On Jul 21, 2025, rhkra...@gmail.com wrote: > Is it reasonably accurate (at a simple level) to say that dkim involves > applying a digital signature to an email by the domain (as opposed to a > digital signature applied by the user / sender of an email)? > > And that the domain uses the private key of a public / private keypair? > > E.g., if <user>@<domain>.com sends an email, <domain>.com applies a > digital signature to it? > > And then, in the DNS system entry for <domain>.com, among other > things, the public key is stored?
Surface-level, yes this is pretty accurate. > > (Extra points for anybody who can craft a somewhat similar simple > explanation of DMARC.) It's a DNS TXT Record that acts as a request to recipients as to how to handle messages that have failed SPF/DKIM checks ( i.e. reject or quarantine) and also whether they should report the stats on messages (received/accepted/failed). -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
signature.asc
Description: PGP signature
