Spam blacklists as denial-of-service attacks?