Every times when WebPKI or certificates policies changed, we get some people yelling, some of them are just don't like change, but lots of them are relying one of the changed policies that are not the intended usage, like "I'm getting troubles on my always offline systems" or "My IoT devices...." when 47 day policy comes, this is why you need to generate your on root CA.
Sounds like some mail servers are relying wrong function to check the origin, the correct way is SPF+DKIM+DMARC
People are previously arguing reverse DNS lookup is important for mail servers, but since DKIM become supposed on most mail servers, this problems are gone, not to mention reverse DNS still not an option for lots of providers.