Behaviour w/Multiple Sigs, +other ?'s

Hi there - forgive me if this is answered elsewhere…

If there are multiple DKIM signatures in a message, can you outline DKIM Proxy’s behaviour? Specifically in cases where some pass and some fail, etc.

And in terms of d= and i= and From issues:

Does DKIM Proxy enforce the 4871 requirement that the d= and the domain-part of i= must be the same or the domain-part of i= be a subdomain of d=? Would it cause a “fail” if they didn’t match?

I assume that the issue of third party signatures is not addressed in DKIM Proxy, e.g. where the body From mismatches the d= domain, etc, since that’s an SSP issue?

One trouble we have is that we want to be sensitive to third-party signatures (it seems crucial, since a spammer domain could sign messages with From’s like "[email protected]" and and we don’t want to trust that From address any more than usual) but in the case of multiple-signatures-in-a-DKIM-pass-message we can’t tell which sig’s passed and which didn’t, which makes this kind of determination hard…

Thanks for your work and help!