Introduction
This document describes Cisco Secure Email Encryption (CRES) Secure Compose restrictions introduced on September 28, 2024 when using Websafe.
Prerequisites
Understanding of Cisco Secure Email Encryption Service (formerly known as Cisco Registered Envelope Service).
Background Information
Email Encryption Secure Compose through Websafe permits external, freemail domains gmail.com, yahoo.com and so on to send encrypted emails to other non-registered freemail accounts using CRES exploiting the service capability. New changes are introduced to limit external users from sending encrypted emails without affecting business needs.
Solution
Scenario 1: Emails from External and Freemail Accounts to Corporate Accounts
Cisco Secure Email Encryption Service allows external and freemail users to send encrypted emails to all CRES-registered corporate domains.
Successful Email Delivery
Note: Cisco customers with a valid Secure Email Encryption license must contact Cisco TAC to get their domains registered.
Scenario 2: Emails from External and Freemail Accounts to Other Unregistered, External And Freemail Domains
a) Cisco Secure Email Encryption Service denies attempts to send emails to any of the 20 domains specified in Table 1.0. An error message is displayed prompting the sender to remove the recipients associated with those domains.
Top 20 Free email domain list:
Table 1.0
Gmail.com
|
Yahoo.com
|
Aol.com
|
hotmail.com
|
hotmail.co.uk
|
hotmail.fr
|
msn.com
|
yahoo.fr
|
wanadoo.fr
|
orange.fr
|
comcast.net
|
yahoo.co.uk
|
yahoo.com.br
|
yahoo.co.in
|
live.com
|
rediffmail.com
|
free.fr
|
gmx.de
|
web.de
|
yandex.ru
|
Email Delivery Denied
b) Cisco Secure Email Encryption Service silently drops emails to accounts that are Unregistered or External and not part of the specified Free Email Domain List, no error message is displayed. Navigate to Websafe > Manage Message > Search to verify all the emails sent from the Websafe Portal.
Email To Unregistered Domain
Note: External Users refers to freemail accounts and accounts that are not part of any CRES registered corporate domain.
c) Cisco Secure Email Encryption Service generates an error when attempts are made to send emails to a combination of Registered and Unregistered External Accounts, including both Listed and Unlisted Domains prompting the sender to remove only the recipients associated with the Listed Domains (refer Table 1.0). Emails to recipients of Unregistered Domains that are not part of the list is silently dropped.
CRES Error
Related Information
Cisco Secure Email Encryption Account Admin Guide
Cisco Secure Email Encryption Recipient Guide
Cisco Technical Support & Downloads