Do you have an expectation of receiving any normal mail from that block? Korea has been assigned 18.104.22.168 to 22.214.171.124. in 37 blocks by APNIC. If not, simply block the entire range. If yes, either block smaller chunks, or block all but cut holes for the legitimate mail.
Have you tried asking Pubnet? (Yeah, I know, but I'm trying to be politically correct.)[ ISP IPv4 Admin Contact Information ] Name : IP Administrator Phone : +82-2-3674-5890 E-Mail : email@example.com
The APNIC delegation files don't even agree even with the results of a whois query.[compton ~]$ grep ' 211.5[0-9]' IP.ADDR/stats/APNIC | grep KR | cut -d' '
-f1,2,3 | column KR 126.96.36.199 255.255.0.0 KR 188.8.131.52 255.255.0.0 KR 184.108.40.206 255.255.0.0 KR 220.127.116.11 255.254.0.0 KR 18.104.22.168 255.255.0.0 KR 22.214.171.124 255.252.0.0 [compton ~]$
whois at APNIC returns 126.96.36.199 - 188.8.131.52 being allocated to KRNIC as a single block, which really isn't much help. The 211.54/15 and 211.56/14 blocks were both allocated to KRNIC on the same day, so I don't know why they would be separately listed in the delegation file. It's not a CIDR issue.
Agreed - APNIC delegated it to KRNIC, and ARIN has nothing to do with it. (ARIN only has one legacy assignment to Korea - the rest having been transferred to APNIC.) DNS Stuff (and similar sites) are merely reporting the information they get from the RIRs.
I suspect if we understood Korean, it would be possible to frame a more appropriate query to KRNIC - but other than that, nothing official.
Same question - are you expecting any legitimate mail from China? APNIC has allocated 899 blocks to China totalling 73,519,360 addresses. Ignoring the184.108.40.206/7 block (with 387 assignments to China - all but 21 smaller than a /18), this can be cut to only 99 rules (or less if you want to second guess APNIC). For that, see a country blacklist service. China has a national whois web page and there is probably a standard whois server, but the information hasn't been useful to me.
One point I have seen is that China seems to ignore the IANA requirements for reverse DNS, so you might consider setting your mail server to reject _at_the_SMTP_"EHLO/HELO"_ stage (and NOT afterwards) any host that doesn't match forward and reverse DNS records. I also noticed this with Korea to a _slightly_ lesser extent. This had a significant effect in reducing spam.