Spam email, fake email, unencrypted email, etc. That has a real-world effect and has absolutely no solution at the moment
Span is not a technology problem, it's a peolpe problem. As such, any technological attempt to fix it will necessarily fail.
Fake email is fixed by the technologies you mentioned - and you can see by the slow uptake that the bigger problem is that most people just don't care. Implementing SPF takes around 30 seconds for a simple domain[1]. Any domain not publishing a record is demonstrating how much they care. And anti-spoofing isn't an all-or-nothing affair; every domain that published a record, every server that puts a filter in place makes spoofing that little bit less viable.
Unencrypted email? We've had email encryption for *years*. Any MTA of note has the ability to use the STARTTLS verb, meaning in-transit email is always encrypted. This can be either opportunistic (encrypted, but vulnerable to MiTM) or verified (requires a publicly-trusted certificate) - and yet many, many domains just don't use it at all, even if they support TLS on inbound email. Until you can get people to care about encryption, you won't see it in many situations.
As for end-to-end encryption, we;ve had that for years as well. It's really not difficult. And yet the only encrypted email I've ever received has been as part of my testing; in practice, just about no-one cares enough to swap keys. This isn't a technology problem, it's a people problem.
Why does DNS not hold a set of public keys for each domain that are used to encrypt email to that domain
You don't need DNS for that. All you need is a certificate. And yet hardly anyone gets one.
But email still be open to a network sniffer at any point along the way to your destination
It really isn't, unless you're talking about sysadmins who don't care at all.
Vic.