(I am the author of this article, looks like someone posted it here before I got the chance)
If they were, phishing would be a thing of the past; but it's not. In addition it's a lot harder to filter out targeted spear phishing with spam filters.
Spam filtering is certainly useful – as are other measures such as the malicious website list that most browsers have – but it seems to me that adding extra guarantees such as signing would be a good thing?
DKIM is useful, but also limited. It just detects forgeries of From address and such. Ideally email signing should be like https: if it's not https then you shouldn't trust it. DKIM can perhaps fill this role; but the current implementations don't; they just add some score to the spam-check.
You are begging the question by assuming that a signature on an email message proves anything useful to the recipient when the facts on the ground show this not to be the case.
It is not harder to conduct phishing with email signatures, and the fact that such phishing campaigns have no problem putting TLS certs on their phishing sites is a simple existence proof of this fact.
Email signatures does not impact spam in any significant manner beyond existing measures to prevent domain name forgery in the header. Spam email signed by joe@cheap-ray-bans.com does not stop being spam because it is signed and the signature provides no useful signal to spam filtering tools.
The difference between an email signature and a TLS cert on a web site is that in the latter case the user is making an effort to connect to a specific site and the certificate ensures that they are in fact connecting to paypaaaaal.com even if other means were used to misdirect them to this site. With email there are two problems to be addressed, transport privacy/security (a sender problem) and unsolicited email (a recipient problem) and signatures are only useful in ensuring integrity of the former and do nothing for the latter.
If they were, phishing would be a thing of the past; but it's not. In addition it's a lot harder to filter out targeted spear phishing with spam filters.
Spam filtering is certainly useful – as are other measures such as the malicious website list that most browsers have – but it seems to me that adding extra guarantees such as signing would be a good thing?
DKIM is useful, but also limited. It just detects forgeries of From address and such. Ideally email signing should be like https: if it's not https then you shouldn't trust it. DKIM can perhaps fill this role; but the current implementations don't; they just add some score to the spam-check.