An interesting article by Lifehacker. Briefly: in 2003, they started using the SPF (Sender Permitted Form/Sender Policy Framework) system, but this needed to be manually updated (i.e. slow). SPF fails may be "hard" or "soft", and different mailing systems handle failures differently. In 2012 the DMARC (Domain-based Message Authentication, Reporting, and Conformance) was introduced, but this requires sending domains to participate, which many domains don't, yet. (facebook.com does, but fb.com doesn't).
One trick is you can use "View original" in Gmail, and look for the line Received-SPF: to see if the sender's IP is authorised to send email from that particular domain in the SPF system.
Aside: looks like I'm using this blog to keep track of interesting articles. I wonder if this is what Pinterest is like? I can't figure out that site.