Broken DKIM Signatures on Office365

It always came across funny before when other people where having bad experiences with Microsoft support for Office365, leaving us thinking thank god that isn't us!
Now we've found our own issue and wow, was that account accurate.
The support so far has been abysmal!
I almost thought I was taking part in the new series of Channel 4's FoneJacker.

As a bit of background, we have split delivery with our MX pointing at Office365 and email for a select few users being sent to G Suite via a mail flow rule and an Outbound Gateway configured to point to Gmail.

We first noticed that delivery of messages with attachments from one of our 3rd party suppliers wasn't making it to the users on Gmail, but was making it to the users on Office365.

To make matters worse, the 3rd party supplier was getting a very misleading bounce message about SPF records, at first glance instructing them to add "" to their SPF.

Your message to sam.m****@a1comms.comcou…