🐛 Summary
The "DKIM Domain" and "DKIM Result" in the dmarc_failures report occasionally show multiple values instead of the one discrete value that is important to final DMARC adjudication per column. We expect to see that the end system final adjudication is either pass or fail (not both) for one domain.
I understand that an e-mail can be signed more than once. The DKIM standard (RFC 6376) permits multiple DKIM signatures, and receiving servers are designed to handle them. The key here is alignment. Even if there are multiple DKIM signatures, only the one that match the FROM domain (or a subdomain of it) will contribute to DMARC authentication. So, we really don't care about more than the domain that is important to the final adjudication. If it is desired to show the results from all domains, ideally that data is dumped into a separate column as additional interesting but not impacting information.
https://www.suped.com/learn/dkim/what-is-double-dkim-signing-and-when-is-it-necessary-for-email-authentication
To reproduce
Review the attached report and please explain why this is the case.
dmarc_failures-20260519.csv
Expected behavior
Expected one value for each column per row.
Any helpful log output or screenshots
Add any screenshots of the problem here.
🐛 Summary
The "DKIM Domain" and "DKIM Result" in the dmarc_failures report occasionally show multiple values instead of the one discrete value that is important to final DMARC adjudication per column. We expect to see that the end system final adjudication is either pass or fail (not both) for one domain.
I understand that an e-mail can be signed more than once. The DKIM standard (RFC 6376) permits multiple DKIM signatures, and receiving servers are designed to handle them. The key here is alignment. Even if there are multiple DKIM signatures, only the one that match the FROM domain (or a subdomain of it) will contribute to DMARC authentication. So, we really don't care about more than the domain that is important to the final adjudication. If it is desired to show the results from all domains, ideally that data is dumped into a separate column as additional interesting but not impacting information.
https://www.suped.com/learn/dkim/what-is-double-dkim-signing-and-when-is-it-necessary-for-email-authentication
To reproduce
Review the attached report and please explain why this is the case.
dmarc_failures-20260519.csv
Expected behavior
Expected one value for each column per row.
Any helpful log output or screenshots
Add any screenshots of the problem here.