Spoof IP dictionary question
I'm trying to setup a filter and corresponding dictionaries for a client getting way more spoofed emails recently than before. I've setup the filter using the To and From conditions using a dictionary with their valid email domains (following this guide - https://www.sonicwall.com/support/knowledge-base/how-to-block-a-spoofed-spam-with-the-same-from-and-to-email-address-using-our-custom-policy-filter/170504382082588/). I added a condition for Source IP - is not - use dictionary with IPs listed from MailChimp, SalesForce and other mailing services the client uses, but it's still sending the emails to the users' junk boxes. Can I use CIDR format in the dictionary for the valid IP dictionary? I haven't been able to find an article with a definitive answer. Thanks for your help!