With ActivityPub+Webfinger, we also know precisely who sent the message, with cryptographic signatures for verification, unlike email where From-address-level signatures have proven an elusive goal. The best you can do with SMTP in most cases is to verify that "a server that's trusted by the domain sent the message" but there are so many exceptions due to SMTP's architecture that it's really a crapshoot.
oblomov