That's funny, because gmail doesn't verify DKIM headers. At least not when I spoof gmail addresses! Maybe because my originating mailserver is whitelisted?
That's odd, GMail is how I check to make sure I have DKIM setup correctly. Just send an email to my gmail account and check the message for "Authentication-Results: mx.google.com; dkim=pass" in the headers.
I'm also getting DMARC reports back from them for all my domains.
Good point, I should have said that the headers correctly fail DKIM auth, but the gmail/inbox interface doesn't flag it as spam or do anything to tell you the email is spoofed! I can demonstrate if you want (email in my user profile).
I'm also getting DMARC reports back from them for all my domains.