On 20/01/2026 10:31, Suresh Ramasubramanian wrote:
It is a Google groups issue if that is the case but it is also a zendesk issue, if they’ve gone and set their ticketing system up so that anyone at all other than the originator of a ticket or zendesk support staff can update the ticket and have it send out email. That is the ticketing system version of an open relay.
OK. I've not seen that. All the ones I've seen have been auto-replies thanking "us" for sending in a support request.
But, if a Google Group email address sends a ticket, then that Google Group email address can update the ticket. If ZenDesk then sends back the updates to the ticket originator, then that's probably a configuration issue by the company using ZenDesk. That's not a specific ZenDesk issue, as it could happen with other ticketing software as well.
We don't use ZenDesk, but our support ticketing system lets us configure how autoreplies work. We just have it saying (essentially) "thanks for your message, we'll get back to you", but we could have it send back the whole support thread, or the last message, etc. If we did that, I suppose it would let a hacker use it as a distribution system. That's a tricky one for ZenDesk, as they could prevent their users customising the autoreply messages, but then they may lose customers to other ticketing systems that don't have that restriction.
I suppose that ZenDesk could put in place something to block Google Groups messages themselves, but is that something they should do, and it would only prevent this particular issue, other mailing list systems may be abusable in the same way.
Paul
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
