I've whitelisted some domains with no notable problems. Forgery of the From: line is not going to be a problem, because it's going to look at the DNS hostname of the sender instead. Of course whitelisting the domain requires getting the right domain, and a lot of large sites outsource email or have servers under a different domain than the obvious one. It's easy to see these when the mail gets hits the greylist for the first time.