"At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means."
Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.
One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.
Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.
From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).
Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.
One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.
Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.
From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).