So it seems to me that even Harald's list of cases in which this approach won't work and isn't applicable should be longer and even more qualified. Put differently, while the numbers may be large, it appears in practice that this approach is (even potentially) applicable to a very small number of types of cases and configurations and that the document should be very clear about that, characterizing those cases in as much detail as possible.
I think the problem that we're trying to address here is setting up a MUA and wanting to ensure that it's talking to the correct SUBMIT, POP, and IMAP servers. You're right that there's all sorts of private networks with mysterious naming, but every smartphone has an MUA that usually does SUBMIT and IMAP, so it would be nice if the phone's MUA could reliably configure itself with minimal help from the user.
Verifying SMTP servers seems like a much easier problem -- the MX records are signed with DNSSEC, and the SMTP server presents a certificate with the right name, either signed by a mutually satisfactory CA or verified by DNSSEC signed TLSA.
R's, John