No, because SMTP "accounts" are trivially spoofable as well. (Edit: Although you wouldn't want to spoof that if you need to get replies, so maybe there is something the client can do here.) Maybe you could try to do some kind of trust-on-first-use on the chain of Received headers but that's going to generate false positives.
We do have several solutions in place for that, though. SPF, DKIM, among others. If this University were running on gmail I suspect this email would have been flagged for phishing (the builder did publish an SPF record), or outright rejected. However they run their own email servers[1].
[1] - They could of course do the same checks and even more, but among self-hosted installs it is common to disregard those additional securities.
