Is it reasonably accurate (at a simple level) to say that dkim involves applying a digital signature to an email by the domain (as opposed to a digital signature applied by the user / sender of an email)?
And that the domain uses the private key of a public / private keypair?
E.g., if <user>@<domain>.com sends an email, <domain>.com applies a digital signature to it?
And then, in the DNS system entry for <domain>.com, among other things, the public key is stored?
(Extra points for anybody who can craft a somewhat similar simple explanation of DMARC.)
-- rhk
<long sig elided> |