A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can you prevent a reply to an internal comment from becoming public?

Clemens Kleibusch
Clemens Kleibusch
March 16, 2026

Hi all,
In Jira Cloud, it is possible to reply to a ticket via email. If I write an internal comment using an @mention and the recipient replies via email, the reply to the internal comment is treated as a public comment in Jira Service Management.
That shouldn’t be the case! I would regard that as a genuine security vulnerability. 
Can I stop that from happening?
Thanks for any help!

Answer
Watch
Like Be the first to like this
87 views

1 answer

1 accepted

5 votes
Answer accepted
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 16, 2026

Hello @Clemens Kleibusch 

I do not think there is a native way to fully prevent this in JSM Cloud today.

If someone replies by email, that reply is treated as customer-facing communication, so I would not rely on @mentions in internal comments for sensitive discussion.

The practical solution Today are to keep that collaboration inside Jira only, move it outside the ticket, or use automation as a workaround to switch those comments back to internal. Atlassian already has an open feature request in this area.

https://jira.atlassian.com/browse/JSDCLOUD-3499 

PS: Take a look on this App https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official 

View More Comments
Clemens Kleibusch
Clemens Kleibusch
March 16, 2026

Hello  @Arkadiusz Wroblewski 

Thank you for your answer and the link to the ticket.

The workaround in the issue is easy to implement and at least I can use it to correct the incorrect permissions. But of course I can’t remove the notifications sent to customers, because that’s the most important piece of information for them – that they’ve received a reply!
Well, the ticket is only 10 years old, so I don’t want to be impatient...

Like Arkadiusz Wroblewski likes this
Clemens Kleibusch
Clemens Kleibusch
March 16, 2026

Hello again,

It seems impossible to me to identify the comments in question. I couldn’t find anything that marked the comment as ‘sent by email’. Because those are the only comments I want to make internal, provided a suitable role can be found for the sender.

Like
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 16, 2026

@Clemens Kleibusch 

One important caveat for this workaround though: this only changes the comment visibility in Jira afterwards. It does not undo any customer notification that may already have been sent.

For that to work Stable and on Confident level will be needed from you to rely probably on some external Apps/Mailhändler 

Like
Clemens Kleibusch
Clemens Kleibusch
March 17, 2026

Hello  @Arkadiusz Wroblewski 

Yes, I am aware of that caveat.
That is why I am considering disabling email replies in cases where no email channel has been set up. Das kann ich tun, indem ich eine ungültige Adresse angebe. Oder gibt es eine Möglichkeit das Verhalten projektweise abzuschalten?

Like
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 17, 2026

@Clemens Kleibusch 

Hallo,

ja, wenn du das projektweit unterbinden willst, würde ich nicht mit einer ungültigen Mailadresse arbeiten.

Der sauberere Weg ist, den E-Mail-Kanal im Projekt zu deaktivieren unter

Project settings → Channels & self service → Email.

Wichtig ist dabei aber:

Damit verhinderst du dann nicht nur Antworten auf interne Kommentare, sondern den kompletten E-Mail-Kanal für dieses Projekt. Das muss dir bewusst sein.

Like
Clemens Kleibusch
Clemens Kleibusch
March 17, 2026

Hallo Arkadiusz,

so ist's einfacher :D

In den meissten Projekten habe ich keinen E-Mail-Kanal aufgesetzt. Nur durch Zufall habe ich nach der Migration in die Cloud festgestellt, dass Antworten auf eine Benachrichtigung auch ohne E-Mail-Kanal funktioniert.

Danke nochmal!

Like
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 17, 2026

@Clemens Kleibusch 

Aber gerne 😊

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security