Improve whitelisting with a configurable trust score applied dynamically to spam confidence levels
The current approach of whitelisting is a very binary approach of defining trust as either completely trust or distrust from a point in time for a sender/domain/IP.
Companies you trust today might be breached tomorrow, domains or IP's may be sold and individuals may suddenly act maliciously. Most rule sets stop filtering past the whitelist which could result in malicious mail from a compromised partner being allowed into your systems.
Therefore a better alternative would be to allow a "trusted" sender/domain/IP list that would allow you to dynamically reduce the Spam Confidence Level (SCL) of an email by a configurable amount.
For example an email with a SCL of 5 would be detected as spam/phishing, however if the sender was in the "trusted" list it might receive a -2 towards its SCL resulting in an SCL of 3 which would be allowed through.
An email from a "trusted" sender with a High Confidence SCL of 9 would then be blocked as spam/phishing even after the application of the -2 to the score.
This is much better for security as it reduces the impact of supply chain attacks. Also it reduces the impact of not managing your whitelists well. This is suggested as an addition to existing whitelist approaches not as a complete replacement.
Blacklisting could also be managed with the same approach where relevant.