They execute this attacks with a machine that uses a list of free proxies.
I have several sites protected and looking at the alerts I see that they load a proxy IP and then attack all the sites in their list.
They are not doing it sensibly because they attack the same site with the same failed user name over and over.
To speed things up you can set the repeat time to 5 minutes and the ban to 60 days so they run out of proxies on conventional attacks.
I ban the IP's permanently, I saw that they were using the same IP's again and again, mostly because there are insecure networks what have these proxies in Russia, Ukraine, China and South America. I then consider blocking the whole IP network, after all why do I need to cater for some ISP in Argentina that does not secure it's network, do I need such visitors, NO.
If you get the paid version you can block out countries and it uses shared intelligence from the many sites they protect.
This plugin ought to have the ability to set different emails for different alerts. So for now you can have the messages forward to an online account, then use the mail filter to autofile the messages into folders so you just see what matters.
You can use the mail filter in Gmail to get messages of a certain type to be forwarded to your main email address.