if the subject contains the text "Out of Office" or if the ticket comes from an email flagged as a "do not reply" address.
Depending on how your Zendesk account is set up, you can use the blocklist and allowlist to apply additional settings to control who can access your account. If you allow anyone to submit tickets, such as in open support type, you can use the blocklist to filter out spam email addresses and domains (seeSuspending a user). Any ticket from a user or domain on the blocklist is automatically sent to the suspended tickets queue. If you require users to register, you can use the blocklist to ensure that only approved email addresses and domains can submit support requests and authenticate accounts.
About the CC blocklist
The CC blocklist prevents an address from being added as a ticket CC but still allows the blocked address to submit tickets. This can help you fine-tune your permissions.
To access the CC blocklist
- InAdmin Center, clickObjects and rulesin the sidebar, then selectTickets > Settings.
- Enter the email address or the domain name of the users you want to prevent becoming CCs and followers by entering their email address or domain name into the blocklist. Use spaces to separate the addresses.
- When you are finished, clickSave tab.
For more information, seeConfiguring CC and follower permissions.
Rules for setting your blocklist and allowlist
- Leave the allowlist blank to allow all users to submit tickets to your Zendesk account, except those added to the blocklist.
- Use keywords or symbols with a blocklist or allowlist entry to make the restrictions broader or more specific:
- To block or allow an entire email domain, do not include the "@" symbol. An email domain with "@" will not be successfully added to the allowlist or blocklist.
- To send support requests from specific users to the suspended tickets queue, enter the keyword
suspend:
in front of an email address or domain list in the blocklist. - To completely block support requests from specific users, enter the keyword
reject:
in front of an email address or domain list in the blocklist. Tickets will not be added to the suspended tickets queue, and there will be no record of the ticket in your Zendesk account. The keywordreject:
applies only to support requests and doesn't prevent users from creating an account.
- Add a wildcard (*)在你的过滤清单提交暂停机票from all users except those added to the allowlist. This sends tickets from every user not added to the allowlist into the suspended tickets queue, preventing new users from creating accounts.
- Use the keywords
suspend:
andreject:
when using wildcards to suspend most users but reject others.
- Use the keywords
- If an address or domain conflict exists between
suspend:
andreject:
, then Zendesk defaults to suspension.
Setting your blocklist and allowlist
You can enter up to 10,000 characters in each of the allowlist and blocklist fields.
To edit your blocklist and allowlist
- InAdmin Center, clickPeoplein the sidebar, then selectConfiguration > End users.
- Enter yourAllowlistandBlocklistsettings.
You can view common blocklist and allowlist examples in the section below. If you are adding multiple email addresses or domains, separate them with a space.
- ClickSave tab.
Allowlist and blocklist usage examples
You can use a combination of the blocklist and allowlist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk account.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk account by adding the domain to the allowlist and suspend all users with a different email domain by adding a wildcard (*) to the blocklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
allowlist: mondocamcorp.com blocklist: *
Enter multiple domains separated by a space to allow more than one domain access. In the example below, email from the domains mondocamcorp, comdocam, and mondostore are permitted, and all other users will be suspended.
allowlist: mondocamcorp.com mondocam.com mondostore.com blocklist: *
Approve a domain, but suspend specific email addresses with the domain
Using thesuspend
keyword, you can prevent a specific email address with an allowed domain from accessing your Zendesk account.
allowlist: gmail.com blocklist: * suspend:randomspammer@gmail.com
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous example, you can block specific email addresses from using an allowed domain by entering their email address in the blocklist. Use thereject
keyword to prevent a user's tickets from being added to your Zendesk account.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets queue except for the email address randomspammer@gmail.com. Email from randomspammer@gmail.com will be rejected completely, and the ticket will not be recorded in your Zendesk account.
allowlist: gmail.com blocklist: * reject:randomspammer@gmail.com
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register except for specific email addresses and domains. To allow all users to register, you can leave the allowlist blank, then enter any blocked users.
In the example below, everyone can access your Zendesk account except for randomspammer@gmail.com and megaspam.com. Since thereject:
keyword is used, all email from those accounts will be blocked completely, and the ticket will not be recorded in your Zendesk account.
allowlist: blocklist: reject:randomspammer@gmail.com reject:megaspam.com
Suspend support request tickets from specific email addresses or domains
Simply adding an email address or domain to your blocklist suspends tickets from those users, but only if those tickets are submitted through the email channel.
allowlist: blocklist: suspend:randomspammer@gmail.com suspend:megaspam.com
When using thesuspend
keyword to suspend all support requests from a specific domain, all tickets from that domain are suspended, even if individual email addresses with that domain are in the allowlist. To suspend all tickets from a domain but allow specific users, add the domain to the blocklist (without the "@" symbol or thesuspend
keyword) and add the allowed email addresses to the allowlist.
56 Comments
Just to confirm - I can list specific emails in my allow list and put an * in my blocklist? By doing so only those email within the allowlist can submit support request via web widget and submit request link in help center and all others will not be able to.....? I ask because I tried this specific setup with one of my other emails and my tickets are still getting through. They aren't even going to a "suspended" queue.
Hey Mandy,
That should be the case. If you add * to the blocklist then you would only be allowing ticket creating from users that are in the allowlist field. If this isn't happening on your end we may need to create a ticket on your behalf so we can look into some examples. Is this still the case for you?
你好,我们想要阻止整个域,但紧密相联的w one email from that domain and everybody else. For now I have set: in the approve field like this:email@domain.com, in the blocked field reject:domain.com But it is not working, it is still blocking all mails from this domain. What should I do?
