Currently when we read the DKIM result form the Authentication-Results header instead of doing our own verification, we do not check that the SDID and the domain of the From address align with each other, as we do then we verify the DKIM signature ourself.

We already do some other checks in this case, e.g. the sign rules. The alignment of the SDID and the from domain is probably a check we want to add too.