No mail provider is going to be stupid enough to let a client application relay mail without the user inputing a username/password combo, and I would hope that most users these days are not dumb enough to blindly hand their mail authentication credentials to some random website. This leaves two options, forging the From: header or sending from your own domain. The former will get marked as spam by anything honoring/using SPF, so that is not really a smart move. The best option is to send it from your own site but include the inviters name at the start of the subject line (e.g. Subject: bob.jones@gmail.com invites you to try foo.com)
I used two pretty big sites (kayak.com and nytimes.com) in the last couple of days that put my email in the From: header. Admittedly as a result of my specific action, but that's a user contract issue rather than getting through spam filters - which they didn't seem to have a problem with.
If he's just talking about setting the From: header, wouldn't that make it even more likely to be marked as spam?