According to the Reddit threads they are accepting spoofed emails. This is expected in the current dmarc/spf config. Ask them to change their SPF record from

    "v=spf1 include:spf.messagingengine.com ~all

to

    v=spf1 ip4:103.168.172.128/27 ip4:202.12.124.128/27 -all

They have no need for a soft fail and no need for the extra lookup as their record is tiny.

------

Also change the _dmarc record from

    v=DMARC1; p=none; sp=none; rua=mailto:e3936a44@inbox.ondmarc.com

to something like:

    v=DMARC1;p=reject;sp=reject;np=reject;psd=n;aspf=s;adkim=s;rua=mailto:e3936a44@inbox.ondmarc.com;

after reading up on the options, understanding the implications and setting the TXT record TTL's to something like 5 mins until it has been in place for a month, then putting it back to 1 hour or longer. The rua has been in place long enough to know what problems it will cause. Be fearless and cause some problems then fix the problems. psd= may have to be different but only fastmail staff would know for sure.