When a customer reports that they are receiving spam tickets, we can check the following :
What the source of the ticket is ? If it is Email, here are the checks :
- Check the Spam Score of the Incoming Email
- Obtain the Email Message Headers of the email if available. Otherwise, you can hit the XML version of the ticket URL in the browser and get the backend ticket ID.
- Use search combinations such as :
- "subject" AND "requester_email_address" or
- "backend_ticket_id" AND "INSERT" to find the event ID.
- Use the above keywords in the "freshdesk" logset in Haystack and obtain the event ID, Use the Event ID to search again to retrieve the complete ticket creation logs.
Within the logs, you can perform a browser search for the term "Parameters" to locate all the parameters sent by the email service, including the subject, from address, spam info, and more.
Check the "score\" section inside the Parameters, and it should not be more than 6 as shown below. If the score is >=6, then the ticket would automatically be marked as Spam.
- Virus filled attachments
Sometimes a customer may report that a ticket is missing in Freshdesk but received in their mailbox. In this case, we can check the logs in Sumologic using the "email address" AND "INCOMING" as the keywords matching the exact timestamp and timezone.
Look for the reason if it contains the below sentence. If yes, then we can ask the custome to check if there is some virus content in the attachment.
- Case where an email that came in is actually a spam email, but the proactive spam filter did not catch it.
When a customer mentions that a specific email is actually a spam email for them, but our Proactive spam filter did not catch it, we could fetch the ticket creation logs using the keywords mentioned in the first point, and create an L2 ticket to check with the email team to revise the spam rule for the specific account.