Not making a argument or anything, just sharing my experience.
-3704 yes is an update to 2827, so it supersedes as such, but still 2827 is used to refer to uRPF as a base. Even CCIE v4 exams still use 2827 lol ... to test on.
- I do agree about ingress and egress as they are basically to block invalid traffic to enter or leave the network respectively, Whatever it maybe Spooing, Smurf etc.
Having ingress we allow certain things to enter our network.
However egress can be used to identify any anomaly. Egress usually let almost all IP traffic out of network (expect sourced from 1918, Bogon, multicast, and even some ftp, tftp, protocols).
I like to use egress to find out a sudden spike in outbound bandwidth and random ports sending large traffic; which is useful is end machines have been part of a bonet or a virus. Egress helps to quickly stop these attacks going out of the network. Once things are more clear on analysis, acls close the source of malicious activity can be applied.