There are quite a few domain you can trust not to send spam. For example the airlines, the banks , and a lot others like spamassassin.apache.org :-)
If mails from these domains gets an SPF/DK pass we can simply pass the mails. Today I manually maintain a list of whitelist_from_auth Is there a global DNS WL available somewhere. So that I dont have to keep tracking myself for maintaining which new bank has put up SPF records Thanks Ram