What about the idea that Spamhaus, by being a blacklist, is denying service to all sorts of websites itself? Why is a DDOS attack that much different from what they do every day?
I mean, sure, they block a lot of spam, but what about all the times someone's domain gets blacklisted and it's not spam? And yeah, I realize domain admins opt in to use their blacklists.
I don't think you really understand what you're talking about. First of all, Spamhaus isn't denying service to web sites; they're listing IP addresses of known spam sources. Mail administrators use the list to block email - not web sites - from those IPs. Spamhaus is just one of many such services, but Spamhaus happens to be the best. Why is that? Exactly because they keep the false positives to a minimum. What you're talking about theoretically COULD happen, and certainly does happen with other blacklists, but the reason we mail admins use the Spamhaus SBL-XBL lists instead of the other blacklists is because we DON'T see legitimate servers getting blocked. Believe me, if we were blocking legitimate mail, our users would complain. It's not happening.
It still does not change the fact it's a denial of service, coming from a self-appointed body that is in no better position to judge what is and is not spam than anyone else.
They are in a better position. I don't know how they do it, I don't know how they got into that position, but they've managed to pull it off.
A real common tactic with political campaigns is to sign up for the opponents mailing list on an AOL account, wait for them to send you an email, then complain you are receiving spam. AOL turns around and gets that domain blacklisted. Then it takes time and resources to resolve the issue.
I just don't see much of a difference.
The difference is that while this happens all the time with AOL's internal blacklist, Spamhaus doesn't work this way.