Ding ding ding. IPv6 doesn't solve this problem either because not all malicious activity from a given IP address is guaranteed to be conducted with the knowledge or consent of the folks paying for the connection anyway.

There should only ever be discrimination against traffic, not against addresses. Addresses should not be presumed to be fixed, and it should therefore never be assumed that seeing the same client IP twice means it's the same end user.

ding ding. your last sentence hit the mark. though from a operations/defensive perspective it often makes sense