Description
- Support for DKIM was added to the service-now.com domain in late 2017.
- With DKIM enabled, the ServiceNow (service-now.com) email servers sign outgoing messages.
- Receiving mail servers can then use a public key, published on the service-now.com DNS record, to verify the signatures on any emails sent out from the ServiceNow (service-now.com) email servers.
- Note that DKIM signing will only work for emails where the From address is <something>@service-now.com. It's not possible for customers to add DKIM DNS records to the service-now.com domain for their own domains.
- Some companies request DKIM keys so that they can send emails with from addresses such as @customer.com while using ServiceNow SMTP server. ServiceNow currently does not provide DKIM keys for customer domains. You may check with Systems Engineering to see if there is any change in this policy.
Resolution
DKIM DNS Records
Retrieving the public key from a website:
There are many websites that let you check DNS-related records such as SPF or DKIM for a domain. To check the DKIM record, you'll need these details:
Domain: service-now.com
DKIM Selector: servicenow-20170913115315
Example DNS check website: https://www.mail-tester.com/spf-dkim-check
-
Retrieving the public key at the command line:
To retrieve the DKIM public key, you can run the following command from a UNIX/MacOS computer:
dig servicenow-20170913115315._domainkey.service-now.com TXT +short
The output will be the public key as of August 2018. (Note that this key is not expected to change, although ServiceNow reserves the right to change it if required):
"v=DKIM1\;" "k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUxxcc9FGibKY8QxoD/ljxlDmmRgxPr2ElXFPMi92E+QsrpwhqnfGSM5MWc2KdZoJadPQJ5jP8J3UpNQ+sZGFt8IeWVmOQfFV8spFFXKMaH3V0rGhcCtL/DaOGfq1PWd6HbvWAjuyTUx9DjCQusFdrw9NgRRqb28F9uCcNF+OugQIDAQAB"