In this (my blog) i set up automated reporting and it works well. Despite the zoo warning ssh probers they still visit.
Postfix 3 (my blog) means postfix rate limits itself a lot of bad email servers and isps and so ssh attempts are the majority of reports sent. I suppose the idea works as most sites appear once or twice and then never reappear so it depends on if the isp is receptive to such reports so it still means your going to see a lot china attempting to steal our public domain banana smoothie recipe.
blocklist’s reports are not particularity good bit since i get a copy as well i have no gripes about not getting those and tools do exist to do it yourself [grep and wc].
I assume most attempts are windows bots or the odd typo by a real user although i am sure sure a non caring isp who allows complete subnets to abuse could be malice.
Since this data becomes available to all and usable in multiple formats you might be benefiting from my reporting and not know it.
Overall it seems to do good rather than bad.