We now have official confirmation that the emails did not come from our network. Thanks to a bad email in the spam list we got the original headers send back to us by GMail. The emails got sent from a compromised server not belonging to us. The emails seem to have been accepted by GMail since they looked similar to our legitimate traffic. Yesterday our security team has configured our public records to state to always deny emails not coming from our system so this should never happen again.