I run some summaries about spam-sources by country, AS and containing BGP route.
These are from a smallish set of servers whole March aggregated. Percentage indicates incidents out of total.
Conclusion is that blocking 25 inbound from a handful of prefixes would stop >10% of spam.
+---------+------+ | 26.8013 | US | | 25.6489 | KR | | 11.2896 | CN | | 4.3139 | FR | | 2.8045 | BR |
+---------+----------+ | 11.3916 | 4766 | | 6.3791 | 9318 | | 5.1094 | 4134 | | 3.3910 | 7132 | | 3.1717 | 29963 |
+--------+------------------+ | 2.0754 | 207.182.144.0/20 | | 1.7184 | 4.0.0.0/8 | | 1.3054 | 82.224.0.0/11 | | 1.1116 | 221.144.0.0/12 | | 1.0963 | 207.182.136.0/21 | | 0.9943 | 61.78.37.0/24 | | 0.9586 | 218.144.0.0/12 | | 0.9484 | 222.96.0.0/12 | | 0.7394 | 222.65.0.0/16 | | 0.7343 | 211.200.0.0/13 |
Pete