Multiple DKIM Signatures
When you examine the email headers inside a message, it is not uncommon that you find multiple DKIM signatures in a single email message.
Similarly, you can run into multiple DKIM signatures in a single email stream in some DMARC aggregate reports.
We will go over this multiple-dkim-signature scenario below.
Why an email message has multiple DKIM signatures
When an email message is forwarded, multiple DKIM signatures can be added to the message.
For example, if you send a message using SendGrid, to a Gmail account, then that message is forwarded to the final recipient. The final recipient will find 2 DKIM signatures in the message: one is added by SendGrid, and the other one by Google.
Example email headers with multiple DKIM signatures
The following email headers show that the message had 2 DKIM signatures.
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=mail header.b=xjAWgYt1;
dkim=pass [email protected] header.s=mail header.b=zNRqfud1;
spf=pass (google.com: domain of [email protected] designates 212.146.215.142 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mydomain.com
DKIM-Signature: a=rsa-sha256; bh=Mi4Ptruf3aiF5LqQkgnB4ysAKkkkxo7wikG3Cc8o8SE=; c=relaxed/relaxed; d=mydomain.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1618653372; v=1; b=xjAWgYt1qLwxzeO4C58+13pa9xUbhy7osvfEYNu9BxDHRAzdq6um9dUjbiGlyQZNVQGGWkxr LOqZAI782Tl0Jm8KhW2XOPXTM0tbyIeBCkaSBAur6A+xATnhqXCbmWYmOLPhYAinKPpgpH6RDsE rlA4CvDQtkEemLYEdpH9MdIE=
DKIM-Signature: a=rsa-sha256; bh=Mi4Ptruf3aiF5LqQkgnB4ysAKkkkxo7wikG3Cc8o8SE=; c=relaxed/relaxed; d=sendib.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1618653372; v=1; b=zNRqfud1FiIa3SwHWVBTmpyr+qVOVtfmBskmAAwTG0joD9DFcexOf6BRCyTRao4GU+FKo8oU I7qru7U+/ZwqZvgWi0Eu2qh07obCYys3bnNrCMZ86UGSP+Oa4i09Sn046i9ve3JIFllaFsR1zb6 jIt74VPPNzYVPW42qpRS3AmY=Example DMARC report with multiple DKIM signatures
The following is a snippet extracted from a DMARC aggregate report:
<record>
<row>
<source_ip>167.189.100.75</source_ip>
<count>11</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mydomain.com</domain>
<result>pass</result>
<selector>s1</selector>
</dkim>
<dkim>
<domain>sendgrid.info</domain>
<result>pass</result>
<selector>smtpapi</selector>
</dkim>
<spf>
<domain>mail.mydomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>The snippet above indicates that the particular email stream with 11 messages had 2 DKIM signatures, one with domain mydomain.com and selector s1, and the other one with domain sendgrid.info and selector smtpapi.
How to view multiple DKIM signatures in the DMARCLY dashboard
To view all the DKIM signatures in a particular email stream in the DMARCLY dashboard, log in, go to Aggregate Reports/Sources, then click on the row in question to reveal the details section.
If there are multiple DKIM signatures in that stream, you will see multiple DKIM SIGNATURE subsections, as highlighted in red below:
The above screenshot indicates that email stream had 2 DKIM signatures, one with domain mydomain.com and selector msgf, and the other one with domain esp.com and selector msgf.
How DMARC interprets multiple DKIM signatures
In the case of multiple DKIM signatures, a message passes DMARC if ANY DKIM signature is verified and has DMARC identifier alignment.
Protect Business Email & Improve Email Deliverability
Get a 14 day trial. No credit card required.
Create Account