Why does SPF verification fail for replies to encrypted messages or for emails sent directly from CRES WebSafe?

Available Languages

Download Options

  • PDF     (36.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (88.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (75.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 2, 2021
Document ID:118689

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to set up the Sender Policy Framework (SPF) record for messages from Cisco Registered Envelope Service (CRES). 

Why does SPF verification fail for replies to encrypted messages or for emails sent directly from CRES WebSafe?

For emails sent from CRES (secure reply or secure compose emails), the SPF verification fails at the recipient end. The reason is that secure compose and secure replies are generated and delivered out of the hosted key servers. The outgoing IP address will not match the listed IP addresses at the recipients' end. In order to solve this problem, add this statement to the SPF record of your domain:

include:res.cisco.com
TAC Authored

Contributed by Cisco Engineers

  • Jai Gill
    Cisco TAC Engineer
  • Enrico Werner
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products