Introduction
This document describes Cisco Registered Envelop Service (CRES) encryption settings that are active and configured within Email Security Appliance (ESA) or via CRES websafe. It can be seen that the mail-from and message-from headers are different and DMARC alignment is verified.
Contributed by Erika Valverde Chavez, Cisco TAC Engineer.
Why do I Receive Responses From the Cisco Registered Envelope Service "via CRES <mail_delivery@res.cisco.com>"?
This is expected behavior as per the user guide in order to avoid DMARC failures. In case, the end-users fail to send secure messages through WebSafe, which includes Secure Reply, you should populate the Senders Domains to the list for DMARC workaround. Currently, it is enabled for these domains: gmail.com, yahoo.com, and aol.com. Once the domain is added to the list, the sender with an email address with this domain will be replaced with
mail_delivery@res.cisco.com with a friendly name.
Firstname Lastname <user@domain.com> via CRES <mail_delivery@res.cisco.com>
But the original sender will be added to the "Reply-to" header.
Note that it only applies to the following domains: gmail.com, yahoo.com, and aol.com
Related Information