Are there any limitations to DKIM?

DKIM only applies to the domain in the email's "d=" tag, found in the email header information, and not to the actual sender or the visible From: address domain of the email. This means that an attacker could potentially send a spoofed email from a domain that has a valid DKIM signature.