One thing I've been thinking for long time is to consider policy proposals to enforce the usage of the abuse mailbox together with X-ARF/RFC5965/RFC6650. That will automate probably a so big % of abuse handling that makes sense even if you need to make some programming, even if there are already today open source tools for that.
i try to minimize telling other operators how to run their networks, and hope they treat me similarly. educate, facilitate, don't legislate. why is it that many ops feel the need to wrap/defend abuse reporting mechanisms? my guess, and it is just a guess, is volume, and the volume of false positives, automated over-reaction (you pinged my server!!!), or trivial whining. my experience is that, once i got past the spam/whining defenses, ops are quite cooperative. perhaps my trying to be polite helps. i do not assume i know how to run your network better than you do. perhaps if we figured out how to stop DoSsing abuse systems, they would evolve back to being easier to use. though it is hard to wind back defenses. so it goes. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery