My Profile
Sign Out
Tickets
Knowledge Base
Login
Category
  2. Working with Tickets
  3. Basic Ticketing Actions

Reasons Why a Ticket Message is Marked as Suspicious and Added as Private Note

Updated:

When any unauthorized user who does not have access to the ticket replies to a ticket via email, those messages will be marked as suspicious and will be added to the private note instead of a public comment. This message will be private and not visible to the customer until an agent reviews it manually and moves it to a public comment.

In BoldDesk, once a private note is saved, it cannot be directly changed into a public reply. However, if replies come from unauthorized users through email, these messages are automatically recorded as private notes. Agents have the ability to review these notes and manually transfer the content to a public reply when necessary.

A suspicious note will be denoted by a tag Suspicious on the note, and there will be a default message appended to the note.
For example, when a user who is not authorized to update the ticket replies via email, the system flags the message as suspicious and adds it as a private note. In such cases, the following message is automatically appended to the note:

“This user is not authorized to update. As a result, the update was flagged as suspicious. If it is valid, you can convert it to a public comment.”

This message helps agents quickly identify unauthorized replies and decide whether to move them to public comments.

Suspicious_Note_in_Ticket.png

When a user who is not a part of the ticket (for example, does not have permission to the ticket) replies, the suspicious note will be added. Cases in which the message will be added are listed below:

  • The user is not part of CC.
  • The user is not part of the requester company (if access to share tickets in the organization is enabled).
  • The user might have used an alternate email ID to reply to a ticket email (a different email ID than the one used for creating the ticket).
  • The user forwards an email to some other user who is not part of the ticket, and that user has replied to the ticket.
  • An attacker might have gained access to the email and replied to the ticket.

Purpose of Suspicious Note

The main purpose of the suspicious notes is to prevent security flaws. Sometimes an attacker may gain access to the email and reply to a ticket to gain access. If this comment is considered a public comment directly instead of being marked suspicious, it will add the attacker’s email to the ticket loop and consider that user as part of the ticket, which will create a security flaw. This feature is implemented to avoid this flaw and not allow any unauthorized user to have access to the ticket via email.

Convert to Public Comment

When the agent finds that the suspicious message is valid, it can be moved to a public comment.

To move the suspicious messages to a public comment, follow the given steps:

  1. Select the Move comment to public option to open a dialog box.

    Option_of_moving_a_suspicious_comment_to_a_public_comment.png

  2. Select Move to move the suspicious messages to a public comment.

    The_move_button_that_officially_enables_the_movement_of_a_private_comment_to_a_public_comment.png

  • The comment is moved from private to public and will be visible to the end-user.
  • The end-user will be notified by email.

How to Convert a Suspicious Note to a Public Comment Without Notifying the Contact

By default, when a suspicious note is moved to a public comment, the contact receives an email notification, and the message is posted with the time of moving the private message to public, not the time the client sent the message. If you want to avoid sending this notification, follow these steps:

  1. Set the ticket’s visibility to Private.
    This ensures that any changes made to the ticket, including comment updates, do not trigger email notifications to the contact.

  2. Move the suspicious note to a public comment.
    The note will be converted and made public, but no email will be sent because the ticket is currently private.

  3. Change the ticket visibility back to Public.
    Once the comment has been successfully moved, you can restore the ticket’s visibility to resume normal operations.

Configuring Email Response Permission Checks

You also have the option to disable this restriction by checking the box, such that all emails sent from anyone who is not part of the ticket will not be marked as suspicious (added as public reply). However, when unchecked, the system will check permissions and add replies from unauthorized senders as private notes. The Disable Reply Email Permission Check setting determines whether permission checks are applied to email responses.

Configuring_Email_Response_Permission_Checks.png

Enabled: The system does not verify sender permissions. All email replies will be posted as public comments, regardless of the sender’s access.

Disabled: The system verifies sender permissions. If the sender is unauthorized, their response will be marked as suspicious and added as a private note instead of a public comment.

Troubleshooting

Unauthorized email replies are showing as public comments

Check whether Disable Reply Email Permission Check is Enabled. When enabled, BoldDesk does not verify sender permissions and posts all replies publicly.

Agents see a private note but the requester/contact cannot see the content

  • Confirm the note is tagged Suspicious and is a private note.
  • If the content should be visible, use Move comment to public.

Contact received an email notification when an agent moved a suspicious note to public

  • This is expected behavior by default.
  • To avoid notification, set ticket visibility to Private, move the note to public, then set visibility back to Public.

Customer-visible timestamp does not match the original email reply time

This is expected: the customer sees the time the note was moved to public, not the time the email was received.

Frequently Asked Questions

  1. What is a suspicious note in BoldDesk?
    A suspicious note is a private note created when BoldDesk receives an email reply from a sender who is not authorized to access or update the ticket.

  2. Will the requester/contact see a suspicious note?
    No. Suspicious notes are private and not visible to the requester/contact unless an agent moves the content to a public comment.

  3. How does BoldDesk decide a sender is unauthorized?
    BoldDesk checks whether the sender is considered part of the ticket (examples include requester, CC, or other authorized participation described in this article). Replies from alternate email addresses or forwarded recipients can be flagged.

  4. How do agents convert a suspicious note into a public comment?
    Use Move comment to public, then click Move in the dialog.

  5. What happens after an agent moves a suspicious note to public?
    The content becomes visible to the requester/contact, and the requester/contact is notified by email.

  6. Can agents make the suspicious content public without sending an email notification?
    Yes. Temporarily set the ticket visibility to Private, move the note to public, then restore visibility to Public.

  7. What does the “Disable Reply Email Permission Check” setting do?
    When enabled, BoldDesk skips permission checks and posts all email replies as public comments, even if the sender is not authorized.

  8. Why does BoldDesk add a default message to suspicious notes?
    The default appended message explains that the sender is not authorized and prompts the agent to review and convert the content to public if valid.

Related Articles

  1. How to Manage Suspended Emails in BoldDesk
  2. Managing and Recovering Suspended Emails
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied
Access denied
Access denied

No articles or sections found
No articles or sections found