There are a few ways to deal with this. However a few things:
1) We don't resolve off of our authoritative servers at the office, so it wouldn't affect our office web surfing or email.
2) We are already switching to a setup where mail and web machines will be resolving off of caching-only servers which are not slaved to the authoritative servers. Thus, our customer-facing servers will all "see" the same thing that the real world sees. Only catch is if a customer is on the same group of mail servers, and that mail server is configured to accept mail locally for a domain, the mail server may still accept it even if it sees that it's not an MX for the domain.
These changes are long overdue, and are partially designed to help reduce the chances of problems like this coming up.
3) We do already have a number of commonly added domains that we know we don't own and that people might try to spoof setup as domains that can't be added to the system.
There is a pretty interesting paper that was released about this a while back. Other than separating authoritative and caching functions as much as possible, there's not really a lot that we can do without implementing much stricter checks. If this type of thing becomes more of a problem, we may have to do that.