i generally do this from our firewall - just limit inbound from specific regions or geo-ip - but obviously depends on the firewalls ability on that. Agree would be a nice feature to have a geo IP block and block from all but known countries to avoid bad actors downloading from links forwarded or compromised.