It depends, but in general malicious user is still user, so this gives you to which bucket such errors should go.