That situation is precisely why I started my comment with
"unless you abandon mail relaying". If you insist on direct
connections between the initial sender (or an MTA that will take
responsibility for the sender and which you trust to do so) and
the receiver/ delivery SMTP server, then you are quite right and
the spoofing issue depends on control of intermediate routers
(and/or much more sophisticated tricks). But, as long as
intermediate SMTP relays (not routers, but at the SMTP level)
continue to be permitted, TCP is just not the issue because
there is no end to end connection.
The workings of most blacklists have nothing to do with this
because they depend on either most-recent-hop or on assumptions
about [dis]trusted SMTP servers at intermediate points rather
than, as this does, properties of the initiating sender system.
ah, then ip spoofing is not quite the same as hiding behind
someone else's mail relays. i admit missing the connection
you made there. but open mail relays are hated and justifiably blacklisted
aggresively (i am sure you know). its the right thing to do. ain't it?
no harm blocking someone who lets their mail server to be
used by spammers.