Hi all, newbie here,

I logging a call via my gmail account to our Servicedeskplus application at work. The call was logged and a new requestor was added with my name and gmail email address. This concerns me as it means we could get spammed with bogus requests via an external email address.

I am interested in the rules governing if an external email to the servicedesk email adress will result in a request being logged.

In my case I believe the call was logged because my name in Active Directory matches the same in my gmail account I used and thus Servicedesk allowed me through and automatically created the requestor record.

I also tried sending another request via my hotmail account and this one did not seem to get through.

In the self-service portal settings of the admin tab I have  

"Do you wish to provide login access to users created through email requests ?" set to no

"Do you wish to allow dynamic user addition when the user is not already imported in the application ? " set to no

I would have thought these 2 settings would have stopped what I described above.