[opendmarc-users] Other suggestions

Murray S. Kucherawy msk at blackops.org
Mon Dec 30 00:59:34 PST 2013


On Mon, 30 Dec 2013, Patrick Ben Koetter wrote:
> Rationale: There can only be one signature that testifies a 
> Organizational Domain. If From: headers list more than one domain 
> verification can't work. Correct?

The following is valid:

From: user1 at X, user2 at Y
DKIM-Signature: ...; d=X; ...
DKIM-Signature: ..., d=Y; ...

The message in this case has more than one possible organizational domain. 
By the standards, this is syntactically valid, though it is extremely 
rarely used.  It's also semantically valid; suppose you wanted to use this 
technique to send a memo from a committee or board, all of whom were 
operating from different domains.

Most of the time we only see it used legitimately when done simply to 
prove that it's a legal use.  Otherwise, it appears when something 
building messages has a bug in it, and in that case it's pretty much 
always the same address repeated.

-MSK


More information about the opendmarc-users mailing list