Seems they are cheap to set up, spammers set up domainkeys / SPF too!
Here’s a spamassassin rule (don’t use it if you get valid mail from .tk):
header NAUGHTY_FROM_TLD From =~ /@[a-z0-9\-\.]+\.(tk)/i describe NAUGHTY_FROM_TLD From address is from a naughty TLD (eg .tk) score NAUGHTY_FROM_TLD 2.8
UPDATE: Looks like the spammers get a free .tk domain, rent a temporary DigitalOcean box, set up spam relay on it and blast out mail until it gets shut down.