Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
Enabling email delivery using Sender Policy Framework (SPF) records to allow SN mail servers - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • Enabling email delivery using Sender Policy Framework (SPF) records to allow SN mail servers
KB0535456

Enabling email delivery using Sender Policy Framework (SPF) records to allow SN mail servers


122277 Views Last updated : May 19, 2025 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

If your company prevents email from being delivered from unknown IP addresses or uses any services that filter spam based on IP address, you can configure those services using ServiceNow's Sender Policy Framework (SPF) records. ServiceNow provides SPF records to assist with anti-spoofing or spam detection. Please ensure that your corporate email infrastructure is configured to the industry standards that are described below. This ensures that email delivery from your ServiceNow instance to your corporate email service continues, uninterrupted. 

Sender Policy Framework is standardized under RFC4408; for more information visit the OpenSPF websites:
http://www.openspf.org/FAQ
http://www.ietf.org/rfc/rfc4408.txt

The IPs for ServiceNow email servers are used only if the instance is using the ServiceNow provided SMTP account for outbound emails. If the instance is using custom SMTP instead, then it will be using the node IPs listed under "Source address used for integrations into customer network with NO VPN":
IP address information - Access and Integration

Note that while 99.9% of all outbound emails from an instance will use the email servers from that region (i.e. EMEA instances will use c.spf), and ServiceNow email servers back each other up. This means that if there are any capacity/connection issues in one Data Center, emails will be routed through another DC (i.e. EMEA instances will temporarily use b.spf or d.spf).

This will be done without any internal or public notice, and there is no way to disable this for a single instance/customer. Customers are advised to allow-list all three SPF records. IPs may get removed or added frequently to the allow-list. If needed to inspect the list, use the dig command and use the results:

dig b.spf.service-now.com

dig c.spf.service-now.com

dig d.spf.service-now.com

In case administrators do not have access to the dig command because they are on Windows, the URL http://mxtoolbox.com/spf.aspx can provide the same output as: dig <domain> TXT +short.

Resolution

ServiceNow strongly recommends to configure your mail systems to use SPF records dynamically, using your mail server's feature for automatically retrieving them. If ServiceNow moves your instance to another data center, your mail servers will still be able to receive emails from your instance.

If you run into any issues in regards to the length of your SPF TXT record please check: https://repost.aws/knowledge-center/route-53-configure-long-spf-txt-records for a resuloution.

Alternative Solution

If you are unable to configure your mail servers to dynamically use SPF records, then you must work with your Email or System Administrators to gather SPF record data manually using a series of dig terminal commands to build your Allow List. 

Skills required: 

  • Knowledge of SPF record format
  • dig or similar DNS tool.
Warning: ServiceNow reserves the right to change its SPF records structure and the hosts or IPs returned. This may impact the commands you must run and your Allow List may fall out-of-date over time, causing email issues.

While these types of updates are generally infrequent, they can and do occur. You must implement a regular process - manual or automatic - to validate the SPF data you gather against your Allow List. Regularly update your Allow List to avoid possible email issues.

Example:

This example issues an initial dig command, and based on the structure of the response, issues further queries to locate hosts and IPs.

Warning: This is only an example of commands and returned values. Work with your System Email Administrator to run the initial query and similarly follow the SPF record data to gather IP addresses at the time you read this KB article.

 

Current SPF Record

Begin with the initial query of the service-now.com domain for TXT records:

dig service-now.com TXT +short

As of this KB article's writing, the command returned the following data, which includes three a: records:

"v=spf1 a:b.spf.service-now.com a:c.spf.service-now.com a:d.spf.service-now.com"

The bolded items in the response point to a group of mail servers each (based on servers location):

b.spf.service-now.com - Canada DCs
c.spf.service-now.com - US/Europe DCs
d.spf.service-now.com - all other DCs

The list of IP addresses of mail servers for the service-now.com domain is available in the DNS A records on each of the above-listed domains. So to list them using the dig command run:

dig A b.spf.service-now.com +short # Canada DCs
dig A c.spf.service-now.com +short # US/Europe DCs
dig A d.spf.service-now.com +short # all other DCs

Please use all three results in your Allow List regardless of where your instance is located. ServiceNow may reroute email traffic through any datacenter.

SPF Query Tool:

There are many tools for testing SPF records, for example, http://www.kitterman.com/spf/validate.html

Under the section 'Is this SPF record valid - syntactically correct?' you can test if your new SPF record is syntactically correct and also if it requires more than 10 DNS lookups (before you actually publish it to DNS). 

Secondary Alternative Solution

If you are unable to configure your mail servers to dynamically use SPF records and are unable to use the necessary tools to query the ServiceNow SPF records, please run the following DNS queries and use the resultant IPs to statically define the ServiceNow mail server IP addresses in your Allow List. Please note that ServiceNow may add and/or remove IP addresses to these records at any time in the future.

To get the most updated IP address list, please use the dig command run:

dig A b.spf.service-now.com +short # Canada DCs
dig A c.spf.service-now.com +short # US/Europe DCs
dig A d.spf.service-now.com +short # all other DCs

*Please use all IPs from the three records in your allow list regardless of where your instance is located. ServiceNow may reroute email traffic through any datacenter to maintain availability.

 

Special Case - For Hybrid Singapore Customers ONLY:

Instances in Hybrid Singapore should have their outbound SMTP accounts set with the from domain @sg.service-now.com NOT @service-now.com

 

There is a separate SPF record for sg.service-now.com: 

"v=spf1 a:spf.sg.service-now.com -all"

 

NOTE: This is different from service-now.com SPF record

 

$ host spf.sg.service-now.com

spf.sg.service-now.com has address 149.96.220.3

spf.sg.service-now.com has address 149.96.221.3

 

If these IP addresses change, the change will be reflected in the SPF record, but a change in IPs is unlikely.

NOTE: If still using old SPF records after the change has been made on the data center, ServiceNow does not take any responsibility.


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.