I have to respectfully disagree with those who say that whitelisting my friends is a bad idea.
I do realize that spammers use everyone's addresses -- as they are using mine -- as fake return addresses, just as often as they would use any other address. But the chances of them accidentally using an address of my friend (even is, say, I add 5,000 emails to my whitelist) to send spam to me, are approximately 5,000 out of 100,000,000 (hypothetical number of email addresses available for the random return address pool). That works out to 0.005% chance. My experience suggests that I never ever received a spam with my acquaintaince's email in the From: field. Did not happen. The only possibility of me receiving spam from my friends would be if they were infected by a virus that exploits their address book, but I am already running a number of virus filters (clamav and my custom perl scripts rejecting all EXEs, screensavers and other windows junk). So, if whitelist_from is scalable to a few thousand addresses, I would like to use it. I had a few emails from my friends rejected due to false positives. i