Alexander Culafi , Senior News Writer , Dark Reading January 20, 2026 3 Min Read Source: Feng Yu via Alamy Stock Photo In the past few days, multiple users have reported receiving numerous spam emails coming from a Zendesk domain, leveraging instances belonging to real companies and often bypassing email spam filters . One user on the X platform reported receiving 800 emails from different Zendesk instances, saying many bypassed iCloud's junk filters. Other users reported receiving Zendesk emails from services they'd never used. More worrying, it remains unclear how the spam emails are getting through. Company help desks being leveraged include those belonging to Live Nation, video game publisher Capcom, Tinder, and many more. The content of the emails varies, though much appears to be bogus lawsuits from major companies or legal notifications from US government agencies. The idea, as with all spam emails, is to separate users from their credentials, gain initial access, or get paid. Zendesk did not respond to a request for comment, and it's unclear exactly how many organizations and users are affected. But social platforms were rife with comments about spam attacks within companies' Zendesk instances. Zendesk Spam Hints at Possible Relay Attacks To some extent, Zendesk spam like this is not unheard of. Last month, the customer relationship management (CRM) vendor published an advisory warning of bad actors sending spam emails via Zendesk. Zendesk's Cameron Ladd wrote that attackers were leveraging relay spam. In these cases, an attacker leverages misconfigured email servers to send unsolicited emails as if the email came from an otherwise legitimate domain. For users, Zendesk recommended ignoring or deleting suspicious emails. For Zendesk customers, the company advised removing specific placeholders from first-reply triggers and permitting only added users to submit tickets. Zendesk asserted this was not tied to any kind of vulnerability or breach at the time. It is unknown if this recent wave of spam emails is part of the same issue, or if it's something else entirely. In one r/Zendesk thread on Reddit, a community team member said yesterday that Zendesk's security team was investigating . Microsoft regional director and HaveIBeenPwned founder Troy Hunt shared an email from AI research firm ElevenLabs apologizing for issues surrounding a "mass spam attack on our email ticketing system." ElevenLabs said it was working with its provider, Zendesk, to resolve the issue. Experts weighing in on social media suggest the issue is caused either by attackers abusing help desks to send spam messages to users' emails (by claiming the target is the one sending the help desk inquiry, thereby the target receives a copy of the request), or some other weakness in how certain Zendesk systems are set up. Dark Reading contacted Zendesk for additional comment. In response, a spokesperson shared the following comment, referring to the campaign as "relay spam." "We’ve introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly. We want to assure everyone that we are actively taking steps — and continuously improving — to protect our platform and users," Zendesk says. Seperately, Reliaquest reported in November that threat actors tied to Scattered Lapsus$ Hunters were potentially preparing a campaign against Zendesk environments, given a number of typosquatted and/or phishing login pages intended to harvest user credentials that had parallels with previous activity tied to the threat group. About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. See more from Alexander Culafi