Restrict default visibility of comments to JIRA users only
Scenario
You want the remote user to not get all the comment traffic from your support team by default, minimizing spam.
Solution
Make JIRA select an appropriate security level by default. This is a customization done in javascript, see below and also https://jira.atlassian.com/browse/JRA-23365
When this is done, JEMH's Event Listener can be configured to ignore any comments with a related security level (see the Assert Security checkbox in the non-JIRA notification section of a Project Mapping in the Event Listener). To actually notify the remote user, a conscious decision can be made to remove the comment security, letting the Event Listener notify the remote user.