If that last line were true then surely the GP's noip domain would still work and traffic would be routing without any interference. Ergo, they are telling lies as they are not simply routing "bad traffic" elsewhere but also "good traffic".
How do they know that some data is "bad" before looking at it?
And I'm asking only because I know the answer - that it's impossible, they are looking at the entire traffic and (officially) deciding if it's "bad" afterwards.
> allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.
According to MSFT, they are only looking at known "bad" traffic. You can take their word for it... or not.