I find the current rules based on overall and Org level too broad, and individual rules too specific. Introducing rules based on domain suffixes would provide a more balanced and effective approach for managing access.