Yes, and the industry has been responding to it since approximately 5 minutes after Canter & Siegel started cranking out that green card spam in 1994. We have SPF, DKIM, DMARC, etc. _and_ more importantly, the victim in this case was using Google's mail client to access Google's mail service so they don't even need complex protocols designed to inform 3rd parties about whether a message is legitimate. If Gmail refused to accept any messages claiming to be from google.com which didn't originate from their servers, it'd be quite defensible given the ratio of attacks to the handful of legitimate cases where someone needs to do something like post to an outside mailing list using their @google.com email address.