If a nation state adversary has hacked the DKIM keys from your email server, they can send fake emails signed with this key. So it doesn't prove that a high value target like a presidential candidate has actually typed and pressed send on that email, it just proves that the first SMTP server that routed the email has sent it.
Even google didn't bother to rotate their DKIM keys as recommended by the standard, so one wonders if the google keys are stored in a cage guarded by lasers and dogs or if there are copies on someones laptop somewhere and any sysadmin with a gambling problem or a secret affair could have leaked them to an unscrupulous journalist or a spy.
Even google didn't bother to rotate their DKIM keys as recommended by the standard, so one wonders if the google keys are stored in a cage guarded by lasers and dogs or if there are copies on someones laptop somewhere and any sysadmin with a gambling problem or a secret affair could have leaked them to an unscrupulous journalist or a spy.