Is it reasonably accurate (at a simple level) to say that dkim involves applying a digital signature to an email by the domain (as opposed to a digital signature applied by the user / sender of an email)?
And that the domain uses the private key of a public / private keypair? E.g., if <user>@<domain>.com sends an email, <domain>.com applies a digital signature to it? And then, in the DNS system entry for <domain>.com, among other things, the public key is stored? (Extra points for anybody who can craft a somewhat similar simple explanation of DMARC.) -- rhk <long sig elided>
