...
RM> ... more whitelist entries ...
...
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
...
I'm not so sure that 1&1 is immune from forgery, but if you list it, you should also list the four domains oneandone.{com,net} and 1und1.{com,net}. They are all the same company and forward responses to abuse@ and to postmaster@ queries through the same server (the problem is that *some* customer email also seems to go through that server occasionally, and they have had abusive customers in the past - so a forgery seems possible, even if unlikely).
Paul Shupak track@plectere.com