Tools like SPF and DKIM exist now for mail servers to double-check that the email originates from a machine which is authorized to generate email for that domain.
If a message arrived and such settings aren't properly configured, many email providers will reject the message on the assumption that it's malicious.
That's like saying "haven't computers always been able to run malware?" below an article describing a vulnerability that allowed bypassing code/apk signing. Just because a different vulnerability with the same impact existed, and was fixed, 30 years ago doesn't mean this one isn't new and also valid?
It's still easy to fake what shows up in a user's mail client. I see tons of spam and phishing sent with invalid information in the short headers, which is enough to fool most people. The progress has been in mail servers/filtering that catch when validation checks fail so that ideally spammers aren't able to abuse a mail server in the first place, and when they do those messages don't reach people's mailbox (or if they do they hit the spam folder).
