That doesn't bring a lot of extra security though, because there's no name verification. I can get a valid letsencrypt cert on anyrandomdomain.com, and if I can hijack your MX and point at it, it's "valid".
I don't need to control your domain. If I control my own domain, which could be any throwaway domain I just purchased, I can get an SSL certificate on it.
And if I can point your MX records there, via hijack or any other means, then I have a valid SSL certificate for receiving your email.