The issue with emails is worse because spam is unsolicited and can be sent from anywhere. That means that basically anything can be used to send spam, from botnets to miss-configured SMTP servers.
On the other hand your fingerprinting/mining JS has to be served by a website that people willingly browse. That's a much higher barrier of entry and means that you can't just change your server's domain every hour lest you manage to convince your partner websites to update their code as frequently (which in turn might end up blacklisting them instead).
malicious advertising networks and advertising/JS botnet things have used fast flux DNS for a long time now. It's fairly standard practice for hostnames and IPs of things serving malicious content to have extremely low DNS TTLs, the malicious actors have scripted/automated their changes.
Right, but you still have to convince the target to load that code willingly (directly or indirectly) so it's still harder than email. I except these shady networks to be mostly used on shady websites, so you can block them "at the source" so to speak.
On the other hand your fingerprinting/mining JS has to be served by a website that people willingly browse. That's a much higher barrier of entry and means that you can't just change your server's domain every hour lest you manage to convince your partner websites to update their code as frequently (which in turn might end up blacklisting them instead).