I only just set up Zammad on my server. It’s so simple and friendly on admins, agents and users, great first impression!
I noticed that anyone is able to create tickets just by sending an email to the address registered with Zammad, no further verification seems necessary.
I guess the first thing that comes to mind here is unsolicited emails. You could have a spam check right on your server but the risk is for false positives to just never even arrive in your Zammad inbox so that doesn’t seem like a good idea. It would be safer to have this function in Zammad directly.
Personally, I don’t see the need to deal with complex spam rules and false positives, I’d much rather just restrict ticket creation to properly registered users. If someone registered through the web form, or was manually set up by me, they should be allowed to send support requests via email. If not, I would like for them to receive an automatic reply informing them of this requirement.
With an open source solution, obviously everything is possible. But is there a recommended way to achieve my goal?