First of all, I am not using CRES, but many of our clients use it. I want to know the best approach to manage all communications with our clients that use CRES.
I want to avoid using CRES webmail services to answer any CRES email. For legal and audit purposes I need all emails sent from our company stay in our email server and not in CRES webmail services. It also create a security problem because when our clients reply inside CRES webmail the information stay in this services and the email is sent from Cisco email servers, so because of that the email doesn’t pass the SPF and it’s blocked or rejected by any other domain that manage their own email server. So everytime our clients reply to an email using CRES and they copy to anyone else that are not using CRES, each email has to be recovered or unblocked.
The other problem is that most of companies that use CRES doesn’t have their SPF configured or it isn’t configured correctly because they don’t include CRES email servers authorizing Cisco to send emails for them. So how can I be sure that a CRES email is authentic?
I prefer to force email server to server encryption if they are HIPPA compliant. But sometimes it’s difficult to get in touch with someone that knows enough to do that.
Is there a way to force my clients not to use CRES to answer emails?
Is there a way that our Exchange servers from our clients to be certify by Cisco so they can receive directly the emails from CRES (We don’t have any Cisco email security appliance, so I think we cannot have a SAML Corporate account using CRES).
is there any software (for client or server like exchange server) that i can install to manage all accounts and make it transparent for the user?
Is there any explicit way that I can be sure the email came from the company they said they are? Almost anybody using this CRES have SPF or DMARK configured correctly with Cisco email servers.