what this should be about is DANE
If people deploy this then things get a lot easier and trustworthy in TLS...
The bonus is that its not tied to a Certificate Authority (CA) if you don't want it to be, which most mail servers is a good thing as they often have self certified certificates and if you have a Certificate from a CA then hey use it and declare it via DANE...
you can test here : https://www.internet.nl/test-mail/
strangely the dutch security service demand this as a secure channel I wonder what they know (-;