Spot on! I use to work for a company that helped Yahoo on the RFC (We were in the email spam space). DKIM is not meant to prove the payload is authentic/un-tampered, merely the person sending the email was authorized to use the domains SMTP server in question. Thats it. DKIM is a one bit in preventing spam.

Lets just say it. The emails that sparked all this are looking for something that simply isnt there. They see what they need to see to fit a world view