Solution for Controlled Email Domain Whitelisting Without Using sys_email.

AshishSamuD
Tera Contributor

an hour ago

We have 3 tables i.e. 'sys_user', 'sys_user_group' and 'sysauto_report'. Each will have email address field. The email can be accessed through 'sys_user.email', 'sys_user_group.email' and 'sysauto_report.email_addresses'. The scenario is any email address that we mention through the above configuration, it should be whitelisted and a mail should be sent to the mentioned email address.
Apart from that, in Flow Designer, the Send Email action allows direct input of email addresses Currently, there are no restrictions i.e. Emails can be sent to any external address. 
Maintaining a static domain whitelist is not practical due to constant changes. Therefore, a dynamic whitelist is built from existing data sources. 
But there is a critical issue and i.e. by including 'sys_email', any previously used domain becomes automatically whitelisted and this effectively results in no restriction at all. Please provide the solution for above scenario.

0 Helpfuls
  • 116 Views
2 REPLIES 2

Tanushree Maiti
Mega Patron

42m ago

Hi @AshishSamuD 

 

Instead of filtering via different tables , to control outbound emails at the system level ,

You can try with a Before - Insert/Update Business Rule.

 

  1. Navigate to System Definition > Business Rules and click New.
  2. Table: sys_email
  3. When: Before
  4. Insert/Update: Checked
  5. Condition: Type is send-ready

Sample code/Not tested:

 

(function executeRule(current, previous /*null when async*/) {

    var recipient = current.recipient.toString();

    var isWhitelisted = false;

 

    var userGr = new GlideRecord('sys_user');

    userGr.addQuery('email', recipient);

    userGr.addActiveQuery();

    userGr.query();

    if (userGr.hasNext()) {

        isWhitelisted = true;

    }

    if (!isWhitelisted) {

        var groupGr = new GlideRecord('sys_user_group');

        groupGr.addQuery('email', recipient);

        groupGr.query();

        if (groupGr.hasNext()) {

            isWhitelisted = true;

        }

    }

    if (!isWhitelisted) {

        var reportGr = new GlideRecord('sysauto_report');

        reportGr.addQuery('email_addresses', 'CONTAINS', recipient);

        reportGr.query();

        if (reportGr.hasNext()) {

            isWhitelisted = true;

        }

    }

 

    if (!isWhitelisted) {

        current.setAbortAction(true);

        gs.log("Outbound email is prevented for " + recipient + " as it is not whitelisted in sys_user, sys_user_group, or sysauto_report.");

    }

})(current, previous);

 

 

 

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

AshishSamuD
Tera Contributor
In response to Tanushree Maiti

34m ago

Please provide the solution for flow designer scenario as well.

0 Helpfuls