Sounds like you're talking about the privacy flags option
("Op") in sendmail 8. If you have "authwarnings" on for that
option, it will insist that it gets a HELO/EHLO before the
mail is sent, but all that does is makes sure the person
sending the fraudulent e-mail has to type "HELO foo.bar.com".
It doesn't attempt to verify it. It's why you see some e-mail
around now from mh users that says "X-Authentication-Error:"
It's worse than that. I can telnet to, say, uunet's port 25, but
still send mail to some other host, and from some other host.
In fact, I hand-sent this message using just that technique, as a
glance at the Received: lines will show.