That's not true. SPF and DKIM were explicitly made to prevent email forging by authenticating the server, and the server is responsible for authenticating the user.
Please name even a single major mail provider that allows to send emails with arbitrary "from" headers.
If you’re using DKIM to sign the outgoing message it’s a huge flaw if your service provider is signing other peoples emails with your key just because they included the domain. You authenticate to the server for a reason.
Please name even a single major mail provider that allows to send emails with arbitrary "from" headers.
https://datatracker.ietf.org/doc/html/rfc7208 https://datatracker.ietf.org/doc/html/rfc7489