Bounce message from gsmtp - weird message path

Please consider the following email headers from a message that was returned to the original sender. The multipart bounce message also contains the transcript (clear text + HTML) of the correspondence between the original sender and the intended recipient, which I stripped.

The question is: how did this message end up at gmail?

For a long time I thought I was quite familiar with (E)SMTP, it seems it's not the case anymore. Supposing that it's not a fake bounce, I can only guess that a different envelope recipient has been specified (sender has been hacked?), or there's some bcc map or alias functionality involved on the recipient's MTA.

The following entities have been replaced with their respective placeholders:

• %original sender% - a person who actually forwarded the bounce message to %intended-recipient%

• %intended recipient% - the person who's worried about her security, because %original-sender% forwarded her this bounce message

• %totally unrelated%@gmail.com - someone's email address, whom neither %original-sender% nor %intended-recipient% had correspondence with.

  From: Mail Delivery System [mailto:Mailer-Daemon@]
  Sent: Thursday, October 17, 2013 1:22 PM
  To: %original sender%
  Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

**%totally unrelated%** @gmail.com  
SMTP error from remote mail server after end of data:  
host gmail-smtp-in.l.google.com [2a00:1450:4001:c02::1b]:  
550-5.7.1 [ **%currently unreachable IPv6 address%** 16] Our system has detected  
550-5.7.1 that this message does not meet IPv6 sending guidelines regarding PTR  
550-5.7.1 records and authentication. Please review  
550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more  
550 5.7.1 information. u47si3796594eel.284 - gsmtp  
  
  
------ This is a copy of the message, including all the headers. ------  
  
Return-path: <**%original sender%**>  
  
Received:  
from **%MX of intended recipient%** ([ **%IP address of MX of intended recipient%** ])  
by **%another MTA in the network of recipient's ISP%** with esmtp (Exim 4.63 #1 (Debian))  
id 1VWleU-0006QW-Pl  
from < **%original sender%** >  
for < **%totally unrelated%** @gmail.com>; Thu, 17 Oct 2013 13:22:02 +0200  
  
Received:  
from **%MTA of sender's ISP%**([**%IP of MTA of sender's ISP%**])  
by **%MX of intended recipient%** with esmtp (Exim 4.69 #1 (Debian))  
id 1VWleU-0004oq-JG  
for <**%intended recipient%**>; Thu, 17 Oct 2013 13:22:02 +0200  

Received:  
from **%sender's hostname%** (**%sender's PTR%**[ **%sender's IP%** ])  
by **%MTA of sender's ISP%**(Postfix) with ESMTPA  
id 3d0nyG0hwJz1741X  
for <**%intended recipient%**>; Thu, 17 Oct 2013 13:21:41 +0200 (CEST)  
  
From: **%sender's name encoded%**  <**%original sender%**>  
To: **%intended recipient's name encoded%** <**%intended recipient%**>  
References: <000c01cecb17$d9321ef0$8b965cd0$@tlh>  
In-Reply-To: <000c01cecb17$d9321ef0$8b965cd0$@tlh>  
Subject: **%subject line encoded%**
Date: Thu, 17 Oct 2013 13:21:41 +0200  
Message-ID: <00b701cecb2b$0dfd9d40$29f8d7c0$@**%sender's domain%**>  
MIME-Version: 1.0  
Content-Type: multipart/alternative;  
        boundary="----=_NextPart_000_00B8_01CECB3B.D1866D40"  
X-Mailer: Microsoft Outlook 14.0  
Thread-Index: AQGITggPsq7UFiUmFwcnkdC2rH3HB5qFuXTQ  
Content-Language: tlh  
  
This is a multipart message in MIME format.  

...and the intended_recipient's mail server has ipv6 enabled and working, but the rDNS is not set for their ipv6 address. Google recently started rejecting email coming in via ipv6 from an IP that does not have a PTR record configured for it.