It'll be the one that's not broken, I presume. If there's more than one
unbroken signature, I guess the signing domain might want to match the
list-id header.
Why is it important to match signatures? If there's a valid signature
with a good rep, deliver the mail. If the mail turns out to be nasty,
decrease the rep of all of the valid signatures. Why make this more
complicated than it needs to be?
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html