I don't believe they should be held liable for the actions of malicious users, that would violate all sorts of safe harbour provisions.
However, safe harbour does atleast imply reasonable effort to curb mass abuse.
Responding case by case is nice but it's not the same. As it leaves open the proverbial DDoS attack where botnets just create so many domains that the process put in place to resolve them is too burdensome for companies like Microsoft (or even law enforcement) to reasonably utilize.
Hence if you have a platform that is vulnerable to such abuses you should have systems in place to handle this at a bigger scale than single case by case means.
However, safe harbour does atleast imply reasonable effort to curb mass abuse.
Responding case by case is nice but it's not the same. As it leaves open the proverbial DDoS attack where botnets just create so many domains that the process put in place to resolve them is too burdensome for companies like Microsoft (or even law enforcement) to reasonably utilize.
Hence if you have a platform that is vulnerable to such abuses you should have systems in place to handle this at a bigger scale than single case by case means.