Incorrect processing of messages with multiple DKIM signatures?

Copper Contributor


I've been noticing strange behavior on our Exchange online where legitimately spoofed incoming messages that are double signed


(Usually one unaligned DKIM signature for the sending infrastructure and one aligned for the RFC5322.From domain)


are being falsely rejected by DMARC because exchange is using the unaligned signature for it's DMARC test.


This is not limited to a specific From or MailFrom domain, I can find examples of this every day (large tenant, many subcompanies on one environment) and looks to me like a flaw in Exchange's implementation of the DMARC standard...


According to the DMARC spec, this shouldn't be a problem:

   Note that a single email can contain multiple DKIM signatures, and it
   is considered to be a DMARC "pass" if any DKIM signature is aligned
   and verifies.

(Source: RFC7489, Section 3.1.1)


anonymous header.jpg


Kind regards, Jordy

0 Replies