Google classify their own security alerts as spam. Or they just can’t be arsed with sorting out DKIM.
I don’t think this is from Google. Note how the from address is “via” something? None of the official Google Security Alerts I have received have that.
Yeah, it’s to my recovery account. But DKIM is set up on that account and fetched via google. Probably some kind of weird back emf somewhere.
Does it actually show DKIM failing in the headers? I find it hard to believe that Google would allow their DKIM to be misconfigured, and if they did there would be thousands of people experiencing this behavior and posting about it.
Yes—this is what I see. But I don’t work in this area, so still not sure if it’s google or my domain that’s borked, and quite frankly… All I used to test my domain was MXToolbox, and that reported everything configured correctly.
