There's still a timing attack there, just compare the time it takes for the server to send the email, instead of the time it takes to return the message.
You can leak that data in a number of ways. Trivially, the server might timestamp the email. Less trivially, you could position yourself on the same network as the server and just time how long it takes to receive the email (I'd opt for this technique personally). You might be able to monitor IP IDs of the mailserver to see when it sends an email (technique: http://nmap.org/book/idlescan.html). The emails themselves might have some kind of predictable sequence/message ID in the headers so you can cause the server to send many many emails and watch for the sequence increment. You could create a custom DNS server for your email domain that causes the email server to hit your DNS and log when the lookup was made. Probably other techniques.
edit: Not to mention that this chart still leaks the fact that joe@example.com is or is not a member of the site in question.