That's Exactly what I am saying. By looking at the received from line instead of the message id, you already get the inaddr.arpa address, so check for the From domain there and you have your self an domain spoofer check.
There is nothing stopping spammers from adding fake legitimate recieved headers..
Cami
