Proving something always comes with assumptions and caveats. Even if we're talking about proving something cryptographically, the underlying assumption is that crypto primitives are unbroken or that participants retain control of their keys.

In this context, DKIM definitely proves a user sent an email if you're willing to accept the assumption that the email provider is not arbitrarily sending emails that users did not write. This is perhaps not as strong a proof as if there were user specific (and user controlled) signing keys, although even then you're still making assumptions about the user's ability to control their keys, the software involved, etc. In the case of DKIM, it's certainly a much stronger proof that the user did indeed send an email than if you did not have the DKIM signature.

> Proving something always comes with assumptions and caveats. Even if we're talking about proving something cryptographically, the underlying assumption is that crypto primitives are unbroken or that participants retain control of their keys.

Absolutely. Propositions have a premise and a conclusion. In regular conversation, it is usually safe to omit part of the premise when it is assumed that everyone is on the same page, otherwise communication would be overly laborious. I agree 100%. An example in my response: I said nothing of the assumption that the cryptography in use hasn't been broken through quantum computing or other means as I think it's pretty obvious that, if verification of authorship hinges on the cryptography functioning as intended, it should be apparent that "the cryptography hasn't been broken" should be part of the premise. Communication would be practically impossible if we all have to add in an infinity other ground truths, like "the brains of humans of earth haven't been taken over by extraterrestrial parasites", or "we're not talking about a point in time before humans came into existence", or whatever.

> In this context, DKIM definitely proves a user sent an email if you're willing to accept the assumption that the email provider is not arbitrarily sending emails that users did not write.

I was waiting for this comment.

I'll restate your proposition, to make it more explicit:

"If an email provider won't arbitrarily send emails that users did not write, then a valid DKIM signature for a given email entails that the author as indicated in the FROM header was indeed the actual person/entity that wrote the email."

And that's fine!

So, if we take the premise to be true (as it seems you do), then we arrive at "a valid DKIM signature for a given email implies that the author as indicated in the FROM header was indeed the actual person/entity that wrote the email". Great!

However, to clarify why I wrote my original comment, here's the important bit from the OP:

> A DKIM signature does not prove that an individual sent the email, the key is not personal. A DKIM signature proves that the sending service is a delegated sender for the domain. Meaning that a correct DKIM signature proves that the part after the '@' symbol in the sender address is authentic. Not the part before that. If you want to use a personal signature, you can use S/MIME.

There's nothing about this that suggests that this commenter would find the earlier proposition invalid. More than that, if we are charitable (as we should be, if we want civil, productive discussion) and assume that they actually do consult in this space, there is no reason for us to assume that they don't already hold this proposition to be valid.

What the original commenter wrote could be restated as:

"If an email provider is not trusted to not send arbitrary emails, then DKIM is not sufficient proof to trust that the supposed sender actually authored the email -- it is only sufficient proof to trust that the email was delivered via the respective email service."

Looking at your response to the original commenter:

> You are technically correct (the best kind of correct), but in practice the nuance you're referring to does not make as much difference as you think. Yes, email senders could send email from whatever user they want or change the body from what the user wrote, but in practice of course they aren't doing that for the kind of email providers like Gmail that most people use.

Okay. Sure. You trust Gmail or whoever. That doesn't invalidate the second proposition -- that just means that (under your world view) it is not satisfiable.

Ultimately, what I was initially responding to:

> You should probably stop "consulting on email security" if you don't understand that a DKIM-signed message proves the mailhost was authorized, and at least some of the headers could easily prove who sent the message.

comes off as uncharitable at best, and undeservedly antagonistic and offensive at worst. Your response thus far hasn't provided a valid counterpoint.

And, to be clear, I actually disagree with the original commenters assertion:

> So the proposed scheme would only work in a situation where you are owner of the DKIM key (thus in practice where you are the owner of the host sending the email), and where you also own the domain. It is trivial for a prosecutor to prove the owner of the domain, or the owner of the host that used the DKIM key. No amount of publishing keys will help you deny that ownership.

(edit: TBC, I think this statement is true but doesn't effectively refute the utility of publishing the keys -- that, if everyone has the old key, the signatures of old emails become useless, while the signature of a new email can still be used to check authenticity... that authenticity, of course, being predicated on the assumption that Gmail or whoever isn't sending fraudulent emails, which admittedly is a pretty safe bet)

But that's orthogonal to what this sub-thread is discussing (whether second proposition above is valid), which started with someone snarkily implying that someone else is incompetent in their field.