I would advise against blocking IPs. In todays’ Internet landscape IPs are very volatile. It’s much better to focus on the domains coded into the software, as these won’t change (as quickly).
If you check out another interesting project - WindowsSpyBlocker - you will see that they have problems with blocking IP addresses (example).
A much better way to go about this is to deny IP-based communication dynamically. The Portmaster, as mentioned by @davegson before, can do this in an elegant way: Connections to IPs to which no domain name was resolved are denied. This means that a process that wants to communicate with a server, must resolve a domain to that IP first. This feature is not yet enabled by default because it does break applications that depend on direct “P2P” communciation. But this will be enabled for Windows as soon as community sourced app settings are rolled out next year. Until then, you can enable this setting for Windows services manually.
Disclaimer at this point: I am the Lead Dev of the Portmaster.
We do currently import the “spy” domain blocklist from WindowsSpyBlocker - here is the result of the domains you posted: (enabled Portmaster list categories:
TRAC, MAL, BAD, BADC)
To be honest, I didn’t think that so many domains would make it through. I will look into that in the coming weeks. Effectively blocking Windows telemetry and privacy intruding “services” is important to us.
What sometimes makes this difficult are false-positives, which impact user experience - things start to seemingly break at random.