Skip to main content

Hi, we already use whitelisting to prevent any email address logging tickets via the portal but how do others prevent impersonation either for malicious purposes (password resets) or from outsiders for the purposes of spamming the ticket queue?  

Any other thoughts on the area around securing the portal? Our primary concern is impersonation but also spam volumes.

I’ve even seen a forum article in this community about solution articles feedback being used as a spam route in

Hi.

The suggestion would be to place an anti-spam solution in front of your email domain.

 

I guess you must have already checked these:

Moving tickets from a specific requester to spam. : Freshservice

Setup Automation to send Emails from Specific email to Spam : Freshservice

 

Regards,


Hi.

The suggestion would be to place an anti-spam solution in front of your email domain.

 

I guess you must have already checked these:

Moving tickets from a specific requester to spam. : Freshservice

Setup Automation to send Emails from Specific email to Spam : Freshservice

 

Regards,

Yes thanks Elvis, we’re not as worried about just external email spam coming in, we can filter most of that out and unless it’s coming from a trusted domain it won’t create a ticket anyway.  It’s more the impersonation risk within the support portal if you allow any action without logging into the portal.  Do others always end up setting User Permissions on the portal to ‘logged in users’ ?  We’re thinking external phishing where a 3rd party tries to get a password reset for a live user by logging a ticket on the portal as them and giving a phone number as a contact method for the service desk. 


Hi.

The suggestion would be to place an anti-spam solution in front of your email domain.

 

I guess you must have already checked these:

Moving tickets from a specific requester to spam. : Freshservice

Setup Automation to send Emails from Specific email to Spam : Freshservice

 

Regards,

Yes thanks Elvis, we’re not as worried about just external email spam coming in, we can filter most of that out and unless it’s coming from a trusted domain it won’t create a ticket anyway.  It’s more the impersonation risk within the support portal if you allow any action without logging into the portal.  Do others always end up setting User Permissions on the portal to ‘logged in users’ ?  We’re thinking external phishing where a 3rd party tries to get a password reset for a live user by logging a ticket on the portal as them and giving a phone number as a contact method for the service desk. 

Hi. Yes, logged in users would be your best option for this concern.

 

Regards,


Reply