Your accounts are valuable, even if they're not valuable to you.

An old account with typical activity patterns can be extended some level of trust. If you sign up for an email address and immediately send a message with 100 recipients in CC, you're probably a spammer, so you get blocked. If you've used the account for years, ehh it's probably invitations to your high-school reunion or a donation drive for your Church, let's let this one through.

You can only extend this level of trust if you prevent your gullible users from constantly getting hacked; 2FA is one way to do that.