How about, instead of getting started, we accept that DNSSEC is a failed 21-year-long experiment, and figure out a better way to get the moral equivalent of HSTS and HPKP for email links?
The concern I have with DNSSEC is that if it's adopted --- where "adopted" means "by the major email providers and by browsers" --- there's not much you can do to protect yourself from the SIGINT agencies that control the top of the DNS tree.
If there was a significant benefit to users for DNSSEC adoption, I'd be my normal tedious "maybe it's good, maybe it's bad" self. But the benefits aren't there. Instead, DNSSEC will impose immense operational costs and in some ways reduce security: