DKIM (DomainKeys Identified Mail)

What is DKIM? Why is DKIM important for email deliverability? How does DKIM work? How does DKIM signing work step-by-step? What is a DKIM signature? What is a DKIM selector? What is a DKIM selector and how is it chosen? What is a DKIM public key and private key? Where do I publish a DKIM record? What does a DKIM record look like? Can I have multiple DKIM keys? What is DKIM key rotation and why is it important? How often should I rotate DKIM keys? What DKIM key length should I use (1024 vs 2048)? What are typical key length recommendations? How do I check if my DKIM setup is correct? How do you test or validate a DKIM signature? Does DKIM prevent email content tampering? What is the difference between rsa-sha256 and ed25519 DKIM signatures? Why does canonicalization matter (simple vs relaxed)? Which headers should be signed? What is the difference between d=, s=, bh= and b= tags? Why does header re-ordering sometimes break DKIM? What causes “bad signature” or “key not found” errors? What is a selector DNS record and how long should keys stay cached? Why does DKIM not stop spoofing by itself? What is body-hash canonicalization? What happens when you change ESPs — how to migrate DKIM?