Comment 12 for bug 1525048

It's true that double signing is not an RFC requirement, but it's a safe and easy way to resolve a security concern that's identified in the RFC. We did test what different implementations due with a signature in a message with multiple From and generally they well grab either the first or the second, but without oversigning verification didn't consistently failed. MUAs then do different things with two Froms, so it seems best to oversign.