Is there way to only use "trusted domains" or "whitelisting" feature for outbound email?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2018 05:51 AM
Is it possible to configure our instance so that emails are only sent to specific domains i.e. @nationwide.co.uk, @capgemini.co.uk, etc
i.e. we want to restrict the system so emails are only sent to a 'whitelisted' group of email domains, is this possible?
We logged a HI ticket and were advised:
" I'm afraid the platform doesn't currently offer a "trusted domains" or "whitelisting" feature for outbound email, but this is definitely something you can achieve via scripting. I would look into alternatives such as creating a business rule that would run on [sys_email] before INSERTS, and evaluate whether to proceed with triggering the notification based on a pre-defined list of allowed domains."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2018 06:18 AM
Hi Mike,
I am afraid that for Outbound, we don't have any Trusted Domain whitelist, whereas we do have that for Inbound email. Please find below screenshot of Email Properties:
In order to do so, you will definitely have to write a script/Business Rule, based on certain conditions of "Email ID" and call events to trigger notification such as gs.addEventQueue() method.
Please find below links that might help you:
Please mark my answer as Correct/Helpful in case that helps.
Regards,
Vishrut

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2018 06:22 AM
I'm curious - what is the business use case for this? If YOU are in charge sending the email, then what's the danger in sending it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2019 10:31 AM
MikeJ,
Follow this link for a solution to your issue. ServiceNow really do need to add this in OOTB, users unfortunately cannot always be trusted to follow best practice and then you get potential data leaks, and relying on your corporate email team to help with this isn't always ideal:
Hope this helps
Paul
Regards
Paul