DKIM signs the message headers (including the From: header) and (a hash of) the message body. So you can validate that a message has not been tampered with, and is from the mailbox it says it is (assuming your mail provider rejects messages with an invalid signature, irrespective of e.g. DMARC).