The world has far better uptake of HTTPS than of DKIM. If DKIM was as widely used as HTTPS, then Google likely would indicate when a message was not signed.
> 86.8% of the emails we received are signed according to the (DKIM) standard (up from 76.9% in 2013). Over two million domains (weekly active) have adopted this standard (up from 0.5 millions 2013).
> 95.3% of incoming emails we receive come from SMTP servers that are authenticated using the SPF standard (up from 89.1% in 2013). Over 7.8 million domains (weekly active) have adopted the SPF standard (up from 3.5 million domains in 2013).
> 85% of incoming emails we receive are protected by both the DKIM and SPF standards (up from 74.7% in 2013).
> Over 162,000 domains have deployed ___domain-wide policies that allow us to reject hundreds of millions of unauthenticated emails every week via the DMARC standard (up from 80,000 in 2013).
In conclusion, the evidence -- from Google itself -- shows that only as of 2017-18 has HTTPS adoption even remotely compared to that of DMARC adoption's statistics from 2013!
Gmail is terribly behind Chrome in this regard. Google Search began down-ranking sites not SSL protected in 2015, Chrome warned about submitting passwords on insecure forms in 2016, and by 2017 was rolling out or planning to roll out a series of changes to visibly mark insecure pages as insecure, one address bar change at a time.
In that same time, Google launched Inbox in 2015 ... and shuttered it by 2018, redesigning Gmail. They had plenty of opportunities to highlight insecure email transmission, they chose not to.
