other domains forging dkim sig

From: <shmick_at_riseup.net>
Date: Fri, 07 Nov 2014 00:47:42 +1100

from time to time i see google passing multiple other external domains
for dkim

1.2.3.4 is the domain purported to have dkim signed from one of my
domains example.net

how is that possible other than a private key compromise or a mistake by
google ?


<policy_published>
    <domain>example.net</domain>
    <adkim>s</adkim>
    <aspf>s</aspf>
    <p>quarantine</p>
    <sp>reject</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>1.2.3.4</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>example.net</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>example.net</domain>
        <result>pass</result>
      </dkim>
      <spf>
        <domain>example.net</domain>
        <result>fail</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
Received on Thu Nov 06 2014 - 13:48:09 PST

This archive was generated by hypermail 2.3.0 : Thu Nov 06 2014 - 13:54:01 PST