1. there is no single and widely used abuse reporting format that can be automated at both the victim and responding sides.
I haven't been paying attention lately, but wasn't there an internet-draft on that a few years back?
several. see <http://www.ietf.org/html.charters/inch-charter.html>. INCH isn't specifically designed for abuse but it's supposed to have an extensible schema (or so i was told).
2. there is no single, compelling, honest ethical standard like "the good housekeeping seal of approval" in our industry.
A consumers' union for the Internet? Didn't ISP/C have some activities along this line, once upon a time?
a "consumer's union" lookalike won't do it. individual endusers rarely have choices about who they use for access -- they get it from a dwindling selection of local dsl providers, or from their cable company. since they aren't making buying decisions now, it wouldn't do any good to give them reasons to choose one access provider over another. where this matters is in the commercial sector, where there's an RFP process for IP transit, or a contract process for BGP peering. to that end, what's needed is something that these documents can refer to -- "member in good standing of $FOO" or "complies with RFC $BAR" are examples. ISP/C wouldn't have been a good example since the members of same who wanted to standardize ethics were seen by the rest as moralistic whackos. as i watch yahoo and others launch anti-spam crusades it pains me that if they would simply have declared universal support of verified permission, and set a date by which they would require it from their suppliers and BGP peers, this would have further criminalized spam just by comparison. but since these companies don't want the perceived costs of verifying permission, they're stuck trying to criminalize "spam" when there is no difference, in principle, between what "spammers" do and what "reputable companies" do. lazy-lazy-lazy. -- Paul Vixie