The spam that comes from your own support: so the ticket systems become mass relays

If you found the inbox this morning full of strange messages with issues like "Activate your account" or support notifications from companies you don't even know, you're not alone. In the last few hours, the emails generated by poorly configured customer care systems have been remultiplied, and those investigating the phenomenon point to Zendesk's instances that allow for the creation of unchecked tickets.

The mechanics is simple and at the same time dangerous: many customer service platforms automatically send a confirmation mail to the address that is introduced in a support form. If this form accepts unrestricted entries, an attacker can send thousands of requests with foreign addresses and cause legitimate business servers to send mail avalanches to third parties. This perverse use of legitimate portals explains why messages manage to draw spam filters and land directly on the main tray.

Researchers and users on social networks have documented the new wave. Security specialist Jonathan Leitschuh shared in its publication in LinkedIn how your mail was used to inundate ticket systems across the Internet, and several X accounts have shown examples of the content and speed of the messages. The specialized press itself already connected this revival with a previous campaign in January that affected multiple companies; in that episode it was shown that instances of Zendesk could become "relays" of spam by accepting unrestricted ticket requests, according to technical reports published in media such as BleepingComputer.

Zendesk recognized the problem earlier and published customer notices explaining the abuse it calls "relax spam." A technical statement available at your help center describes steps and good practices to mitigate this type of abuse, such as restricting who can create tickets and remove position markers that allow you to send emails to any address. You can read his recommendations in Zendesk's official note about the incident in your supporting article and in the practical guides on how to limit the creation of tickets and fight spam: Permissions to create tickets and tips to protect your business.

What does this mean for users? First, that the presence of a logo or a company's domain in a mail does not guarantee that the message is legitimate: in this particular case, companies are not sending a targeted fraud, but their own support systems are being manipulated to send mass confirmations. Still, it is appropriate to keep the usual caution: avoid pressing links or downloading unexpected email attachments, check headers if you know how to do it and mark repeated shipments as spam. If the avalanche comes from a service you recognize as a customer, a quick call or a search in the company's official account usually confirms whether it is a known error.

For administrators and security equipment that manage support portals, the priority is to review the configuration. Limit the creation of tickets to verified users, implement rate limiting, enable captches and review templates that accept any direction as a position marker greatly reduces the abuse surface. It is also recommended to activate unusual activity alerts and coordinate with the supplier to apply additional controls on atypical traffic peaks. Zendesk claims to have deployed monitoring and additional limits after previous incidents, but the performance blows show that the battle between platform operators and abusers may require continuous adjustments.

From the industry perspective, the episode recalls that services that manage legitimate communications - marketing platforms, reporting systems, mail providers - can unintentionally become abuse amplifiers if their controls are laxity. It is a wake-up call for companies to review the integration and policies by default that often prioritize ease of use over safety. A reasonable reinforcement of authentication and verification at the entry points prevents massive inconvenience to other customers and protects the reputation of the sender himself.

Meanwhile, media and experts continue to document the activity and call for transparency on the measures taken. If you want to follow one of the sources that collected the first signs of the reoutbreak you can see the follow-up of BleepingComputer mentioned above, or see the publications of users who shared catches and examples in networks such as X and LinkedIn to understand the magnitude of the problem.

In short, the repetition of these waves forces to maintain two clear lines: on the one hand, the prudence of the end user to unexpected emails; on the other, the technical responsibility of the companies to close the doors that allow to convert legitimate portals into spam relays. Until the protections are universal and robust, we are likely to see more similar episodes, and collaboration between suppliers, security teams and users will remain the best defense.