While the technique described in this article is intended for implementation at the MTA level, it still makes for interesting reading that's worth a look. There seem to be a few ideas in here that might be useful in enhancing the reliability of SpamAssassin's Auto-Whitelisting feature as well, especially the concept of the "triplet".
Anyway, here's the link for your perusal: http://projects.puremagic.com/greylisting/ Andy
