Can you fake a DKIM pass?

Extremely Difficult. Faking a DKIM pass requires either obtaining the private signing key (which should be secured) or finding a cryptographic weakness (which properly implemented DKIM does not have).

DKIM's security comes from public key cryptography. Without the private key, creating valid signatures is computationally infeasible with proper key lengths.

Protect your private keys appropriately. Key compromise would allow impersonation. Regular key rotation and secure key management are important parts of DKIM security.