tantek!tell elf-pavlik note that SMTP provides no such authentication either, thus anyone can configure their email client to pretend to be anyone on W3C mailing lists. And sadly, that looks more "official" because email has a more "formal" UI, thus is more capable of harm.
