Upon investigating the message header you've provided, I can see that someone tried to spoof your account by sending from your group's email address and using unauthenticated IP.
To try to remedy this and prevent illegitimate messages purporting to come from your domain, we recommend that you authenticate the legitimate outgoing email using SPF and DKIM and then add a DMARC record to control unauthenticated email. However, as you've created the DKIM record, you just need to setup the SPF record. To do so, kindly use this value to create a TXT record in the DNS console of your domain and here is the value: v=spf1 include:_spf.google.com ~all. You can see more information about configuring the SPF records to work with Google Apps in our Help Center article at https://support.google.com/a/answer/178723?hl=en.
I hope the information provided is useful, please let me know if you have any additional questions or require further clarification on the information provided above. I’ll be happy to assist you.