This document describes how to set up the Sender Policy Framework (SPF) record for messages from Cisco Registered Envelope Service (CRES).
Why does SPF verification fail for replies to encrypted messages or for emails sent directly from within CRES?
For emails sent from CRES (secure reply or secure compose emails), the SPF verification fails at the recipient end. The reason is because secure compose and secure replies are generated and delivered out of the hosted key servers. The outgoing IP address will not match the listed IP addresses at the recipients end. In order to solve this problem, add this statement to the SPF record of your domain: