I have no understanding of the technical side of this problem, but it seems to me that all this spoofy thingy is possible because we don't care to use Digital Signature (DS)? I tried to use it for private mailing when it was installed on my first computer (that is, the first with Internet access), but almost no-one had their email client set up to handle it. In Denmark we have another version of DS than the ones we all are offered via Microsoft, and we use it for addressing the authorities (we can do all of our taxes via the Internet only), and may use it privately. But no-one cares to use it for normal emailing because there are always someone who cannot open you mail because they have not installed this DS or they don't understand how to use it. And that may cause allow the actual problem.
Or am I completely mistaken?