You can do this with pretty much any mail client program in existence, so it's not a new issue.
It might be nice to have the option to lock identities to @yourdomain.com, but some people rely on the fact that they can put any e-mail in there, especially if they have multiple addresses filter into one single account.
There are also very few mail servers out there that restrict this on the SMTP level (Verizon used to, I don't know if they still do) It's also one of the things that SPF is trying to protect against.
It's one of the many fundamental flaws of SMTP...