DreamHost’s new certificate uses a wildcard subdomain *.mail.dreamhost.com, so it should now be possible to change your mail servers to a1.balanced.your-email-server.mail.dreamhost.com to get rid of the “host mis-match” error. This means that you no longer have to use the HOSTS-file hack to avoid the warning message.
DreamHost has also now created a certificate you can install to make DreamHost a Trusted Root Certificate Authority. This implies that your system will automatically trust SSL certificates issues by DreamHost in the future and you will avoid any warnings about the certificate being issued by a untrusted or unknown certificate authority.
Updated: Apparently this type of wildcard certificate doesn’t work with sub-sub-sub-domains in Outlook, Outlook Express and OSX? These users will still have to use the hack to avoid warning messages.