Overlapping Destination Ranges negate blocking?

A buddy of mine has installed ISA Server in his org and his using the 
destination sets to block spammers from his domain.  He's noticed that if there 
is any overlap between the sets specified that it seems to negate the rule 
entirely -- i.e. even though both ranges are supposedly blocked, if they 
overlap the mail from those sets doesn't get blocked.
 
Any suggestions on what he can do to more effectively block IP ranges?  It 
doesn't warn him, for some reason, if a set he's adding overlaps with an 
existing set.  Is there a better way to block spammers with ISA than using the 
IP ranges like that?
 
-Ben-

Other related posts: