I have a friend with a Yahoo mail account. She noticed that friends are receiving emails from her that contain spam links.

I looked at the header for the email and it's clear that the emails didn't come from Yahoo at all. Someone is simply spoofing her email address as the sender. What is strange is that Yahoo is happily approving this within their Sender Policy Framework.

It seems that it's using the email address suffix (I've replaced the real address with myemailaddress@ from yahoo.co.uk to eigbox.net). Then it's being approved.

Delivered-To: myfriend@example.com
Received: by 10.140.22.5 with SMTP id 5csp432449qgm;
        Wed, 12 Nov 2014 02:02:49 -0800 (PST)
X-Received: by 10.236.0.200 with SMTP id 48mr41877982yhb.79.1415786569453;
        Wed, 12 Nov 2014 02:02:49 -0800 (PST)
Return-Path: <SRS0=yEirhN=AC=yahoo.co.uk=myemailaddress@eigbox.net>
Received: from bosmailout04.eigbox.net (bosmailout04.eigbox.net. [66.96.188.4])
        by mx.google.com with ESMTP id z3si40854204qaj.112.2014.11.12.02.02.49
        for <myfriend@example.com>;
        Wed, 12 Nov 2014 02:02:49 -0800 (PST)
Received-SPF: pass (google.com: domain of SRS0=yEirhN=AC=yahoo.co.uk=myemailaddress@eigbox.net designates 66.96.188.4 as permitted sender) client-ip=66.96.188.4;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of SRS0=yEirhN=AC=yahoo.co.uk=myemailaddress@eigbox.net designates 66.96.188.4 as permitted sender) smtp.mail=SRS0=yEirhN=AC=yahoo.co.uk=myemailaddress@eigbox.net;
       dmarc=fail (p=NONE dis=NONE) header.from=yahoo.co.uk
Received: from bosmailscan01.eigbox.net ([10.20.15.1])
    by bosmailout04.eigbox.net with esmtp (Exim)
    id 1XoUlF-0002D8-8I
    for myfriend@example.com; Wed, 12 Nov 2014 05:02:49 -0500
Received: from [10.115.3.31] (helo=bosimpout11)
    by bosmailscan01.eigbox.net with esmtp (Exim)
    id 1XoUlF-0008UD-6a
    for myfriend@example.com; Wed, 12 Nov 2014 05:02:49 -0500
Received: from bosauthsmtp17.yourhostingaccount.com ([10.20.18.17])
    by bosimpout11 with 
    id Ea2l1p00M0N5uqq01a2oP7; Wed, 12 Nov 2014 05:02:49 -0500
X-Authority-Analysis: v=2.1 cv=GL6GE49K c=1 sm=1 tr=0
 a=f4kFLigMKr8AH7rIJ//qJA==:117 a=Ucc0vwuYEp1m9x8+LX/f5w==:17 a=pq4jwCggAAAA:8
 a=QPcu4mC3AAAA:8 a=z2mATNc-qwoA:10 a=jPJDawAOAc8A:10 a=BrDiTsk0AAAA:8
 a=Cxjgj1NQAAAA:8 a=r77TgQKjGQsHNAKrUKIA:9 a=9iDbn-4jx3cA:10 a=cKsnjEOsciEA:10
 a=SY3lr0oAAAAA:8 a=CRZNYA-b5yKqdm_edGoA:9 a=wPNLvfGTeEIA:10 a=_-HxDMq7NvwA:10
 a=94I9395znJMA:10 a=lCXqaazKXwcA:10 a=Pxhz28JneigA:10
 a=BCZKLY6wCJ1nRXa06OcA:9 a=0w8mRm1Z2Dm4xiXH:21 a=QEXdDO2ut3YA:10
 a=_W_S_7VecoQA:10 a=_N9xK0t-9icA:10 a=GcQu3N70MHwA:10 a=HdbAwMqyR8wA:10
 a=vsz4heGSqEAA:10
Received: from [202.84.35.209] (port=59658 helo=mail.pinoylaptoprepairs.com)
    by bosauthsmtp17.eigbox.net with esmtpa (Exim)
    id 1XoUlA-0002so-SP; Wed, 12 Nov 2014 05:02:45 -0500
Message-ID: <6E91985BA52A0DC1C041DC10E638FD58@mail.pinoylaptoprepairs.com>
From: "My Real Name" <myemailaddress@yahoo.co.uk>
To: "Friend" <myfriend@example.com>
Subject: =?ISO-8859-1?Q?FW=3Achristian_6?=
Date: Tue, 12 Nov 2014 11:02:37 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_BD7D_08CFD723.1B889F5C"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3522.110
X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110
X-EN-UserInfo: 9966b87bb763be7f77e4c657e3816d40:931c98230c6409dcc37fa7e93b490c27
X-EN-AuthUser: christian@pinoylaptoprepairs.com
Sender:  "angela lockwood" <myemailaddress@yahoo.co.uk>
X-EN-OrigIP: 202.84.35.209
X-EN-OrigHost: unknown

Is there somewhere in Yahoo's account settings that lets me prevent people using this account?

Surely the SPF should prevent this happening or is it simply a workaround that spammers use?