Detailed Description
Freshdesk currently allows tickets to be created via email even when the sender is not an authorized contact. In addition, if a sender does not already exist as a contact, the platform can effectively allow that person to enter the support workflow simply by emailing in. This creates a serious control gap for organizations that need tighter governance over who can access support.
A native capability is needed so that:
- only approved, authorized contacts can create tickets via email
- unknown or unauthorized senders are blocked before a ticket is created
- new contacts cannot be created automatically from incoming emails
- contacts can only be added manually by internal teams or designated administrators
- support teams have visibility into blocked or rejected attempts for audit and review purposes
This control should ideally work at the account, customer, or organization level, so that support access is limited to a defined list of approved contacts. If an email is received from someone who is not on that list, the system should reject, quarantine, or otherwise prevent the request from entering the ticket workflow.
This is important because current workaround options are not sufficient. Domain restrictions are too broad, since many people at the same customer domain may not be authorized to engage support. Automation rules are also reactive, because the email has already generated a ticket before the rule can mark it as spam or delete it. That still creates operational noise and potential risk.
The missing control over contact creation makes the problem worse. If users can effectively establish themselves as contacts by simply sending an email, then support access is not truly restricted. For organizations with strict intake requirements, contact creation must be deliberate and controlled by the support provider, not initiated passively by inbound email.
Business Use Case
Organizations need to ensure that only verified, approved customer contacts can submit support requests. They do not want unauthorized individuals to be able to email support, generate tickets, and potentially appear as valid contacts in the system.
Without this control:
- spam tickets can enter the queue and require manual intervention
- unauthorized users can submit requests that should never reach agents
- there is a security risk of someone posing as a customer or claiming association with a client
- agents may spend time validating whether a sender is legitimate before acting
- support workflows become less secure and less efficient
- customer access governance cannot be properly enforced
In addition, many organizations need to ensure that contacts are only added intentionally by internal teams. A customer or third party should not be able to become a recognized contact simply by emailing in. Contact creation should be controlled internally so that support access remains limited to trusted, approved individuals.
For many teams, this is both an operational and security requirement. Email-based support intake should only accept requests from authorized contacts, and contact creation should be restricted to internal administrative control.
Problem Statement
Freshdesk does not currently provide a native way to restrict email ticket creation to authorized contacts only, nor does it prevent new contacts from being introduced through inbound email behavior. As a result, unauthorized users can email support, generate tickets, and create noise, operational risk, and possible security exposure.
Requested Enhancement
Provide a native control that:
- allows email ticket creation only from authorized contacts
- blocks or rejects unauthorized senders before ticket creation
- prevents automatic creation of new contacts from inbound emails
- ensures contacts can only be added manually by internal admins
- provides logging or audit visibility for blocked attempts
Impact
This is critical for preventing spam, reducing manual ticket review, improving support governance, and mitigating the risk of impersonation or unauthorized customer requests entering the support queue.