DMARC Policy Enforcement for Inbound MailIssue Concerns about how ServiceNow handles emails forwarded to the platform from their organization’s domain. Specifically, they are concerned about whether ServiceNow enforces DMARC policies, particularly if their organization moves to a DMARC "reject" policy in DNS.CauseCustomer are unsure whether ServiceNow enforces DMARC policies for inbound mail. They are concerned that mail forwarding breaks DKIM, which could lead to issues if they move to a DMARC "reject" policy in DNS.ResolutionIn our current design, we do not automatically reject inbound emails that fail SPF (Sender Policy Framework) checks based on the email's SPF or DMARC policy. This approach allows for a more flexible and nuanced handling of email transactions, particularly in cases where SPF or DMARC failures are not indicative of malicious intent or spam. SPF Failure Processing and Header Insertion While we do not reject emails that fail SPF, we do add specific headers to the email to signal that an SPF failure has occurred. This provides transparency for the recipient system to assess and act on the failure, if desired. The inclusion of these headers is crucial for enabling recipients to make informed decisions about the trustworthiness of the message. Example: X-ServiceNow-Spam-Status:No, score=5.085 tagged_above=-999 required=6.2 tests=[BAYES_50=0.8, FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001, RDNS_NONE=0.793, SPF_SOFTFAIL=3.5, T_SCC_BODY_TEXT_LINE=-0.01] A failed spf adds an added spamscore of 3.5. We recommend tuning email filters to fit customers need.