Very Important: Do you control your firewall or mail server directly? If not (perhaps because you use a third-party hosted email service without this level of control), you won't be able to lock down your server directly. Instead, you can create a simple rule in your email software (e.g., Outlook) to remove email that bypassed MailRoute and was sent directly to your mail server.
I run my own mail server:
Restrict access to your mailserver to our block of IP addresses: This prevents spammers or viruses from connecting directly to your server and transferring unwanted email. In our experience, many spammers store away old settings, so some will have your old MX record archived, and will use that. Others use portscanning, or simple guessing to find mail servers that are accepting traffic on Port 25. Locking down this port allows you to prevent this from happening.
There is one potential "gotcha": if you do this, you need to make the appropriate accommodations for any mobile users you have who might be relaying mail through your mail server. Many of our customers will require these remote users to use SMTP authentication, or will add an SMTP service on a non-standard port (like 2525), and have their users connect there instead of Port 25.
All MailRoute traffic will come from our block of addresses. It's a block of 8 Class C networks:
CIDR notation: 18.104.22.168/21
Netmask notation: 22.214.171.124 with a netmask of 255.255.248.0
Address range: 126.96.36.199 through 188.8.131.52
Articles for different in-house server environments:
If you have further questions, please let us know.