[opendmarc-users] Other suggestions
Murray S. Kucherawy
msk at blackops.org
Mon Dec 30 00:59:34 PST 2013
On Mon, 30 Dec 2013, Patrick Ben Koetter wrote:
> Rationale: There can only be one signature that testifies a
> Organizational Domain. If From: headers list more than one domain
> verification can't work. Correct?
The following is valid:
From: user1 at X, user2 at Y
DKIM-Signature: ...; d=X; ...
DKIM-Signature: ..., d=Y; ...
The message in this case has more than one possible organizational domain.
By the standards, this is syntactically valid, though it is extremely
rarely used. It's also semantically valid; suppose you wanted to use this
technique to send a memo from a committee or board, all of whom were
operating from different domains.
Most of the time we only see it used legitimately when done simply to
prove that it's a legal use. Otherwise, it appears when something
building messages has a bug in it, and in that case it's pretty much
always the same address repeated.
-MSK
More information about the opendmarc-users
mailing list