CyberSmith@Josh I agree that it should be more widely adopted. It seems like such a low bar to help reduce the amount of crap in an inbox. The ISP doesn't even have to send reports to those requesting it if they don't want to.
@Josh ah right, it's been a while since I've thought about DMARC, the ISP is telling others that the spoof can go through if they want. Do they have an spf and dkim setup already? If so, that's like setting up a tent then being like "well, all done here! time to go home!" and leaving the tent set up