I think Zammad need stop/black list for service email addresses what are prohibited for creating new ticket.
Scenario: some spammer send mail from “support@your_company.com” address, what assigned to Zammad.
Not all SMTP servers are discard spam based on spf records, so you most definitely will receive some NDR for this spam mail. And new ticket will be created in system. And new user will be created in the system.
So, how to deal with this? Block all NDR to Zammad system on firewall/proxy/edge smtp server?
I’m absolutely not sure if this is a technical question or a feature request.
I still and proberbly always will have the opinion that mail blocking / ignoring should be handlet by your mail server.
Anyway, similar topics have been discussed on this board and the question soudns quite familiar to me:
In my humble opinion it doesn’t help to create new feature requests while ignoring the old ones and not to vote. This won’t help us in measuring the need of those wanted features. It actually (naturally) reduces the chance a feature will ever come. But that’s just my thought. No mean thoughts in it, please excuse if I’m too direct.
As product developers you are notified by many users what there is a certain problem with mail handling in Zammad.
I was reading what NDR blocking on mail server has negative effect, if it is legitimate NDR in response to Zammad outgoing mail messages. So, this way is not good.
How to deal with NDR and spam account creation is completely up to product developers, nobody knows product better than you. Since there is no easy way to delete users and their tickets, problem became more ugly, when targeted spam start poring into Zammad. Please discuss this issue with product architect/developers. You already has some e-mail filers in place, it can be easy add another setting, with service e-mail aliases, what are prohibited from creating tickets.
Thanks.