* No authentication scheme
People do, however, use it because there
currently is no realistic widely deployed alternative available. Those
that are currently available (e.g. SPF) are not widely deployed, and
in any case are far from perfect. Whilst we have no hammer, people will
keep using the screwdriver to drive in nails, and who can blame them?
Another way of saying this is that every ISP who
operates an SMTP server on port 25 which is willing
to accept incoming email from unauthenticated sources
is guilty of destroying the end-to-end model of the
Internet and pushing us to a centrally controlled model
where ISPs run walled gardens.
It's that simple.