Track down the spammers and bust their kneecaps. Other than that (or slightly less violent solutions such as sueing them), not much.
Coincidentally, a proposed scheme to combat such fraud was discussed on Slashdot just today: http://spf.pobox.com/. Similar schemes have been proposed in the past as well; they al rely on the owner of a domain publishing a list of IP addresses which are authorized to relay mail for that domain. Mail servers should then be configured to discard (without bouncing) any mail from a server not on the list.
Unfortunately, none of these are currently being deployed widely if at all. And anyway, they all rely on the admin of the receiving server to cooperate, so the problem is not going to be solved anytime soon.
Just so you know, this kind of thing is called a “Joe job” when done deliberately with the intent to cause trouble for the entity whose address is forged.
For a very detailed report of such an incident and how damaging it can be:
Question 10 answers your question of what can be done about it (not much).