Information on the configuration and blocking of countries/subnets by protocol or by entire country

All inbound traffic to this site is logged, and only specific protocols are allowed in - everything else is automatically blocked.
However, I test different protocols for country of origin, and explicitly block certain countries alltogether, or just specific protocols.
The following is a list of current explicitly blocked sets for testing and logging (blocked using my TMG Computer sets here):

I'm working on designing a better way to log and report on this type of data. The TMG log format makes this more difficult than you would think. TMG now uses SQL data type [uniqueidentifier] for the IP instead of the super-simple BIGINT they used to use in 2006, which makes parsing out 91.22.145.144 from 5B169190-FFFF-0000-0000-000000000000 far more difficult. This is exasperated by the fact that one must first convert 91.22.145.144 to a BIGINT for a comparative query to retrieve the country information from my GeoDatabase. Presumably, this was done to support IPv6, but it was a poor choice of solution. One now has to convert the uniqueidentifier to a string of dotted IP notation, and then convert that to a BIGINT to retrieve country information. But I’m working on a new way of doing that which is for efficient and quicker. Once that is done, I’ll post real-time reports of what countries are responsible for the most traffic of a particular type as it relates to my network, anyway.

Update 07/31/10:  I now only ALLOW in from US, UK, Denmark, Australia, and Germany.   All other countries blocked by default.    Results for blocked spam attempts below.

Update 09/21/10:  The update job to produce the below "Top 20" report now takes about 15 minutes to process (since I'm still sourcing from raw data) so I just run it once per day at
~2am.  I've also added a sum of all blocked SMTP traffic (adding other protocols later).  As of this update, almost 3.5 million connection attempts have been blocked at the firewall before even making it to my mail server since 7/19/2010.  There have been a few different security folks who have "poo-poo'd" the use of direct blocking by GeoLocation as a security layer, but in every case that I've had personal discussions with someone about this, they've not ever provided any research to support their position.  They just "think" it won't/doesn't work.  But when a humble little domain like mine is dropping 3.5 million connections for SMTP alone in only 64 days, it's hard to argue (as far as I'm concerned) with numbers like that.  That's 50,000 emails per day that my mail server never sees.  I'm good with that.

Update 02/25/11:  After over 7 months of data collection in the second round of logging, it is now time for me to dig deeper into the analysis and see what other interesting statistics can be found. The below tables illustrate the last aggregation made on 02/23/11 at ~ 2am. With nearly 11 billion SMTP connections logged, and another 5 billion other connections of interest still to be reported on, I think I’ve met what I consider due diligence in data collection required to make educated decisions on what type of controls to use moving forward.

Blocking Reports:  Stats Last Updated, Top 20 Countries Blocked, and Summary of Blocked Connections