My organization is working with a vendor that needs to send emails on our behalf. They want us to import a PFX certificate into a DKIM key. We want to understand the implications first.
What precautions can/should we take?
I presume that if some attacker got hold of the key, they might be able to use it to impersonate our email messages. But is there anything else they can do with it?
Can the original cert be extracted and reused in other ways (e.g. converted to a web server or app signer cert)?