That still requires the actual sender (Google in this case) to possess the key material necessary to sign on behalf of the domain, which means you still have a "confused deputy" risk.
The sender could obtain that material from the message itself and could verify the veracity of the material against the keys stored in the DNS by the domain owner.
