Most non web based emails go through whats called an SMTP server
All emails go through whats called an SMTP server.
However webmail is more difficult to spoof than non-webmail.
Open SMTP relays are gradually being closed down
Some ISPs run open relays with ACLs in place to prevent off-net usage. Pure open relays are the bad ones.
Let's face it, you can spoof any sort of SMTP server if you can relay through it, whether because its open or you've got credentials. That's why SPF etc. is out there.