Scenario
You want the remote user to not get all the comment traffic from your support team by default, minimizing spam.
Solution
Make JIRA select an appropriate security level by default. This is a customization done in javascript, see below and also https://jira.atlassian.com/browse/JRA-23365
When this is done, JEMH's Event Listener can be configured to ignore any comments with a related security level (see the checkbox in an Event Listener Project Mapping). To actually notify the remote user, a conscious decision can be made to remove the comment security, letting the Event Listener notify the remote user.
Related articles