it would be nice if people didn鈥檛 use AI to write their articles.
I stopped reading when I realised the publisher is a company that sells a product that fixes the supposed problem.
Maybe this is a thing, maybe it isn鈥檛, but I don鈥檛 have the resources to go on reading and analyze it.
Even if they could reuse a DKIM hash on an email (pretty sure this is unique per email and would fail on a legitimate check), SPF would show its obviously not from Google. So just make sure your email server correctly handles DKIM verification and blocks SPF hard fails, and you鈥檙e probably good against this.
SPF won鈥檛 help here because the attack specifically uses legitimate sending infrastructure - they鈥檙e forwarding through a compromised Google Workspace account so the SPF check passes, while reusing a valid DKIM signature from a diferent message.