Isn't that already the case? Current-gen Intel and AMD platforms have IOMMUs; Linux supports them. Linux and Windows support disabling DMA without disabling the rest of e.g. Firewire.
Thunderbolt exposes PCIe-lanes, so you can pretty much attach any pcie-device that has drivers. If there are any drivers that do not use the IOMMU properly (just pass through everything?) then we're back to square one. And I don't think all drivers are iommu-aware.
The system should only hotplug devices/drivers with user approval.
But is that remote DMA? Controller/driver-managed DMA transfers in the fashion of "shovel the next X incoming kilobytes to this memory range" is not the same as arbitrary writes to host memory initiated by a device.
At least until we have some sort of IOMMU-based hotplug device firewalls in our operating systems.