I currently don't have DMARC setup on my mail server (which runs for a couple of domains plus subdomains for me and a couple of friends/family), but have SPF records set appropriately and DKIM configured. We've not noticed any deliverability issues.
Though I'd be interested to work out (or, be told!) how this might affect this vulnerability. I always assumed that most mail servers both check against SPF records and verify DKIM signatures if both are present, rather than it being a this-or-that thing, so DKIM offering some mitigation is not undone by the presence of SPF.
I doubt it. Some servers may reject based on SPF when there is no DMARC policy but there is no way to know that DKIM is enabled unless you see a signature. So a spoofer could just not include a signature and the receiver would have no way of knowing if the message should be signed.
