Notifications

31356 views

Description

If your company prevents email from being delivered from unknown IP addresses or uses any services that filter spam based on IP address, you can configure those services using ServiceNow's Sender Policy Framework (SPF) records. ServiceNow provides SPF records to assist with anti-spoofing or spam detection. Please ensure that your corporate email infrastructure is configured to the industry standards that are described below. This ensures that email delivery from your ServiceNow instance to your corporate email service continues, uninterrupted. 

Sender Policy Framework is standardized under RFC4408; for more information, please visit the OpenSPF web site: http://www.openspf.org/FAQ or http://www.ietf.org/rfc/rfc4408.txt.

Resolution

ServiceNow strongly recommends that you configure your mail system to use SPF records dynamically, using your mail server's feature for automatically retrieving them. If ServiceNow moves your instance to another datacenter, your mail servers will still be able to receive emails from your instance.

Alternative Solution

If you are unable to configure your mail servers to dynamically use SPF records, then you must work with your Email or System Administrators to gather SPF record data manually using a series of dig terminal commands to build your whitelist. 

Skills required: 

  • Knowledge of SPF record format
  • Ability to use the dig command-line tool.
Warning: ServiceNow reserves the right to change its SPF records structure and the hosts or IPs returned. This may impact the commands you must run and your whitelist may fall out-of-date over time, causing email issues.

While these types of updates are generally infrequent, they can and do occur. You must implement a regular process - manual or automatic - to validate the SPF data you gather against your whitelist. Regularly update your whitelist to avoid possible email issues.

Example:

This example issues an initial dig command, and based on the structure of the response, issues further queries to locate hosts and IPs.

Warning: This is only an example of commands and returned values. Work with your System Email Administrator to run the initial query and similarly follow the SPF record data to gather IP addresses at the time you read this KB article.

Begin with the initial query of the service-now.com domain for TXT records:

dig service-now.com TXT +short

As of this KB article's writing, the command returned the following data, which includes an mx and three a: records:

"v=spf1 mx a:b.spf.service-now.com a:c.spf.service-now.com a:d.spf.service-now.com"

The bolded items in the response point to a group of mail servers each (based on servers location):

b.spf.service-now.com - Canada DCs

c.spf.service-now.com - US/Europe DCs

d.spf.service-now.com - all other DCs

SPF Query Tool:

There are many tools for testing SPF records, for example, http://www.kitterman.com/spf/validate.html

Under the section 'Is this SPF record valid - syntactically correct?' you can test if your new SPF record is syntactically correct and also if it requires more than 10 DNS lookups (before you actually publish it to DNS). 

Secondary Alternative Solution

If you are unable to configure your mail servers to dynamically use SPF records for some reason and are unable to use the necessary tools to query the ServiceNow SPF records the following IPs can be used by your organization's Systems or Email Administrators to statically white list the ServiceNow IP addresses.

IP White List by Region:

Canada datacenters

  • 149.96.5.2
  • 149.96.5.3
  • 149.96.5.6
  • 149.96.5.7
  • 149.96.6.2
  • 149.96.6.3
  • 149.96.6.6
  • 149.96.6.7
  • 199.91.136.28
  • 199.91.140.28

US/Europe datacenters:

  • 149.96.13.2
  • 149.96.14.2
  • 149.96.3.26
  • 149.96.4.26
  • 199.91.136.26
  • 199.91.136.28
  • 199.91.137.26
  • 199.91.140.26
  • 199.91.140.28
  • 37.98.232.12
  • 37.98.232.26
  • 37.98.234.2
  • 37.98.235.2

All other datacenters

  • 103.23.64.2
  • 103.23.65.2
  • 103.23.66.26
  • 103.23.67.26
  • 149.96.1.26
  • 149.96.132.2
  • 149.96.133.2
  • 149.96.194.2
  • 149.96.195.2
  • 149.96.2.26
  • 199.91.136.28
  • 199.91.140.28

Article Information

Last Updated:2019-11-04 06:22:56
Published:2019-11-01