If you had access to a public key for every email address then why stop at authentication - you could encrypt all email on the web. But we don't, so we can't.
Authentication in this context doesn't need to be end-to-end. Instead of a custom protocol, we could probably just use SSL client certificates authenticating the sending domain to achieve the same effect.
