[quit32]

Yes. I have seen first hand where it was used to help accelerate out of court agreement without needing a lawsuit. Basically a 3rd party had one of their outlook user accounts compromised by a bad actor who used it to tell another company new instructions for something.

The 3rd party tried to say other company fell for a phishing email and it was their fault but because of DKIM it was immediately provable that instead 3rd party was compromised and email legit sent from their o365 and they were pretending like they didn't know this. This all got disputed maybe a year after email sent.

Love Matthew Green but I personally am not a fan of this proposal. It doesn't fully achieve what he wants bc its only gmail and timing of compromise would be key. Most of the email hacks have actually been very much in the public interest despite being unethical. Breaches also lead to more productive work by companies in better securing accounts and better protecting sensitive information which google has been doing with account security and adding expiring messages.

Like do we really want companies to just continue sloppily sending customer info in email bc they can deny its legit or should they focus on not getting this info compromised to begin with?

Also, for ransomeware groups that now post data when not paid, it is not really seeming like too big of a disincentive that there is repudiation regarding the files they post.