A fresh wave of Zendesk spam emails is hitting users across the world

News
By published

Recent Zendesk spam campaign continues

Zendesk logo
(Image credit: Shutterstock / Ken Wolter)
  • Zendesk spam campaign persists despite new safety features
  • Attackers abuse support ticket confirmations to flood inboxes with strange, non-malicious emails
  • Suspected DoS attack overwhelms Zendesk systems; company admits further protections are needed

It appears Zendesk’s newly introduced safety features to address spam aren’t working, because the bizarre spam campaign has continued to this day.

BleepingComputer reported users are once again being bombarded by dozens, hundreds even - of automated emails being sent through various companies’ unsecured Zendesk support systems.

All of the emails are just strange - strange subject lines, strange content. They are not carrying malware, or links to phishing pages. Some people think this is actually a Denial of Service (DoS) attack against Zendesk which makes sense - if the company’s servers are overloaded sending out bogus emails, they can’t send out legitimate ones.

Taking steps to address the problem

"Someone is DDoSing Zendesk support ticketing systems and other account creation processes across the internet with my email right now. Anyone know what the attacker is hoping to achieve here?”, a user posted.

Zendesk is a customer service and support software platform that helps companies manage customer communication. Among its features is the ability to allow unverified users to submit support tickets which, when that happens, automatically generates a confirmation email and sends it to the email that the user entered.

The attacks were first spotted in late January 2026, when hackers went through huge lists of email addresses and created countless fake support tickets, turning Zendesk features into a mass-spam tool. Since the emails originate from a legitimate Zendesk system, they pass most spam filters, and land directly in people’s inboxes.

At the time, the company told the media that it tackled the problem by introducing new safety features.

"We've introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly," the company said. "We want to assure everyone that we are actively taking steps - and continuously improving - to protect our platform and users."

It would appear that Zendesk needs to take even more steps.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.