Re being super cautious not to make false positives by total IP/Domain blanket slapping
You would have thought the hundreds and I would hope thousands of marked as spams from early on, all generated from a VPS IP range should be pretty safe to block (or not block. But at the very least lower the integrity rating and auto-mark as potential spam and not put in the inbox..) would be a whole less likely to have any false positives from it given the numbers being dropped at any one time.
Or at the very least pestered the hell of the host to do something about investigating if the mail is infact from there how soon people are spinning up mail servers after free signup and sending traffic 10000%
Even the last 15 or so I just marked, with different FQDNs being presented are from the same range.
Spam out of VPS ranges is probably now the worlds biggest vector (as opposed to, perhaps, botnetted home connections).
(No facts to back that up, but I agree it's prolific these days. OVH in particular spring to mind)
I have no first-hand knowledge of Spark's UI for customer purposes, but my chief advice is: keep reporting false negatives. Do it diligently and you will see improvement over time.