Thank you Mr. Edmunds, "the head of technology from the cybercrimes division of the U.K.'s National Crime Agency" for informing the citizens of the U.K. that their "head of technology from the cybercrimes of the U.K.'s National Crime Agency" is technically incompetent, and is utterly clueless on the subject matter he's blathering about.
There's nothing about SPF, Dmarc, or DKIM, that magically identifies the attached email as spam or not. There is no such tag in the email that identifies it as such. All that those technologies do is establish, in varying degrees of certainty, that the purported sender of the email is who it claims to be. Which, obviously, has nothing to do with spam.
As Benny Hill would've said: BIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIG deal...
More than half of the crap in my spam folder has DKIM headers. I have SPF validation turned on. More than three quarters of the spam in my folder passes SPF checks. That pretty much there makes Mr. Edmunds look like a bloody moron. The only fact that they establish is its proven sender's domain name.
SO FUCKING WHAT? Did someone drop this moron in his head, as a child, or what? Is it too much for that knucklehead to comprehend that anyone can register a new domain, establish valid DKIM and SPF keys, to authenticate the domain, that start spewing spam, non-stop, from it? And every last drop of that spam will pass every SPF, DKIM, and alphabet soup that he throws at it. It is true that some portion of the spam from hijacked and hacked zombies will fail SPF/DKIM validation. But this will fail, by far, to be the complete solution for spam, unlike what that knucklehead claims. Is this really so complicated to understand?