The opt-in argument is useless since there is no way to verify that the user subscribed in the first place, giving them the address or not. All you do is providing value to the spammer since they have now verified that the email is indeed real and read by a person. When reporting abuse you can already forge any email out of nothing, and you cannot prove that the email was forged unless they have a trace of the email being sent by their server (logs), and if they have that trace they can see easily see a pattern of mass distribution and start an investigation by contacting the other recipients on that list, or just wait for more reports to come in. Guess it's been a while since I worked at an ISP, but I have never heard of a spam abuse investigation strategy that involves forwarding the address to the suspected spammer.
