It’s not that difficult. Artists, original creators will write down their .eth or wallet address on their profile. Or just compare the timestamps of the creation of the smart contracts and the tokens.
That doesn't solve the issue. You have no way of knowing if the art I'm selling as NFT was made by me or if I copied it from the webpage/DeviantArt of an other artist. Being the first to create an NFT of an image doesn't mean you created the image. And if the images are slightly edited to prevent google image searches (or similar technique), people might never know that 3 people are selling the same stolen image.
That’s why I’ll rely on the .eth or wallet address listed by the artist on deviantart. NFT buyers buying from scammers aren’t doing their due diligence to check if it’s legit or not; they could simply contact the artists directly to confirm if the listing is real.. I’ve done just that, contacting the artist directly to make sure.
If you ask “well, how do you know that’s their real deviant profile?”, at that point, it’s not a crypto/NFT problem, but an identity problem. My understanding is that keybase.io was one way to do that, but I never used it so I can’t say much. What if a scammer registered the keybase first before the real artist? Not sure what happens in that case.
It’s both. The artist registers an .ETH name and/or puts their wallet address on their profile, and the NFT proves that the artist originally created the smart contract, and/or minted the NFT, and is now owned by the user, shown on the chain.