Your own emails are immutable, if you trust nobody's modified your copy.
But proving to others that an email hasn't been modified is a more difficult task. As I understand it, you'd need to retain DKIM keys for the signing server, to check that historical DKIM signatures verify correctly and the old message was not forged or altered.
Are DKIM signing keys issued in some kind of Certificate Transparency log, where you can verify whether a particular DKIM key existed for a particular domain in the past, in order to do this in general?
They at least were not historically archived. This came up during the Hunter Biden laptop investigation where people were able to verify some of the messages only because the Gmail key was archived in many places because that service is so popular. I’m not aware of anyone making a comprehensive archive but I’d be unsurprised if someone did based on news like that.
people are trying to do the opposite - publish DKIM private keys regularly so everyone knows that old DKIM signatures can be forged, so that they can't be used against you.
But proving to others that an email hasn't been modified is a more difficult task. As I understand it, you'd need to retain DKIM keys for the signing server, to check that historical DKIM signatures verify correctly and the old message was not forged or altered.
Are DKIM signing keys issued in some kind of Certificate Transparency log, where you can verify whether a particular DKIM key existed for a particular domain in the past, in order to do this in general?