Do you have an expectation of receiving any normal mail from that block? Korea has been assigned 211.32.0.0 to 211.63.255.255. in 37 blocks by APNIC. If not, simply block the entire range. If yes, either block smaller chunks, or block all but cut holes for the legitimate mail.
Have you tried asking Pubnet? (Yeah, I know, but I'm trying to be politically correct.)
[ ISP IPv4 Admin Contact Information ] Name : IP Administrator Phone : +82-2-3674-5890 E-Mail : snipped-for-privacy@pubnet.ne.krThe APNIC delegation files don't even agree even with the results of a whois query.
[compton ~]$ grep ' 211.5[0-9]' IP.ADDR/stats/APNIC | grep KR | cut -d' '-f1,2,3 | column KR 211.50.0.0 255.255.0.0 KR 211.53.0.0 255.255.0.0 KR 211.51.0.0 255.255.0.0 KR 211.54.0.0 255.254.0.0 KR 211.52.0.0 255.255.0.0 KR 211.56.0.0 255.252.0.0 [compton ~]$
whois at APNIC returns 211.54.0.0 - 211.59.255.255 being allocated to KRNIC as a single block, which really isn't much help. The 211.54/15 and 211.56/14 blocks were both allocated to KRNIC on the same day, so I don't know why they would be separately listed in the delegation file. It's not a CIDR issue.
Agreed - APNIC delegated it to KRNIC, and ARIN has nothing to do with it. (ARIN only has one legacy assignment to Korea - the rest having been transferred to APNIC.) DNS Stuff (and similar sites) are merely reporting the information they get from the RIRs.
I suspect if we understood Korean, it would be possible to frame a more appropriate query to KRNIC - but other than that, nothing official.
Same question - are you expecting any legitimate mail from China? APNIC has allocated 899 blocks to China totalling 73,519,360 addresses. Ignoring the
202.0.0.0/7 block (with 387 assignments to China - all but 21 smaller than a /18), this can be cut to only 99 rules (or less if you want to second guess APNIC). For that, see a country blacklist service. China has a national whois web pageOne point I have seen is that China seems to ignore the IANA requirements for reverse DNS, so you might consider setting your mail server to reject _at_the_SMTP_"EHLO/HELO"_ stage (and NOT afterwards) any host that doesn't match forward and reverse DNS records. I also noticed this with Korea to a _slightly_ lesser extent. This had a significant effect in reducing spam.
Old guy