@72522  @mdk is correct, my aunt and two friends have had their contact list compromised, one is Shaw email and two are on Telus. This happened to them years ago and I still get the occasional email from that source, Shaw mail servers did identify them as spam.

@72522 - it seems likely that many of your friends have "@shaw.ca" IDs, and it is probable that a least a few of them have had their ID/password compromised, either because their password was "too simple", or because they got "phished", and surrendered their ID/password to scammers.

So, if one of those compromised IDs had the E-mail ID of that Legion in their "Contacts", those E-mail IDs will be "spoofed", forever, to appear to be the sender of E-mail, or to be targeted to be recipients of spam messages.

I doubt that Shaw's mail-servers and account-management servers have been compromised.  So, there is little that Shaw can do, except to enforce more-complicated passwords, and to demand that its customers use Multi-Factor-Authentication.  A few years ago, Shaw "out-sourced" its E-mail processing, including spam/scam detection.  That was a good move.  Even more years ago, Telus similarly out-sourced their E-mail processing to Google. 

Sometimes, its better to hire a worker to mow your lawn, rather than doing it yourself.