mails from local domain forwarded result in a SES domain DKIM check failure

[oyyq99999]

Let's say yourdomain.com is the domain the forwarder is sending emails from, and anotherdomain.com is another domain. Consider these cases:

1. [email protected] sends a mail to [email protected]. The mail is forwarded to recipients correctly without any checks failed;
2. [email protected] sends a mail to [email protected]. The mail ends up with a DKIM(on SES domain) check failure.

After looking at the DKIM-Signature part I found it's weird that the failed one has TWO Feedback-ID's in the h field. I guess it might be the cause and tried to fix the forwarding code to remove the field from the header, and it works.

But I don't know what this field means and what side-effects the removal would introduce.

Here's excerpt from the message fails DKIM validation:

Authentication-Results: mx.google.com;
       dkim=fail [email protected];
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1470162493;
    h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID:Feedback-ID;
    bh=cIc4+mNxsFp+dUwkGlbCwYelaS0phVkPmIICqAGQvPs=;
    b=oQRKCP7Qz2BZ7rNOt64kJZLMQiAw85afNkIS0ZBezqdObXAfEINMPtrG0K+oZps2
    CmPVoLW8UkSkFU4bTtaiaXYw0lsmAjXvpsipQyYQFPYN1MfEWIFQZBxTEJJEVnozkyb
    M31UJ95rnkf437YCCPyFvSMsYHdmhlceK++Fk6QY=

And here is a success one after I removed the field:

Authentication-Results: mx.google.com;
       dkim=pass [email protected];
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1470166761;
    h=Date:From:To:Subject:Content-Type:MIME-Version:Message-ID:Reply-To:Feedback-ID;
    bh=EEznD2tyqczD8Zpld/7JgAHSIj9dxh/xhszpF4qOYyQ=;
    b=cMic0Xdgjvkrr5mgutcRyVmxDw2apNOWABeTRx41q9PqrTEymFATlZObJ2kq9Bbz
    X27rFRkfkT+XN6z4qwzvrXXG6VSDXnfZ4B9aM4/9ntQ9wyfjcyZXHaZlbr9i98L2qLY
    cQqvz2ET1Dg7FOsOh6tCUXEMTaCbpE0xo598cN/o=