If an account if disabled due to being in the bounced email status, you can successfully trigger a password reset (which sends an email). On successfully resetting the password via the link in the email, the account remains in the 'Email invalid (bounced)' despite obviously having a working email address.
The expected behaviour is that if the password reset is completed, the 'Email invalid (bounced)' should be cleared.
Good idea. Email_bounce and email_confirm_edit can go straight to the valid state here; email_confirm advances the user state, which might go to manual approval (but will probably go to valid as well).