I've always found that documentation confusing. It says that only "one" default marketing setting can be active, but this does not seem to be the case and Microsofts support department also instructs otherwise. We have a similar usecase, because we have 8 different domains for 8 different business units.
All these default marketing settings are configured per business unit (so 8 records) with 8 different content setting records. If you then assign these records to a businesss units team and make sure that the user of that team only has viewing access to the business unit that marketing settings records belongs to, everything will work fine. It will automatically select the corresponding marketing settings for that user.
In our case this means that every business unit has one business unit specific marketing team that the user belongs to. So if i work for business unit A, i can only view the marketing settings for business unit A and my emails will automatically be sent from test@businessunita.com instead of test@businessunitb.com.
However, the documentation is correct in saying that only 1 default setting is 'active' if your security role gives you access to multiple marketing settings. It will then automatically pick the first one. Nonetheless, the current 'tool' doesn't preevent the topic starter from reaching his/hers desired goal.
2. Yes authentication stays mandatory. You can't send mails from an unauthenticated domain.
