Some firewalls can resolve names and using hostnames you create a deny policy outbound, however, that is not 100% because the firewall most likely will cache that info for a period of time, and most serious email providers that end users are using (hotmail, yahoo, etc.) are using multiple host records, and in that nearest cost in DNS, so while your firewall sees yahoo.com at 1.1.1.1 your end user lookup sees
2.2.2.2 and it won't block it anyway. That's been my experience so it's not 100%The exception to that is to implement content management at the gateway, either on box or vectoring, and you can do keyword blocking or URL blocking altogether.
Can you dig?