On 8/26/2022 3:38 AM, Laura Atkins via mailop wrote:
Signing with 2 identical d= but different s= is unusual, but I don’t
think it’s prohibited anywhere.
It's certainly not prohibited in the DKIM specification.
I also don’t think the RFC addresses anything about mail disposition
in case of failures.
Simply put, a signature failure is supposed to be handled the same as no
DKIM signature being present.
As for specifics...
6.3 <https://www.rfc-editor.org/rfc/rfc6376#section-6.3>. Interpret
Results/Apply Local Policy It is beyond the scope of this specification to describe what actions
an Identity Assessor can make,
...
In general, modules that consume DKIM verification output SHOULD NOT
determine message acceptability based solely on a lack of any
signature or on an unverifiable signature; such rejection would cause
severe interoperability problems.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
