Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-4056

Expire Satisfaction Feedback Token

XMLWordPrintable

    • 1
    • 15
    • We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.

      Problem Definition

      In certain environments, agents have access to the inbox of the mail account that Service Desk uses for the mail channel. In this scenario, it is possible for the agent to manipulate customer satisfaction feedback ratings in the event that the customer replies to Closed\Resolved notification containing the satisfaction survey. If the reply includes the quoted body of the survey, the agent can follow the link and change the star rating.

      Suggested Solution

      Expire the feedback token after initial customer survey completion. Alternatively, disallow agent access to satisfaction feedback survey pages.

            [JSDSERVER-4056] Expire Satisfaction Feedback Token

            Sara Nicholson added a comment -

            We are having the same issue as @wwi-jeffnishi and really need a resolution that does not involve every one of our customers whitelisting the resolution email domains. I thought perhaps I could make a custom field that would be visible to customers on the ticket that asks for the rating/comments but this is not possible that I can find and Atlassian has said it is not set up out of the box to do this. 

            Sara Nicholson added a comment - We are having the same issue as @wwi-jeffnishi and really need a resolution that does not involve every one of our customers whitelisting the resolution email domains. I thought perhaps I could make a custom field that would be visible to customers on the ticket that asks for the rating/comments but this is not possible that I can find and Atlassian has said it is not set up out of the box to do this. 

            wwi-jeffnishi added a comment - - edited

            We would also like to see something along the lines of this implemented. What we have found is that certain email antimalware/antispam solutions that test URLs in sandbox are creating false satisfaction ratings. It's not reasonable to request all source domains of requesters to whitelist the resolution emails from any form of URL scanning.

             

            This behaviour can be demonstrated by entering one of the satisfaction rating tokenized links into the virustotal URL scan engine.

             

            edit to add: It should be noted that for this particular example a feature that expires the token on first use would effectively block the true reporter from being able to give a satisfaction rating as the scan that triggers the rating would occur before the mail is even delivered.

            wwi-jeffnishi added a comment - - edited We would also like to see something along the lines of this implemented. What we have found is that certain email antimalware/antispam solutions that test URLs in sandbox are creating false satisfaction ratings. It's not reasonable to request all source domains of requesters to whitelist the resolution emails from any form of URL scanning.   This behaviour can be demonstrated by entering one of the satisfaction rating tokenized links into the virustotal URL scan engine.   edit to add: It should be noted that for this particular example a feature that expires the token on first use would effectively block the true reporter from being able to give a satisfaction rating as the scan that triggers the rating would occur before the mail is even delivered.

            Sathiskumar (Inactive) added a comment - - edited

            Customer had a request to change a rating of 1 was accidentally submitted into a rating of 5 for one of the JSD ticket and would like to understand how this managed/changed.

            https://getsupport.atlassian.com/browse/PS-48581

            Sathiskumar (Inactive) added a comment - - edited Customer had a request to change a rating of 1 was accidentally submitted into a rating of 5 for one of the JSD ticket and would like to understand how this managed/changed. https://getsupport.atlassian.com/browse/PS-48581

              Unassigned Unassigned
              rgould@atlassian.com Russ Gould [Atlassian] (Inactive)
              Votes:
              20 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated: