I am a bit worried about blocking people with dynamic IP addresses say from their ISP, if they "inherit" an IP address recently used by an infected PC they will still be in the RBL and get blocked.
Machines on dynamic IPs should not be doing direct-to-MX submission, so block their entire networks with no looking back, eg use spamhaus PBL. In the spam business, nice, meticulous, conscientious people always get screwed.
The network operators should be blocking access from their subscriber access networks to port 25.
Len
