Forum Discussion
Jordy_Swiggers
Feb 09, 2024Copper Contributor
Incorrect processing of messages with multiple DKIM signatures?
Hello,
I've been noticing strange behavior on our Exchange online where legitimately spoofed incoming messages that are double signed
(Usually one unaligned DKIM signature for the sending infrastructure and one aligned for the RFC5322.From domain)
are being falsely rejected by DMARC because exchange is using the unaligned signature for it's DMARC test.
This is not limited to a specific From or MailFrom domain, I can find examples of this every day (large tenant, many subcompanies on one environment) and looks to me like a flaw in Exchange's implementation of the DMARC standard...
According to the DMARC spec, this shouldn't be a problem:
Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies.
(Source: RFC7489, Section 3.1.1)
Kind regards, Jordy
- tanmay1313Copper Contributor
same issue is happening with me as well.
- martypete1Copper ContributorBump. Just noticed this today. Client has 2 signatures and DMARC is being evaluated under the non-aligned signature. Appears to only affect Microsoft recipients.
- SvenTegethoffCopper Contributor
I have the same exact problem.
Is there any way to report this to someone who can fix this? Otherwise the only option I'm left with is setting the DMARC policy to "ignore".
- VisionLargaCopper Contributor
Marco_Meieris right, your record for dmarc is incorrect, just doing a search for your dmarc records on dmarcian.com shows the below;
perhaps correct it?