S/MIME Email Encryption (Paris or Quebec)

Go to solution
MGanon
Tera Guru

‎02-26-2021 09:33 AM

Has anyone successfully configured S/MIME email encryption with ServiceNow? Is it possible that this is new Paris or Quebec functionality?

We need all email traffic encrypted during the entire flow from the ServiceNow email queue to the receiver.

The Paris ServiceNow Basic email setup | ServiceNow Docs documentation indicates that, if a customer's mail servers send and receive messages via a TLS-encrypted channel, ServiceNow mail servers supports "opportunistic TLS" but Email and SMS notifications | ServiceNow Docs also indicates that "Instances cannot send or receive encrypted email messages."

Can anyone explain the difference between supporting TLS email encryption and cannot send or receive encrypted email?

Does the lack of encryption of al traffic apply only to email using ServiceNow servers? Can the email traffic be encrypted by using a customer's email server instead?

Advanced email setup | ServiceNow Docs does not directly address encryption when it referenced using customer SMTP, POP3, &/or IMAP server(s) to send or receive email.

 

This was submitted to the Idea Portal but no resolution posted.

Many others have asked similar questions, most recently:
Email Inbound Action with Encrypted Email messages
Outbound email encryption via Secure MIME ( S/MIME...

Labels:
  • 4,216 Views
1 ACCEPTED SOLUTION

Go to solution
jason45
Kilo Guru
In response to MGanon

‎03-10-2021 12:48 AM

Hi,

TLS encryption happens during transit, if the destination mail server supports it. The email itself isn't encrypted - when it arrives at it's destination, it will not be encrypted.

ServiceNow can't encrypt your emails.

The only encryption that ServiceNow provides is for fields and attachments within the instance, if an encryption context is applied to those fields. This hasn't got anything to do with emails, though.

You could pre-encrypt your emails before sending them to ServiceNow. If you did this, you would have to add a Business Rule to save your entire email as an attachment. The reason for this, is that email could only be decrypted after downloading it from the instance - ServiceNow could not decrypt it.

One important element here is that ServiceNow will always add the body of your email to the activity log for any task-related records (incident, problem, change, etc). If it's pre-encrypted, it won't be readable, hence having to store it as an attachment and then download it to decrypt it.

I hope that this helps.

 

Jason

View solution in original post

6 REPLIES 6

Go to solution
MGanon
Tera Guru
In response to Jorge Fernandez

‎11-08-2021 07:16 AM

Sorry for the delayed response. I have not discovered anything else related to this topic.

0 Helpfuls

Go to solution
jonokoster
Tera Contributor

‎08-09-2022 05:50 PM

It looks like this feature may be coming in Tokyo.

Setting up S/MIME for email (servicenow.com)

0 Helpfuls