I assumed historical DKIM public keys were easy to find on the web, but that doesn't seem to be the case. This is weird because they are very little data and don't rotate every year, so archiving every key from Google, Amazon, etc would be easy.

Of course you would need multiple trusted sources for the key to have confidence that the mail is legit.