- Zendesk spam campaign persists despite new security features
- Attackers abuse support ticket confirmations to flood inboxes with strange, non-malicious emails
- Alleged DoS attack overwhelms Zendesk systems; The company admits that more protections are needed.
It seems that Zendesk’s recently introduced security features to address spam are not working, because the strange spam campaign continues to this day.
beepcomputer Reported users are once again being bombarded by dozens, even hundreds, of automated emails being sent through various companies’ unsecured Zendesk support systems.
All emails are just strange: strange subject lines, strange content. They do not contain malware or links to phishing pages. Some people think this is actually a denial of service (DoS) attack against Zendesk, which makes sense: if the company’s servers are overloaded sending fake emails, they can’t send legitimate messages.
Take steps to address the problem
“Someone is DDoSing Zendesk support ticketing systems and other online account creation processes with my email right now. Does anyone know what the attacker is hoping to accomplish here?” one user posted.
Zendesk is a customer service and support software platform that helps businesses manage customer communication. Among its features is the ability to allow unverified users to submit support tickets which, when that happens, automatically generates a confirmation email and sends it to the email the user entered.
The attacks were first detected in late January 2026, when hackers combed through huge lists of email addresses and created countless fake support tickets, turning Zendesk features into a massive spam tool. Since emails originate from a legitimate Zendesk system, they bypass most spam filters and land directly in people’s inboxes.
At the time, the company told media that it addressed the issue by introducing new security features.
“We have introduced new security features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly,” the company said. “We want to assure everyone that we are actively taking steps (and continually improving) to protect our platform and our users.”
It would seem that Zendesk needs to take even more action.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
