diff --git a/Changes b/Changes
index b0ee03d..e44b50b 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,8 @@
 0.41
 
+  Remove the auth/authnull sample plugin (there are plenty proper examples now
+  so we don't have to include this insecure plugin)
+
   POD syntax cleanup (Steve Kemp)
 
   Make connection->local_ip available from the Apache transport (Peter Eisch)
diff --git a/plugins/auth/authnull b/plugins/auth/authnull
deleted file mode 100644
index 1eefb9b..0000000
--- a/plugins/auth/authnull
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/perl
-#
-#  This plugin doesn't actually check anything and will authenticate any
-#  user no matter what they type.  It is strictly a proof of concept for
-#  the Qpsmtpd::Auth module.  Don't run this in production!!!
-#
-
-sub hook_auth {
-    my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) =
-      @_;
-
-    #  $DB::single = 1;
-    $self->log( LOGERROR, "authenticating $user using $method" );
-
-    return ( OK, "$user is free to abuse my relay" );
-}
-