Some of the messages that we received with this NDR said brightmail was blocking us.
Mail from this IP address is not allowed. Your computer has been identified as a compromised machine which needs to be cleaned in order to send email to Bellsouth. Please run an updated anti-virus/anti-spyware program on your machine immediately. If you believe this message is in error, please contact BrightMail at firstname.lastname@example.org
I actually contacted the review.symantec.com and they looked over the IP and said that the old IP was blocked but our new IP isn't. They also said our old IP was flagged as sending out SPAM messages, the same thing it says above. Most importantly they said that they would take me off the block and monitor the IPs to ensure we won't get blocked again.
Within all this time I never once received an actual "SPAM" message that we've supposedly sent. Not a single admin out of all the ones I contacted could give me an example of the "SPAM" we were sending out. Brightmail however did confirm that we were blocked at one point.
So far since I've switched the IP address from the original comcast address to one of the others that they gave me I haven't had any problems. It's been about a week today. I know it's a hassle but I would try using a different IP, if you don't have one demand another one from Comcast. As time goes on I feel it was less likely that we were actually sending out actual spam.
One thing I did do that may have helped is I set my Mail Filter (xwall) to discard SPAM e-mails instead of sending NDRs. I think this did help because we were sending thousands of NDRs a day, and with the recent NDR attacks we may have been added as SPAM if users were flagging us as SPAM.
Part of me also thinks that Comcast is doing something wrong, but I wouldn't know what to tell them if you called. I do know that they never really know the answer to half of the questions you ask and what they'll probably end up doing is just telling you 1) the problem is not on their end, or 2) they will give you a new IP address.
Let me know if you try any of this and it works.