I got years of their spam without signing up. Only after several years did they add a way to opt out an email address without making an account.

If they don't provide an easy opt-out link then why not just block the sender and move on? Unlike the less legal operations I wouldn't expect a legitimate business to rotate domains or otherwise attempt to evade blocks.

Why block when you can report to Spamhaus?

I prefer to only report genuinely malicious behavior. As long as there's no active attempt at block evasion I figure reporting it is just increasing noise and generally making things worse for everyone. It's the active block evasion crowd that make any and every network communication protocol a pain in the ass to use at scale. It wasn't simpletons using a single static IP address that triggered such widespread adoption of Anubis overnight.

How is that not genuinely malicious behavior?

Look I'm just trying to distinguish "active circumvention of blocks" from pretty much everything else. Because the former is what destroys the usefulness of protocols while the vast majority of other things can be trivially resolved by blocking the offending party. Including { corporate service } that I don't use sending me { unwanted thing }.

If a bot that sends a fixed set of headers and is behind a single static IP is behaving poorly and slowing down your server you can block it and move on. Whereas when an abhorrently selfish operator with a client that actively hinders fingerprinting rapidly rotates through hundreds of thousands of IPs you end up with mass adoption of solutions like Anubis.