Closed fraenki closed 8 months ago
Note that the add-on does verify all DKIM signatures, but it will only show one signature. Mainly because of space reasons in the GUI. More about it in https://github.com/lieser/dkim_verifier/issues/48#issuecomment-144373585.
My guess is that the signature for example.com
fails to verify. The add-on will then consider the valid signature from amazonses.com
the "better" one to show.
If you take a look at the log output you should be able to see what happens (best with debug logging enabled) https://github.com/lieser/dkim_verifier/wiki/Debug#view-error-and-debug-messages.
As part of #160, which is planned for the next version, all DKIM signatures will be probably be visible in the GUI. But still not directly in the header. Instead I plan to extend the pop-up for the DKIM button in the header, that currently only has buttons to trigger actions.
As you haven't replied yet I'm assuming your questions are answered. If not please reopen the issue.
When a mail contains multiple DKIM signatures, the plugin seems to only parse one of them (the first/last). Consider this mail header...
In this example the mail originated from example.com, but was delivered through Amazon SES (which added it's own DKIM signature).
In this case this leads to a warning that the DKIM signature for amazonses.com does not belong to this domain (supposedly example.com).
Other DKIM verification tools (like Google Header Analyzer) conclude that everything is fine. So I guess only one of these two DKIM signatures is considered by the plugin, which leads to the incorrect warning.