Email Verification?

I just submitted a bug report from the VTT and something happened I'd never seen before, I received an email asking me to confirm my email by clicking a link. Now I'm very suspicious of "click this link" emails; it's one of the primary phishing attack methods, but the timing was right.  And examing the email showed that it came from Zendesk, which I believe Roll20 uses.  And the link itself seemed innoucuous. So, in a new browser window I tried the link, and received a short message that my suspended ticket would be released. A bit of googling turned up that Zendesk apparently made a change recently where "anonymous" tickets would have their email verified, and that Zendesk users should notifiy their customers to avoid surprises.  So I'm thinking that's what happened, although I've seen no such notification from Roll20. Note: I was logged into Roll20 (I was in a game using the VTT), but I'm probably "anonymous" to zendesk since I don't log in to that ever. Shortly after I clicked the link, I received the usual "Bug Report Received" email, quite a bit later than usual, which tends to confirm it was real. Does anyone know if this is what's really going on?  And did Roll20 give us a heads-up that I missed, or is this just more of their usual inability to communicate?

Hi Ken S.,&nbsp; It is 100% legitimate. This is a change Zendesk made for security reasons. It is not a Roll20 specific change. Here is a link talking about it:&nbsp; <a href="https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests" rel="nofollow">https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests</a>

Thanks, that's very good to have confirmed.

Gauss said: Hi Ken S.,&nbsp; It is 100% legitimate. This is a change Zendesk made for security reasons. It is not a Roll20 specific change. Here is a link talking about it:&nbsp; <a href="https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests" rel="nofollow">https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests</a> Are those requests "really" anonymous if you open a ticket while signed-in to Roll20 and using the exact same Mail-Address linked to the account?

I'll note that "anonymous" was Zendesk's word, I was just quoting it.&nbsp; And I don't believe roll20 ever said bug reports were anonymous.&nbsp; I've never assumed they were since I get email from them asking for clarifications on most of my bug reports. In my original I put "anonymous" in quotes since I don't believe it's anonymous in any meaningful sense, just that it's "unknown to zendesk since the poster has no zendesk account".&nbsp; It's almost certainly possible for someone in roll20 to link it back to the requester since I made my initial bug report through a roll20 account.&nbsp; And zendesk sent me the request, so they obviously know my email also. Since it is (apparently, though I've yet to see anything from roll20 confirming that) a legit email on behalf of zendesk's customer, roll20, confirming a known email, I read this request as "are you the person who just sent us a request, if not please let us know someone's spoofing your email".

Email Addresses are spoofed constantly these days. Verification is the only way around that. TheMarkus1204 said: Gauss said: Hi Ken S.,&nbsp; It is 100% legitimate. This is a change Zendesk made for security reasons. It is not a Roll20 specific change. Here is a link talking about it:&nbsp; <a href="https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests" rel="nofollow">https://support.zendesk.com/hc/en-us/articles/10360295453082-Announcing-verification-for-anonymous-help-center-requests</a> Are those requests "really" anonymous if you open a ticket while signed-in to Roll20 and using the exact same Mail-Address linked to the account?