After making my server sign outgoing email I started to wonder what the benefits are.
This is the opposite of a previously asked question.
Naively I see two benefits:
We can throw away all emails which don’t carry a valid signature: Wrong! Mail forwarders (like Mailman) will produce emails from someone at «domain which signs» which are not signed correctly (in their forwarded shape).
We can skip spam checking on signed email: Wrong! A spammer can send a single email through e.g. gmail.com and then resend that email as-is (w/o changing headers) to a million people.
So what are the selling points of DKIM?