Recently one of their customers decided the incoming directory on our FTP server would be a good place to start a warez site. We mailed help@uu.net and noc@uu.net. Our mail included the src IP address and the times that the uploading of the warez occurred. They were fairly quick to respond with UUNet's policy on these matters. Basically they will only take action when told to do so by a law-enforcement agency.
This is a bad idea. Once they were informed, by anyone including a private citizen, that they were an accomplice to theft, it became their responsibility to report it AND take reasonable steps to avoid having it happen again. The all-holy "common carrier" mantra does not excuse outright illegality after notice has been given.
Ok, fine. I understand that they have to protect their interests and that there are legal implications to all of this. I tend to agree that this position is the safest one to take.
I don't agree, and it wasn't (isn't) safe.
This raises important issues, though. What do we expect providers to do? Do we expect them to take action based on email received from unknown people? It seems from some of the other posts on this topic that we do expect that.
They are expected (by law, and by me) to do the "best reasonable effort" thing I was talking about before. If someone says "you are helping person X to break the law" then UUNET -- or any of us -- has to make at least a cursory investigation, and if anything comes of it a report has to be made to the law enforcement people and "reasonable steps" have to be taken to prevent a reoccurance. I wish I could quote the title and verse of this but I had it quoted to me when I was involved in the events that were later written up in Markoff's book and I remember it pretty clearly. (The law applies to the employee in this case, not to the corporation or its officers.)
I think if you are getting attacked from a specific IP or block of IPs, you have every right to filter those packets. I question the prudence of a 'blacklist', though.
I have not yet been threatened for hosting the http://www.vix.com/spam/ page. I fully expect to be threatened at some point, but since I'm not in the ISP business it's rather hard to argue restraint of trade.