The simple answer is that SMTP does by default not require authentication just like snail mail. Everyone can write any sender address on an envelope and send it to you. Why do you trust snail mail? Maybe because it is signed? So why do you trust e-mail if it isn't (digitally) signed?
So the answer to how to avoid faked e-mails to my users is not by some rulesets in sendmail to maybe avoid some forms of forgery, but by digital signatures as available via PGP or S/MIME.
Note: even if an (e-)mail is (digitally) signed, you can trust it only if you can verify the signature. For PGP this refers to the Web of Trust, for S/MIME it relies on a hierarchical approach.