As it involved data privacy, so the screenshot will blur the personal information, today one of our client feedback they received an email in CRM system, which is not their client. I checked, it is another subaccount's customer replied a form email, but it goes to their conversation.

I believe this may cause serious senstive information leak, so I contacted the zoom call directly.

The explained reason is because both subaccounts using the same agency level default email domain, and the email is both no-reply@agencydomain.com, so the system won't know which account to go to, then it will go to a random one.

Immediately I give a suggestion, actually you do not need to use no-reply@agencydomain.com, you can use a part of location ID + the business name@agencydomain.com, or you can use no-reply-[hashcode-of-location-ID]@agencydomain.com to send out the email, then when customer reply, it is easy to know it is for which subaccount.

The support suggest us to create delicated domain for each client, I told him if our clients quantity is small, we may do that, when the quantity is huge, how to do that? It is also not possible to expect all the client to do this, as long as not all client applied their own delicated email domain, this risks persist.

I hope you can consider my suggestion seriously as potential data leak for any CRM system is big issue.

Add: since the delicated domain is so important, it shall be added to the top of launchpad so at least customer know it is first priority. Although many may still not do it.