Actually, transit providers are one of the groups that can't reliably apply BCP38 or RPF. BCP38 and RPF is very easily applied at the edge, where you know specifically the IPs involved, since they're either connected or statically routed. Now, when you get into things over BGP, it gets dicey. You may see traffic over a BGP-managed link from an IP that isn't involved in the received prefixes, but yet still belong to the specific peer. Is this an error? No. Is dropping the bits on the floor because you're not seeing that prefix an error? Most definitely. Not announcing a prefix over a link is a common traffic engineering practice, so this isn't an uncommon scenario. Another option to work around that would be to have a prefix-list with all of that peer's possible prefixes and build an ACL off that, but that's also not always tenable when you're potentially dealing with 1,000s or 10s of 1,000s of prefixes for the larger networks. Nice thing is, at this level, usually you can bust out the sFlow/NetFlow-fu and find out where the spoof is coming in from, and then whack it at that point.
But looking at the OpenResolver project list, when broken out by ASN, it really looks like a huge amount of those open recursors are CPE gear with WAN-facing DNS services, just based on the ASNs. China Telecom (AS4134), Uninet (AS8151) and Turk Telecom (AS9121) accounted for 3.5 million (15%) of the recursors alone.