[iso1631]

> 1) Read the DKIM RFC.

> First of all the only field that it's required to sign is the From: header

OK, I've never looked into DKIM before, but 6376 looks fairly recent, and it reports the message body must be hashed. Now sure, there may be issues with the hash to allow arbitrary collisions, and of course the key may have been leaked or broken, and in any case today's key is unlikely to be secure against nation states now, let alone in 10 years time.

I agree in general the idea that having "DKIM signed" mails means they are authentic is an issue -- in 20 years time it will be easy enough for anyone to forge a DKIM signature for any email they want that they claim was sent today, but from what I can see the message body is signed.