That's not true. SPF and DKIM were explicitly made to prevent email forging by authenticating the server, and the server is responsible for authenticating the user.
Please name even a single major mail provider that allows to send emails with arbitrary "from" headers.