Here is our rationale for the way it works currently. Incoming spam checks are executed presently after the MAIL FROM command if the From address is not on the global trusted senders list (editable by the system admin). If we were to change the behavior to also process the user's trusted senders list before the spam checks, then this would have to be processed in the RCPT TO command for each user. This would not let the spam though in and of itself unless it was on the trusted senders list.
Logs could potentially increase in size due to the additional entries per user checks. Moreover, many spammers use a dictionary of users and if they see certain users successfully accept the mail, it may alert them to spam the domain even harder.
If there is enough discussion and / or upvotes on this thread / reply then we would certainly readdress the current functionality. In the meantime, we will modify the help file/KB to clarify how incoming spam checks and trusted senders (global and user) lists correlate.