We don't want the code to have to care what environment it's in. An application that is designed to send notifications to customers should simply send it. If it's coming from the devel box, we catch it before it leaves the box, but I don't want the code having to look it up. And I definitely don't want to leave it up to each programmer to make sure he doesn't accidentally spam our customers.
Besides which, we've got thousands of files that have potentially hundreds of instances of mailing directly from the webserver. We need a solution that we can implement while we work on fixing all the code. (Yes, we're already working on making everything use one method that we can control.)
Second, we're using qmail. Google found me a HOWTO for a simple configuration to say that specific users can only send to specific domains. All we have to do is configure the user the webserver runs as to only send to our own domain.