Lookalike domains are a problem but in my opinion the bigger problem is when attackers figure out how to hijack a real domain.

For example, making a company named "there's a problem with your account call this number" on a site like PayPal and getting it to generate emails. They'll be from actual paypal.com and pass all authentication.

The other issue I'll often see is subdomain takeovers. Company makes a subdomain a CNAME to some other, external domain. Usually with the intention of hosting a webpage externally or whatever.

That other domain expires, but the CNAME doesn't. Somebody buys up the external domain, now they can publish SPF records and pass DMARC relaxed alignment on the organizational domain.

Now you can send all the emails you want with literally anything you'd like and the providers will say "yep, this passed DMARC."