Using VM's to do penetration testing is a need that some people have. I would like to suggest a form to be issued to the support / security department. The form is to be filled out by the penetration tester and the the target of the test (provided they are both DO customers). Both would filled out the form with necessary information, target droplet, attack droplet, time frame, and also consent to do the test. This will prevent a long string of emails and prevent false positive abuse flagging. It can be signed digitally from the respective users control panel and verified with 2 factor authentication. Then approved by a Digital Ocean employee.