I don't need to control your domain. If I control my own domain, which could be any throwaway domain I just purchased, I can get an SSL certificate on it.
And if I can point your MX records there, via hijack or any other means, then I have a valid SSL certificate for receiving your email.
And if I can point your MX records there, via hijack or any other means, then I have a valid SSL certificate for receiving your email.