DKIM keys are vulnerable to the 2008 Debian OpenSSL bug discovered via scanning with the tool badkeys. A surprising number of hosts, including big names like Cisco, Oracle, and GitHub, were found to be vulnerable, allowing forged DKIM signatures. Most vulnerable keys belonged to a company called Cakemail. Attempts to notify them failed. Many organizations, including Seznam, dismissed the issue. Several RSA keys were vulnerable and used substandard cryptographic security. BIMI, a logo-publishing scheme tied to expensive certificates, automatically displays logos in emails. Surprisingly, no cryptographic connection exists between the certificate and DKIM key in BIMI. The BIMI spec poses severe security flaws and challenges in implementation.
https://16years.secvuln.info/