Not clear. SMTP can relay a single copy of a message to multiple
recipients at multiple domains. Your suggestion would force a
separate TLS session, or a separate SMTP session, for every distinct
recipient domain.
Yes, that's true, but that's inherent in the "one certificate"
model.
Not quite inherent -- if you verify against a SubjectAltName dNSName
you can decide the certificate is valid for many domains.
Like I said earlier, if you want to have some set of
certificates vouching for MX records, then you want DNSSEC.
But I agree with this.