Welcome to Community Week 2025! Join us to learn, connect, and be recognized as we celebrate the spirit of Community and the power of AI. Get the details  

Allow one domain to create a record prducer

Menalik
Tera Contributor

2 hours ago

How would I only allow our domain to create records? There was an incident where a vendor's email was hacked and emailed our instance which generated a ticket with a suspicious attachment.

0 Helpfuls
  • 62 Views
2 REPLIES 2

Anupam1
Kilo Guru

43m ago

Hi @Menalik ,

 

To restrict record creation to only your organization's email domain, configure an inbound email filter or condition in your Inbound Email Actions to validate the sender's domain before allowing ticket creation. This prevents unauthorized or compromised external emails from generating records.

 

Recommended Approach: Restrict Inbound Email by Domain

  1. Use Email Address Filters

ServiceNow allows you to define whitelist or blacklist filters for inbound emails.

  • Navigate to: System Mailboxes > Administration > Email Address Filters
  • Create a filter like:
    • Type: Whitelist
    • Email Address: *@yourcompany.com

This ensures only emails from your domain are processed.

 

2.  Add a Condition to Inbound Email Action

If you're using Inbound Email Actions to create incidents or other records:

  • Go to: System Policy > Inbound Email Actions
  • Open the relevant action (e.g., “Create Incident”)
  • Add a condition like:

email.from.toLowerCase().indexOf("@yourcompany.com") > -1

This ensures the action only runs if the sender is from your domain.

 

3.  Use a Scripted Filter for More Control

For advanced filtering, use a script in the Inbound Email Action Condition field:

(function runAction(email, email_action, event) {

    var allowedDomain = "@yourcompany.com";

    var sender = email.from.toLowerCase();

    if (sender.endsWith(allowedDomain)) {

        return true;

    }

    return false;

})(email, email_action, event);

This blocks all other domains from triggering record creation.

 

Optional Enhancements

  • Log blocked attempts for audit purposes.
  • Send auto-reply to external senders explaining the restriction.
  • Scan attachments using a security integration (e.g., VirusTotal or sandboxing tools).

 

Why This Matters

  • Prevents phishing or malware from triggering automated workflows.
  • Reduces noise and risk from compromised vendor accounts.
  • Ensures data integrity by limiting trusted sources.

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

 

Thanks,

Anupam.

 

 

0 Helpfuls

SVimes
Kilo Sage

14m ago

I can see there is a domain field on inbound email actions which you could potentially leverage. Additionally, you could update conditions so it would only process for users under a specified domain.

 

This information may be especially useful to you:

https://www.servicenow.com/docs/bundle/zurich-platform-administration/page/administer/notification/c...

Sable Vimes - CSA
0 Helpfuls