The step to go beyond that, of course, would be to use DANE with the SMTP connections so that the entire mail exchange could happen over TLS and using certs that have been validated via DNSSEC/DANE. But first step is to get the MX records signed and to have DNS resolvers validating that fact.