Henry, what is supposed to happen is that all DKIM signatures are checked, at least until a passing aligned one is found (or no more signatures are found).
Most environments do this properly, but there are a couple variations I’m aware of off the top of my head: 1. Yahoo does this properly, but does not currently report multiple DKIM results in the RUA XML. So analysis and comparison of the data indicates some psychosis, which has to be ignored in the knowledge that they actually did the correct thing, just cannot report it. 2. Cisco IronPorts in versions prior to 9.6 (or 8.5.7) will actually evaluate this scenario incorrectly, giving false-positive DMARC rejections if the system is configured to follow DMARC policy requests. —Tomki From: dmarc-discuss <[email protected]> on behalf of henry--- via dmarc-discuss <[email protected]> Reply-To: <[email protected]> Date: Thursday, December 3, 2015 at 19:07 To: <[email protected]> Subject: [dmarc-discuss] DKIM Alignment - With 2 DKIM Signatures. > If an email contains two valid DKIM signatures and an unaligned SPF record. > > But one DKIM signature is aligned and the other is is un-aligned. > > What happens? Does dmarc pass or fail? > > > Henry Timmes > www.UnlockTheInbox.com <www.unlocktheinbox.com> > _______________________________________________ dmarc-discuss mailing list > [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
