Since then, Zendesk seems to have strengthened their system so that opening a ticket requires account activation first. Leading to today, when I’ve received thousands of signup attempt emails (again, typically one or two per Zendesk‐hosted forum). This is way more emails than I got last time. I hypothesize that the spammer is doing a “last gasp” attack: now that Zendesk has burned the exploit by no longer including the ticket text in the emails, the spammer is trying every Zendesk site it knows in hopes that some of them are slow to update and still forward the ticket text to the victim.
Also super annoying are crypto scams sent from an Italian ISP's (tiscali.it, shame on you) email service, even though I tried to contact the ISP, but that's unrelated to this.
[1]: https://gist.github.com/hampuskraft/780c8fbcc4042689153533ef...
I did a Zendesk integration shortly after working on a general overhaul of our email at a previous company. The overhaul involved separating out our different types (transactional, marketing, support, etc), and then implementing best practices on deliverability for each of them. Not your day-one email setup, but we were still a small company.
The comparison to Zendesk's approach was astounding. Assuming you don't want to use a Zendesk address (we didn't, customers thought it was dodgy), the email setup they let you do was bad, and their support folks had no idea about any of the details. DKIM, SPF, etc, was all alien to them. Ironically they had pretty bad support in general.
So basically good old fashioned "quality" enterprise shitware.
I suspect the issue is that we weren't paying enough. We had maybe 10 seats. I bet if you're buying 1000 seats a bunch of Zendesk engineers turn up and configure everything for you, but with the robust email setup needing that engineering time on their side to configure... so I guess in that way it may be Enterprise shitware.
noname120•4h ago