[ietf-dkim] RFC 4871: Signature Expiration

[John Levine]

>If there was an optional expiration date contained in the _domainkey DNS 
>entry besides the public key instead, a mail admin could react in the 
>short-term to e.g. abuse of the according private key without 
>interfering the validation of signatures before this expiration date.

If I were a bad guy, why wouldn't I simply forge a date in my spam
before the expiration date?

R's,
John