By changing the way our receiving mail servers work, we can ensure that the sending mail server is who it claims to be. When a mail server receives a connection from another mail server, it could use the address claimed by the sender and try to establish a connection to that address.
If the second connection works, then the local mail server knows that the sender really can be reached at the claimed address. It can then use the original connection with some reasonable assurance that it is legitimate. If a user at the receiving end later complains about spam, this mail server has already ensured that the real sending mail server can be reached by an SMTP connection, so a complaint can be sent to the right place.
One way that the servers at both ends could be upgraded to assist in this would be to add an "Are you talking to me" command to extend SMTP. If the receiving mail server asks this while still connected to the sender, then the answer better be yes; otherwise somebody else is pretending to be the sender. To accommodate older (unmodified) sending mail servers, the receiver should also be prepared to handle the error response to the second request, possibly by accepting all the mail, but adding a warning header to the message indicating that it was unable to dynamically verify the mail connection.