I largely concur with the points that Paul's making, and would like to augment them with these: - Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows. - Trustability is unrelated to size. There are one-person operations out there that are obviously far more trustable than huge ones. - Don't built what you can't control. Abuse handling needs to be factored into service offerings and growth decisions, not blown off and thereby forcibly delegated to the entire rest of the Internet. - Poorly-desigged and poorly-run operations markedly increase the workload for their own abuse desks. - A nominally competent abuse desk handles reports quickly and efficiently. A good abuse desk DOES NOT NEED all those reports because it already knows. (For example, large email providers should have large numbers of spamtraps scattered all over the 'net and should be using simple methods to correlate what arrives at them to provide themselves with an early "heads up". This won't catch everything, of course, but it doesn't have to.) ---Rsk