Well, it's because until very recently, by default, mail servers were designed to relay email. So you could act as a client, connect to my mail server with a gmail.com address and my server was supposed to go: oh I don't have that address internally, but let me find that for you, ope, I found it, lets get that mail sent for ya there bud. That's how spam propagated and other malicious traffic. Actually I leaned much of this from a great ValueStack podcast with @Jameson Lopp. It was naively designed to handle high level routing and discovery, then was used maliciously and triggered an act of congress. Many mail servers have deprecated over the past couple years but I've found new ones. Postfix and Dovecot are still around, but good luck getting those up and running.

Well yes. But it has been the common wisdom to not run an open relay for at least a few decades. Is it still the default if you don't configure Postfix correctly?