SPF, DKIM, DMARC are all about server reputation. They don't count as any sort of update to email and don't affect the protocol. These days regular non E2EE email is as secure as any other messaging protocol that relies on trusted servers. Since it is federated over multiple servers it is better than systems with just one server. You can choose who to trust and can even host it yourself.
Compare with Signal where there is only one allowed server entity and hardly anyone verifies identities making man in the middle attacks trivial.
Some of the details might of changed since publication. My current understanding is that Signal doesn't even bring up the idea of identity verification if a user has not previously done it. So if anything, things have gotten worse.
Compare with Signal where there is only one allowed server entity and hardly anyone verifies identities making man in the middle attacks trivial.