On 2023-12-21 at 18:13 +0100, John R Levine wrote: > > With the number of messages already arriving with multiple DKIM > > signatures I can't imagine their reputation systems don't already handle > > dual signing just fine. Granted this would be two signatures on the same > > domain, but that seems that a small change from handling a signature on > > the From plus one from the ESP and maybe even one for the > > list-unsubscribe domain. > > If there's two signatures for the same domain, one is good and one is > bad, which do you believe? I know what the spec says, but we have no > practical experience.
We can already add a dozen signatures to a single email. All of them RSA in the range accepted by gmail. It already needs to handle that in *some* way. Panicking is not an option. Picking only the signature that passes is not just what the spec wants you to do. It's the one that makes sense operationally. Regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop