Staring Down the Armada Collective

I agree Protonmail took a stance and believe many others can learn from their experience. But let's not over simplify the problem. According to their blogs the attacks were over 100G and went on for hours at a time over several days. Attacks can go on for days and months. Protonmail found themselves up against varying attack tactics and ultimately took a defense in depth approach to mitigate the attack.
Null routing original ip completes the attack, game over , sever is down. Granted this can help prevent colateral damages. Combined with proxies can work well for dns redirect to route through cloud scrubbing but these solutions can add latency and impact legitimate traffic also. With redirection there is also the complexity of TLS/SSL (certificate management, privacy, etc.) And then you must also consider ip based (non proxied) targets. These dns redirect/proxy methods don't handle ip based attack targets and cause the need to swing ip prefixes via bgp. Bottom line, attackers can impact the infrastructure by varying their tactics and the approach should be well thought out and multilayered.