if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?

No. Incoming mail is more important than outgoing mail, and we have to expect poor support from other users.

In other words, be strict in what you send and lenient in what you receive. (Or whatever words that was originally stated with.)

In addition, I might legitimately send mail from one domain via another domain's server. I, in fact, do that regularly right now, when sending mail from my personal domain address from work.

There are conceivably other options, though, even ones that involve crypto. I just don't think that that's the right solution.