I do wish there were more options in SmarterMail for SMTP Greylisting & Blocking. So, I'm not opposed to the idea overall.

However, it is important to note that most official municipal and state organizations use *.us domains, which is a primary reason you'd want to hesitate before using SMTP Blocking for that domain specifically. Honestly, using SMTP Blocking for any *.tld domain is risky, even if the majority of them are used primarily by spammers (for example, I know a lot of legitimate businesses and individuals that use the .info, .guru, and .ninja domains, for example).  I tend to use Spam Filtering for these tld domains and only use SMTP Blocking for the ones that are clearly from spambot-nets. For example, here is a list of SMTP EHLO Blocks that we use for troublesome .tld domains:

 

Almost all spambot networks use a naming convention for their HELO/EHLO and can be reduced down to a common string without resorting to blocking the entire .tld domain (the smarter ones will use randomly generated domains or subdomains but there is almost always a set string within them that you can use with wildcards). We get ours from parsing our SMTP logs with a grep statement to find the commonly used HELO/EHLO combinations and tracking them over time (most return once every 60-90 days).

SMTP Blocking should only be used when you are absolutely, positively sure that no legitimate mail will ever come from that source. For everything else use Filtering instead. It's easier to explain to a customer to look for their missing email in their Junk E-Mail folder than it is to explain to them why you are bouncing their Contract Bids or Permit Renewal emails from City Hall by blocking *.us domains.

Yep, That is the issue we are running into. The .us ones that are legit are really important ones.  We work with a lot of schools and other non profit orgs. they are our clients.  All of the schools here in Hawaii are "notes.k12.hi.us" and a few of the government agencies are .us as well.  Then we had a few national non profits show up as .us too since it was so cheap to register the domain. And there are more starting to show up because it is so cheap to buy them.

That is why i want to implement some type of greylisting or validated authorization or something where we can prevent the spam but let the new emerging legit domains through.

We have recently been considering swithcing over to something that does total whitelist only. so every email that comes in has to click a link to verify they are legit at least once before it gets delivered. I really do not wnat to do that though as i can see some of our clients freaking out over it.. including us, as we have over 12,000 emails on our client mailing list. Making 12,000 people authenticate (just for our domain) ?  there will be a LOT of unhappy people !

Regarding you and GREP, the list. I do something similar i guess... I take the logs and put them into a spreadsheet and run conditionals and formulas on them. basically build a database and do extractions