Idle speculation: Perhaps a compromise position would be to allow this
sort of caching but to limit the period for which it may be
used. E.g. the cache must expire in no more than 1 day. This would
produce some bouncing but limit the scope of that bouncing. The
advantage would be that the attacker would have to mount a concerted
active attack over a period of a day.
I don't think this will fly. Any period of time during which valid mail will
be bounced is too long. Brief periods of time during which temporary failures
would result from a mismatch might be tolerable, but a day is too long.
I guess I'm of the opinion that such knowledge must be explicitly configured
if MTAs are going to fail if it is not accurate - MTAs should not be making
guesses.
Keith