According to your line of reasoning, the Best Practice for SMTP STARTTLS is to not use STARTTLS at all, since opportunistically encrypting email is “a lot of work for marginal gain.”
Maintaining remote state information may be a lot of work for you but that doesn’t mean it’s that way for everyone. For some of us, it’s a half dozen LOC to insert a key/val into Redis after a successful validation and a half-dozen more LOC to check the key-value store when future validations fail. It’s not hard. At all. Anyone doing remotely advanced filtering should have this ability already, as TLS certificate validation should be an input into their remote reputation engines.
Yes, TLS validation is premised on reliable functioning DNS. Are there edge cases where DNS can be subverted? Certainly. Should we forego any type of security improvements that involve DNS? To each their own, based on the thickness of their tinfoil hat.