> Of course, informed people will know that anybody could have faked them, but I would guess normal people would be fooled. In addition, there is no way to say the emails are definitely fake. At least now, we can tell between actual leaked emails and fake emails.
No, you can't. Google used to use 512- and 1024-bit RSA keys for DKIM signatures, both of which are comfortably within the means of small-to-medium-sized nation states. They currently use 2048-bit keys, which will probably be crackable within the next decade.
DKIM is providing a false sense of non-repudiation here, one that it was never designed (much less correctly implemented) to provide.
No, you can't. Google used to use 512- and 1024-bit RSA keys for DKIM signatures, both of which are comfortably within the means of small-to-medium-sized nation states. They currently use 2048-bit keys, which will probably be crackable within the next decade.
DKIM is providing a false sense of non-repudiation here, one that it was never designed (much less correctly implemented) to provide.