DKIM's protection aren't as strong as people say they are (though fairly strong)
1) DKIM doesn't protect the To: header in any reasonable way (its not really designed to). i.e. it protects it in the sense that the original email had that as the To: header, but this is easy to forge as the To: header is not used by SMTP in delivery (think Bcc). i.e. its easy to write emails that are To: <some address> that are never attempted to be delivered to said address.
2) DKIM (even on gmail) doesn't quite protect the From: header as one would expect. Yes, gmail in general makes it difficult to spoof the email in the From header (it will replace it with your own if you try in the general case), but there's a huge but, if you gave gmail itself access to use that e-mail. i.e. I can be compsciphd@gmail.com but if billgates@gmail.com was convinced to allow me access to send emails as billgates@gmail.com (either via cooperation or a technical or sociological hack) then i can do that without having access to the account. and this permission is permanent. as far as I can tell, it irrevocable and to other gmail users there is no indication that other accounts have this permission for your email.
so what do we learn
1) can't 100% trust DKIM to believe who an email was sent to unless you actually retrieved it out of said user's email spool
2) can't 100% trust DKIM to believe who actually sent an email (even on gmail)
now, do I think DKIM gives anywhere close to 0% trust. No, I think its much closer to 100 than 0, but one has to understand the limitations and most people who discuss it, don't seem to understand them.
the threat is a hack playing a very long game. If one doesn't view that long game hack threat as serious, then its close enough to 100% (especially if gmail rotates their keys even without making the private part public), but if a long game hack threat is a serious thing, then it drops.
1) DKIM doesn't protect the To: header in any reasonable way (its not really designed to). i.e. it protects it in the sense that the original email had that as the To: header, but this is easy to forge as the To: header is not used by SMTP in delivery (think Bcc). i.e. its easy to write emails that are To: <some address> that are never attempted to be delivered to said address.
2) DKIM (even on gmail) doesn't quite protect the From: header as one would expect. Yes, gmail in general makes it difficult to spoof the email in the From header (it will replace it with your own if you try in the general case), but there's a huge but, if you gave gmail itself access to use that e-mail. i.e. I can be compsciphd@gmail.com but if billgates@gmail.com was convinced to allow me access to send emails as billgates@gmail.com (either via cooperation or a technical or sociological hack) then i can do that without having access to the account. and this permission is permanent. as far as I can tell, it irrevocable and to other gmail users there is no indication that other accounts have this permission for your email.
so what do we learn
1) can't 100% trust DKIM to believe who an email was sent to unless you actually retrieved it out of said user's email spool 2) can't 100% trust DKIM to believe who actually sent an email (even on gmail)
now, do I think DKIM gives anywhere close to 0% trust. No, I think its much closer to 100 than 0, but one has to understand the limitations and most people who discuss it, don't seem to understand them.
the threat is a hack playing a very long game. If one doesn't view that long game hack threat as serious, then its close enough to 100% (especially if gmail rotates their keys even without making the private part public), but if a long game hack threat is a serious thing, then it drops.