DMARC prevents spoofing
If Gmail used DMARC 'p=reject' then this wouldn't happen or at least its impact would be minimal since any mailsever that respects DMARC would block these fake emails on arrival - including all the major services (even Gmail itself). Gmail's DMARC policy remains 'p=none' - so really they have only themselves to blame, and it will continue to happen. Yahoo by contrast use p=reject - so do facebook, paypal, linkedin, twitter, pinterest...