Maybe, maybe not. It could be his machine is infected and is spewing forth spam, but not necessarily. It could be another machine spoofing his email address.
The full, unredacted headers from a few of the spams would be helpful, but I suggest you not post them publicly. Also, the suspect computer's local and Internet IP addresses and the results of a netstat -v run on the suspect machine with all applications closed.
Or, you can just advise the user to run a virus scan. If they have no virus scanner (or if its integrity is suspect), then download and run MalwareBytes Anti-Malware. That would be a start.