Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX
record. We do DNS for some of our customers, and can add this trivially;
the others control their own zones. Works for me.
I'm afraid the technology to rapidly sift through large volumes of
information to search for specific areas of interest is widely available.
It is totally reasonable to not want to send mail through your ISP's
mail servers and perhaps directly to a trusted mail distributor over an
encrypted link. Of course, you can easily use a port other than 25 for
this purpose. The problem comes when the recipient tries to validate
your origin address against your secure mail server.