A signature also needs to have the date. The author is already taken care of via npub but without the date and something that proves the timestamp accurately like OpenTimeStamps, then you could forge a message to be sent from the past.
Discussion
sure the date can be modified
but signing with trustless timeserver
would be a little more complicated
about that tech i dont know very much