[ahje]

DMARC could solve this problem, but it would break a lot of things reliant on forwards. When Yahoo set their DMARC policy to reject, there was quite a stir about it: https://www.ietf.org/mail-archive/web/ietf/current/msg87153....

In this particular case, it seems the major issue is that spammers got access to 69.64.35.11, which is included in telus.com's SPF record. In the end, this will hurt deliverability for legitimate emails sent with telus.com in the return path, and I suspect telus.com's customer service will have some explaining to do for their customers.

[massaman_yams]

ARC is the new standard designed to fix the DMARC edge case with forwarding. It's relatively new, though, so adoption isn't nearly as widespread as SPF, DKIM, or DMARC.

[sounds]

ryan-c comments below that the 'exists:' config at Telus allows any IP to send mail.

Spammers seem to be abusing this hole.