changed whitelist format to be: ipaddress com.domain.subdomain This allows simpler maintence, sort +1 of the file groups all the smtpXX.gmail.com entries together so I can take a guess at a CIDR mask for them. Gmail is a bad example as their spf data gives me all I need but others are less helpfull.