In the best of a company's interests, a good sysadmin will block dynamic IP adresses as these are a hotbed of spambots.
If you have directors travelling around who need to send mail, you'll be out of a job. You cannot just block all dynamic IPs. What you can do is allow authentication, and reject mail from dynamic IPs who haven't authenticated.
Well the only way anything gets blacklisted is if someone is doing spam
And that someone doesn't have to be you (or your clients) for your IP to get blacklisted. Idiotic "nice" features like bouncing mail with a cute message if the e-mail address is wrong, out-of-office replies, and forwarding all mail to an off-site address where you have no control over the mailserver hosting this off-site address) will all get you blacklisted without even trying.
Think about it. Spammer sends a mail to
[email protected] - a bogus address. Like any true spammer, the Return-Path and From headers are both forged (and probably don't match anyway). Your server accepts the mail, sees, "oh dear, there's no such user," then sends a cute message back saying "sorry, I don't know who this is." This message, still containing the spam, goes "back" to someone who didn't send it to start with. They bitch at their ISP, their ISP blacklists takes the steps to backlist you.
Same thing happens when you forward mail off site. Your server accepts the mail, tries to forward it. Remote server is a bit tight-ass about what it accepts, and rejects some of the spam. Your server is now stuck with it. What does it do? Return it, of course. Repeat the previous paragraph. I see servers setup in this way on a daily basis. People configure a catch-all, then forward it to their hotmail/yahoo/gmail account. And then wonder why legitimate mails they send to someone's hotmail account don't show up.
i have a problem where i changed my domain completely as people were using my domain name to send out junk emails..
They weren't using your domain, they were forging it. That's what SPF is for - it's an anti-forgery tool (not anti-spam, which most people seem to think it is).
Also one more thing is phishing - i know that many domains are blocked temporarily bacause their domains are phished for sending spams.
Some overzealous admins will setup some rules to reject/drop mail coming from domains that are popular targets for phishers, without checking where the mail really comes from. Dumb idea.
Again SPF is your friend. Paypal is a big victim of phishing. Yet their mails are deliverd. Why? Here's why:
$ dig paypal.com TXT
; <<>> DiG 9.4.1-P1 <<>> paypal.com TXT
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34124
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;paypal.com. IN TXT
;; ANSWER SECTION:
paypal.com. 3600 IN TXT "v=spf1 mx include:s._spf.e bay.com include:m._spf.ebay.com include
._spf.paypal.com include:c._spf.eb ay.com include:spf-1.paypal.com ~all"
Implement SPF checking on your server, and you won't be bothered with paypal phishing mails because your server will know if a mail is really coming from paypal or not.
