[hsk823]

Being unauthenticated as a default certainly doesn't jive with modern security practices.

[jolmg]

SMTP is the protocol that's used to route email between servers. How is Fastmail supposed to authenticate with Gmail or Yahoo with Hotmail? Better yet, how is a new mail server in the internet supposed to authenticate with all existing mail servers? Really, authentication for all uses of SMTP doesn't make sense.

[closeparen]

If only there were infrastructure and standards for asserting ownership over domain names.

[crest]

Do you really want to put the power to block mails into DNSSEC the PKI operators?