The compose feature can be set up to only send to a specified list of internal domains. Go to Encryption Advanced --> Configuration. At the very bottom of the page, check the "Enable Compose to Internal" box, and put a comma separated list of your domains in the "Internal Domain List". This will limit any comosed messages to users in your domains.
Thanks, I guess it pays to scroll down once and ahwile. - Is there any way to limit the compose feature if you don't want the static URL enabled?
Right now, Compose is only enabled under the Message Composition Configuration section...
This would mean that a recipient could only compose a new message if they were currently viewing a message that was pushed to them earlier. But at least it allows them to add a few internal recipients instead of just a simple reply.
By the way, shouldnt the SWD prompt for credentials rather than just logging a user on without any proof of identity other than an email address???
I erased all cookies and other browser data just to be sure that wasn't bypassing a prompt for users credentials of some sort.
FYI: I found that the user doesnt even need to provide a valid email address to "login" to the swd when the compose to internal option is enabled... I can enter email@example.com and it will let me compose to internal addresses without first prompting me for any proof of identity, security questions or pre-provisioning.