Using gmail you can put in any from address it seems and gmail doesn't check you have access to that mailbox and that it is legitimate.
The underlying mechanism for email delivery (SMTP, orignally defined in RFC821. Note that this does not define the format of the message, only the delivery mechanism) has no mechanism for verifying that the address in the MAIL FROM command is one owned by the originator of the message, nor should it have. Further, the MAIL FROM line is not necessarily the same as the From: , Sender: or Reply-To: lines in the header of the message, indeed unless one of the MTAs that the message traverses as it wends its way around the internet writes an Envelope-From: or similar line into the headers, the actual address supplied in the MAIL line by the sender may never appear in the message on the recipient's computer.
The fundamental design of email transport is unchanged in the last 30 years. While the specification has been tidied up, support for domain names added and some extensions added, it works just as it always did. I cannot see how it can ever be changed in its core functionality without catastrophic consequences.
Basically, anyone can install an MTA on their computer and use it to send emails without needing to relay them through their ISP or Gmail or yahoo etc. No one, not even google, can restrict the number of emails that are sent bearing a From:
something@gmail.com header or MAIL FROM: <
something@gmail.com> line in the SMTP envelope, because google do not control every MTA on the planet.
The best MTAs are open source and the tools to build them are also open source, so any sender checking that might hypothetically be included could just be patched out anyway. The people that develop and maintain this stuff absolutely do not want things to go closed source, commercial and proprietary, so they won't.
