DMARC and DKIM alignment with multiple DKIM signatures

dkim alignment dmarc

If an email contains multiple DKIM signatures as it's forwarded, how does DMARC process the DKIM alignment check?

Does ANY passing DKIM signature d= parameter have to match Header From?

or

Does the first (or last) DKIM signature d= parameter have to match Header From?

or

Does the single DKIM as indicated in the "Authentication-Results" have to pass (which may always be the last?)?

This is NOT a question of relaxed vs. strict.

Thank you!


Solution 1:

According to DMARC specification: https://www.rfc-editor.org/rfc/rfc7489

Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies.

Solution 2:

If there are multiple DKIM signatures, only one of them must align for DKIM alignment to be valid according to https://mxtoolbox.com/problem/dkim/dkim-signature-alignment

Related

What does Ansible push to the remote host?
Can't convert FLAC to MP3 with FFmpeg
How to interpret IP signs?
How do I remove unneccessary boot device options?
Map network drive and provide an alias
IPv4 forward on windows?
How to Change Audio Pitch while playing
Energy efficient CRT, LCD, LED?
Windows 10 sshd - passwordless incoming ssh demands a password
Hide unassigned (linux) partition from explorer
Generalized chmod function differentiating between directories and files (i.e.: with find)
Full-speed 802.11n connection between two laptops without an access point