For example, it should be required for our default whitelist.
If we add something for SPF as a more flexible form of the recvd check on whitelist entries, we should also expand the forged_whitelist check. That is the ideal use of SPF, as a negative test for blocking forgery of a well known address when we are sure that the domain uses SPF.
-- sidney
