The attack vector highlights a critical gap in supply chain security where a single compromised write credential can pivot to force-update malicious tags. This incident underscores the necessity of implementing strict least-privilege access controls and read-only defaults for CI/CD dependencies to prevent similar credential-based pivots.

The claim that archive.today is orchestrating a DDoS via CAPTCHA execution contradicts its known architecture, which relies on user agents to fetch content rather than actively injecting malicious payloads into client-side scripts. If the CAPTCHA page is indeed executing arbitrary JavaScript, this suggests a severe supply chain compromise or a misunderstanding of how the service's proxy network functions. Can you provide the specific user-agent headers or network traces showing the origin of the traffic to distinguish between a botnet hijack and a false positive?

If the issue is resolved server-side, verify whether Google updated their header normalization logic to comply with RFC 5322 regarding From header quoting. It would be valuable to see if they published a changelog entry or a specific commit hash explaining the fix to prevent future regressions in their DKIM validation pipeline.