Mini tutorial: create anti-spam rules automatically

So Zammad has this nifty little example macro “Close & Tag as Spam”. But what do we do with those tickets? Here is a solution that might work for you.

Disclaimer: please don’t use the below example in a production environment without fully understanding the details. No warranty. Use at your own risk!

1.) Create a user to access the REST API

First, we will create a user with the permission to only administrate the e-mail-settings.

  • Create role “Spam conductor”
  • Grant permission to “channel_email”
  • Add user “MC Spam”
  • Grant role “Spam conductor”

2.) Create webhook

Secondly, we will create a webhook, that is capable of creating e-mail-filters.

“New webhook”

Replace the hostname with a valid URL of your instance. Use the e-mail-address/login of the previously created user.


Custom payload:

  "name": "Spam Autorule for #{}",
  "channel": "email",
  "match": {
    "from": {
      "operator": "contains",
      "value": "#{}"
  "perform": {
    "x-zammad-ignore": {
      "value": true
  "note": "x",
  "active": true

3.) Create scheduler

Now we will create a scheduler, that deletes the spam tickets after a while and creates the e-mail-filter using the webhook.

“New scheduler”

Your spam tickets will be deleted after 3 weeks and email filters will ignore incoming mails from the same sender.


Isn’t it a better way to filter the spam before it reaches the zammad instance? This filter might only work, if the spammer uses the same email address each time spam is sended. But that is imho not the daily reality.

100% agree! This is not a replacement for spam filtering on the email server. Zammad email filters are not meant to handle that on a larger scale.

Further actions could be to regularly check the created email filters and adjust the server-side spam protection based on that. And maybe remove the filters after that.

1 Like

The webhook is not called anymore, if in the same step the ticket is deleted. I will update the tutorial soon™️.

Would appreciate that update :slight_smile: