Overview

Support for DKIM was added to the service-now.com domain in late 2017. With DKIM enabled, the ServiceNow (service-now.com) email servers sign outgoing messages. Receiving mail servers can then use a public key, published on the service-now.com DNS record, to verify the signatures on any emails sent out from the ServiceNow (service-now.com) email servers.

DKIM DNS Records

• Retrieving the public key from a website:

  There are many websites that let you check DNS-related records such as SPF or DKIM for a domain. To check the DKIM record, you'll need these details:

  Domain: service-now.com

  DKIM Selector: servicenow-20170913115315

  Example DNS check website: https://www.mail-tester.com/spf-dkim-check

• Retrieving the public key at the command line:

  To retrieve the DKIM public key, you can run the following command from a UNIX/MacOS computer:

  dig servicenow-20170913115315._domainkey.service-now.com TXT +short

  The output will be the public key as of August 2018. (Note that this key is not expected to change, although ServiceNow reserves the right to change it if required):

  "v=DKIM1\;" "k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUxxcc9FGibKY8QxoD/ljxlDmmRgxPr2ElXFPMi92E+QsrpwhqnfGSM5MWc2KdZoJadPQJ5jP8J3UpNQ+sZGFt8IeWVmOQfFV8spFFXKMaH3V0rGhcCtL/DaOGfq1PWd6HbvWAjuyTUx9DjCQusFdrw9NgRRqb28F9uCcNF+OugQIDAQAB"