On Fri, May 20, 2016 at 4:15 PM, Steve Atkins <st...@blighty.com> wrote: > >> On May 20, 2016, at 1:01 PM, Michael Rathbun <m...@honet.com> wrote: >> >> A client who is more on top of things than the average has noticed some >> mailings to him that have two DKIM signatures, and wondered whether there was >> some advantage to that. >> >> Of the two samples he sent, it was clear that one had been signed by an MTA >> that relayed through another service, which also signed the message. The >> other might have been signed twice by the same MTA; the headers were >> ambiguous. >> >> So far I have not found much one way or another after a googleslog, although >> one system was reported as taking off good-guy points for multiple >> signatures. >> >> Any comments? > > DKIM is designed to support multiple signatures. There are many operational > reasons why having two signatures may be useful (reputation & FBL, reputation > migration, author and sender reputation, ...). > > Support for multiple signatures in MTAs has taken a while to show up, for > reasons that don't really matter. > > Anyone flagging multiple signatures as problematic is probably clueless.
It's not problematic, but since only 1 signature at a time can be validated any remaining sigs become basically untrusted ascii data. ;-) -Jim P. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop