Let me see if I understand this...
You do away with the whole PKI infrastructure and you check that a DNNSEC signed cert is verified by by the top level DNS servers and use this certificate to setup a TLS connection over which your usual SMTP type hello traffic goes over?
So nothing really changes in so far as MS GOOGLE and other NSA data providers are concerned because you don't encrypt the content but only encrypt the channel still. It's a bit a of as shame that eMail cannot use the certificates to encrypt the content so that only the domain owner can read it, but rather still encrypts only to the MX.
If you just wanted to verify the MX, which is all that you are doing, you could just check that the certificate it presents you is signed for the right host name, and you could still use the PKI.
I was never happy with the revocation thing in certs, but if you use short TTLs you can achieve that same without adding that complexity.