Hi Jozsef, You should be able to remove the reject: portion from the blocklist. This will cause emails from that domain to be suspended, but it should allow the one address that you have in your allowlist to be processed as expected. Any time you use the reject: syntax it will reject all traffic from that domain.
I have removed the permalink, and it is not working the suspension. It allowed from my email address to create a ticket
嗨Jozsef,因为帮助你进一步require us to inspect your account setup and to examine specific examples, could you open a ticket with us atsupport@zendesk.comso that we can investigate further? Thanks, Sean
We get a TON of spam via Zendesk tickets, and I understand that using the "Mark as Spam" option not only deletes the ticket, it suspends the user to prevent further incoming messages from adding to the noise.
My question is... when I need to add someone to the CC field on a ticket, all of those suspended people show up in the CC selection list (yes, flagged as suspended), which still makes it a pain in the butt to actually choose a "legit" customer or light agent. Is there ANY way to exclude the suspended offenders from appearing in the CC field?
Hi Shelley,
恐怕这是预期的行为,there's no workaround for this. The CC field will suggest users that are currently saved in your Zendesk, regardless if they're suspended or not. I agree that it might be convenient if suspended users will be excluded from the list; I encourage you to create a new post in theSupport Product Feedback topicin our community to engage with other users who have similar needs. Thanks Shelley!
You cannot blacklist TLDs by themselves
That's too bad, because we now get spam from @*.shop, with a constantly rotating number of domains under the .shop TLD. There is absolutely no reason why we would want to receive emails from anyone at .shop.
Hi Everyone,
Thank you for all of your questions on the blocklist / allowlist settings. We love your feedback. If you have more product feedback on this topic, we'd like to hear from you!
Please find some time to talk to our product directly athttps://calendly.com/pooja-palan/30min?back=1&month=2021-08
Thanks!
When a specific email address or domain is on the blocklist, will it prevent them from creating an account in Guide or will it just prevent them from creating tickets? We are trying to prevent certain users from commenting in our community and help articles.
We currently have our help site open to all users and use the web widget. All users can submit tickets through the web widget. They do not submit tickets through email.
Hi Melody,
The blocklist only applies to the creation of tickets, but you can also suspend a user, which prevents them from logging in (and therefore posting or commenting in your help center and community):Suspending a user
Hi,
Is there any way to update allowlist/blocklist via API?
Regards.
If I've previously added a list of end users manually, and then later put a wildcard into the blocklist, will all end user tickets be automatically rejected?
Hi Dave,
Thanks for the answer!
Is there an intelligent way to transition my help center from being completely closed down (only adding end users one at a time) to having users in allowlisted domains sign up -- without totally blocking the end users we've already added?
First Assignee UserI can't find any reference in the API docs for the blocklist either.
@...Do you have any knowledge of where one might view or modify the various blocklists via API?
First Assignee User&Plugabot, the allowlists and blocklists are not accessible via our API. For visibility to our product team, it'd be great if one of you could post to ourFeedback - Platform: Apps & Integrationstopic, using theProduct Feedback Post Templateto format your post.
Josh McCrowelllet me see what i can find out.
Hi@...,
Just a follow-up to myearlier question. Is there a way to block a domain from creating accounts? We are trying to prevent users from an entire company from commenting in our community and help articles.
I know we can suspend accounts after they are created, but am looking for a way to prevent them from being created.
Hi All ,
I am trying to block one particular email ID from creating tickets in Zendesk , but the other uses with the same domain should be able to create tickets , so will the below option work :
We often have users forward "DELIVERY FAILED" messages asking the IT team to investigate them. Is there any way we can unblock these, instead of manually restoring them?
With the recent update where in the wildcard (*) in the blocklist is now for all channels (not just email).
For everyone who are using
(*)
in their blocklist setting and also have custom webforms / API integrations which were previously working regardless of the (*), will now need to be added to the allowlist.Suggestion is to leverage
allowlist
to allow anything that we do not want to block.+1 to Gaurav's question. I'm trying to block one specific user email address from a domain but allow all other users from that same domain to create tickets. However, I get the following message:
Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organisations:reject:donotreply@email.com
Please help!
This warning would happen in this circumstances (blacklisting) if there is an existent Organization with that name "email" and probably the domain is on the allowing list. Ex: In Organizations > find the Organization in question > Remove the allowed domain.
I hope this helps.
Best,
Thanks for the response Fabricio but it doesn't answer what I need.
For my screenshot below, I want to ensure all users from Test Organisation with an email domain @email.com can create tickets in ZenDesk however, I want to block one specific user from this organisation,donotreply@email.comfrom creating tickets. Seems ZenDesk cannot do this or am I missing something?
Want to confirm as it's not really clear. If I want to only accept issues from the folks with specific domains, I need to do the following:
1. Turn off this option
2. Add the allowed users domains to this list
Thanks in advance
Hello Jed, thank you for your question!
That is correct, you will need to disable the "anybody can submit tickets" option, enter the email domains you wish to be able to contact you, and also, enter a "*" symbol on the blocklist, so that all other email domains are blocked, like the example on this article:
I hope that was helpful!
I am also interested inMicheál McArdlecomment/question, can someone at Zendesk, please respond?
Hi
Is it possible to send an automatic email response for suspended users? At the moment they can send us emails, but we will not receive them and the user is not aware, that we did not receive their email. It would be great if there would be an automatic email sent to the user, that he is not allowed to open tickets or to send emails to this email address.
is this something we could solve with triggers?
thanks for any suggestions.
HiAd Astra,
Have you already followed the steps in "Approve a domain, but reject specific email addresses and domains within it"? If you did and the issue persisted, you candirectly contact supportand we'll help out to determine what could be causing it
Pleasesign into leave a comment.