Hi there - forgive me if this is answered elsewhere…
If there are multiple DKIM signatures in a message, can you outline DKIM Proxy’s behaviour? Specifically in cases where some pass and some fail, etc.
And in terms of d= and i= and From issues:
Does DKIM Proxy enforce the 4871 requirement that the d= and the domain-part of i= must be the same or the domain-part of i= be a subdomain of d=? Would it cause a “fail” if they didn’t match?
I assume that the issue of third party signatures is not addressed in DKIM Proxy, e.g. where the body From mismatches the d= domain, etc, since that’s an SSP issue?
One trouble we have is that we want to be sensitive to third-party signatures (it seems crucial, since a spammer domain could sign messages with From’s like "firstname.lastname@example.org" and d=spamdomain.com and we don’t want to trust that From address any more than usual) but in the case of multiple-signatures-in-a-DKIM-pass-message we can’t tell which sig’s passed and which didn’t, which makes this kind of determination hard…
Thanks for your work and help!