ServiceNow implementation of DMARC for Cloud Email Services


Description

ServiceNow is making use of the DMARC (RFC 7489) standard to further improve our email security. There should be no need for customers to alter any of their existing instance email configurations to take advantage of the DMARC policy. Additionally, customers should not need to alter the configurations of their email infrastructure because of the ServiceNow DMARC policy.

It may be necessary to make changes to customer email services to take full advantage of the ServiceNow DMARC policy. We advise that you contact your email administrator if desired.

Overview of DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams, and other cyber threat activities.

Once the DMARC DNS entry is published, any receiving email server can authenticate the incoming email based on the instructions published by the domain owner within the DNS entry. If the email passes the authentication it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined, or rejected.

DMARC extends two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF, or both) is employed when sending email from that domain; how to check the From: field presented to end-users; how the receiver should deal with failures - and a reporting mechanism for actions performed under those policies.

Release or Environment

All versions

Additional Information

ServiceNow's DMARC Policy

The ServiceNow DMARC policy will only apply to emails sent with a From: address which contains the @service-now.com domain. Our policy will consist of the following txt (_dmarc.service-now.com) record in the service-now.com domain.

v=DMARC1; p=none; rua=mailto:dmarcaadmin@service-now.com; ruf=mailto:dmarcfadmin@service-now.com; sp=none; fo=1; ri=86400

The Policy Explained Field by Field

Upcoming Changes to the DMARC policy

Policy Change from "none" to "quarantine"

Policy Change from "quarantine" to "reject"

What these policy changes mean to our DMARC policy

Policy: NONE
Policy: Quarantine
Policy Reject