I don't think this is from Google. Note how the from address is "via" something? None of the official Google Security Alerts I have received have that.
Does it actually show DKIM failing in the headers? I find it hard to believe that Google would allow their DKIM to be misconfigured, and if they did there would be thousands of people experiencing this behavior and posting about it.
Yes—this is what I see. But I don't work in this area, so still not sure if it's google or my domain that's borked, and quite frankly... All I used to test my domain was MXToolbox, and that reported everything configured correctly.