We block Authentication by Country ( Manage -> Settings -> General ) -- set to block all countries except where your clients would login from. For ours, we block everything except our US and a couple EU countries.
That at least prevents any "leaked passwords" from eventually getting used and an account being spammed from (or worse).
In the case of your situation - sometimes you can block more than just the /24 -- like this IP from your list above:
Blocking the /14 would get you 260k blocked IPs instead of 255
We utilize a 3rd party application that allows us to block entire ASNs at our edge - and that makes a world of difference - plus as their IP ranges change, our rules update.
MailEnable survivor / convert --