I don't understand some of these.
2. Make SMTP AUTH (RFC 2554) a MUST.
Why? I'm currently doing this using STARTTLS, which also
authenticates. I agree that some authentication might be reasonable
as a MUST, but I don't see any reason to tie it explicitly to AUTH.
3. Make STARTTLS + SASL PLAIN (RFC 3207, RFC 2595) the mandatory
to implement authentication mechanism.
See above.
4. Make 8BITMIME a MUST.
I'm not sure about this one. I can see wanting to make clients
simpler by giving them a guarantee that they never have to do 8->7
bit encoding. But they probably have to anyway to deal with legacy
systems -- submit hasn't taken the world by storm, alas.
Also, in environments where the next hop MTA doesn't support
8BITMIME, you've put yourself in a situation where either (a) the MDA
has to implement encoding, or (b) you might find yourself dealing
with a lot of bounces, which will require that the client encode,
bringing us right back to the previous paragraph.
Perhaps it's too early to be arguing the details....
eric