I agree with this. I would also add that DKIM does not mean I created those keys. Many email providers today implement DKIM for their users. Fastmail is a great example of this. I have a few domains pointed to fastmail for family members to use. Their emails are DKIM signed. That signing is from fastmail, not my family members. If their account password is compromised, the attacker can also send DKIM signed emails. IP addresses are also useless in any case. Malware can be used from a family members PC to log into email. So DKIM is really just useful to minimize spoofed emails for accounts that are not hacked.