DKIM does nothing to verify the sender of an email. It allows you to verify that the signor of the /content/ (not to be confused with the sender) is same as the domain asserted in the DKIM header. It is very easy to pull a DKIM header and its signed content out of a valid email from legitimate domain A and place it in a new email and send it from spam domain B, without “breaking” DKIM.
↧
