Sending Emails to External Vendors Not in User Table & Domain Whitelisting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi Experts,
I have a requirement to send emails from ServiceNow to external vendors. These vendors are not present in the ServiceNow sys_user table, and their email addresses belong to external domains.
I would like to understand the best approach to handle this scenario:
Is there any need to configure email domain whitelisting in ServiceNow for external domains?
If yes, where and how can we configure this (e.g., Email properties, Notifications, or SMTP settings)?
Are there any best practices or security considerations when sending emails to external recipients?
Example:
Vendor email: vendor@example.com
Domain: example.com (not part of internal company domains)
I want to ensure that only trusted external domains are allowed for outbound emails.
Any guidance, configuration steps, or references would be really helpful.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi @AshishSamuD
refer the best approach from this KB: KB2894726 External email addresses cannot be automatically added to the 'User' field on an Email rec...
Resolution
If Email addresses are not present in ServiceNow "sys_user" table and/or lack corresponding "sys_user" records, then they are considered as external emails. ServiceNow does not natively support populating the Users field of a notification with external email addresses (NON "sys_user" records).
To Achieve this OOB, it requires manually populating the 'Whom to send' tab's 'Users' field in a notification.
1. Note that adding/removing external email addresses automatically in the Users field of a notification cannot be achieved out-of-the-box, as this field references ServiceNow users (sys_user records) only.
2. You may consider customization options such as:
a. Creating a custom email script to dynamically insert external email addresses at runtime.
b. Using a custom table to store external recipients, which the notification script can read from.
NOTE: Customizations are not supported by ServiceNow. Customer is responsible for any kind of customizations made on the instance.
Related Links
Refer to the community article for a similar scenario:
Set added external users/users in watchlist field to cc in email notification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
Hi @AshishSamuD ,
ServiceNow does not natively enforce outbound domain whitelisting. There may be multiple options to prepare this.
1-> you may request for an SMTP- level enforcement, most secure approach for regulated environment.
you might need to configure rules in exchange transport rules, SES policies, Secure mail gateway.
2-> you may choose to write a script based domain validation like BR before sending an email, but it may be painful considering the amount of emails going out of ServiceNow.
Hope so it helps
