Thank you for the detailed and helpful reply.

Actually, we do not advise staff of ourinstance@service-now.com either but the servicedesk@companydomain.com. 

It is definitely safer to have one email account for triggering the actions, at least the incoming emails will be screened before the redirect is launched.

I will edit the Inbound Email Action to be triggered with various email address in From field and leave the condition To as servicedesk@companydomain.com only.