It’s called a Joe-Job.
There is a technology to prevent this; it’s called SPF. Google is an early adopter but they are lazy and specify “?all” rather than “-all” in their SPF records. That means instead of the recipient being able to ask Google “Did you send this?” and hearing back “No.” they hear back “Dunno.”. Google doesn’t even do “~all” which effectively means “Probably not.”.
Not much you can do besides pester Google to fix their SPF records. But they probably have users who want to spoof their gmail.com address from wherever they’re sending, rather than send a proper SMTP envelope that will work with SPF. Too bad.
My SPF record has “-all”, so nyah.
This is as good an answer as I have seen so far. [MetaFilter.com]