Currently, replies from agents are sent over plain-text email without any security. Such replies may contain personally identifiable information (like specific URIs or quoted debug info from our app which have been sent together with the original request).
As I understand it, there’s no possibility to turn this off so that Zammad only sends the notification that there was a reply and not the reply body itself.
So, steps to reproduce:
- Zammad installation for external support
- User sends a request over some channel (Web form, email)
- Zammad agent sends a reply with confidential information.
Current behavior: Zammad sends the confidential information over insecure email (+ a link to the ticket).
Behavior suggestion: Zammad should send only the link to the ticket + login instructions. Then users can login (secure because HTTPS) and read the reply there.
There could be an option to switch between those two behaviors. The current behavior is fine for internal support, but I don’t want it to send insecure email to external users.