It looks like this started all the way back in the beginning of last year: https://www.mimecast.com/blog/guide-to-google-dmarc-setup/

This overview also shows other requirements you may have missed: https://www.proofpoint.com/us/blog/email-and-cloud-threats/g...

As for DMARC in the headers, I'm pretty sure Google has done that for years when DMARC is being checked (i.e. when it's being offered by the sending domain).

As long as I can remember there have been 3 lines in “Show Original”: SPF, DKIM, DMRARC.

Google does have newish (early 2024) policy regarding messages purporting to be from domains which lack a DMARC policy statement. But this is about mail delivery, not the Show Original UI feature. It’s possible they have been only slowly ramping up implementation or perhaps your domain was previously under the threshold but is now over.

https://blog.google/products/gmail/gmail-security-authentica...

This should have an “Ask HN: ” prefix in the title, although that rule is not strictly enforced.

https://news.ycombinator.com/ask for other examples.

I've seen "DMARC: 'PASS'" on Show Original for a long time (years?).

Is this new? Some time back (a year back or so), CloudFlare pushed setting up SPF, DKIM, DMRARC the right way and I did so for a lot of my domains. That was the time I read about Google and others being more strict about email deliveries.