> No, the right idea is to build your own, white- or blacklist.  In
> PGP, you ask your friends to sign your key, eventually you may be
> lucky to hit common signatories and the web of trust starts happening.
> Can't say I've seen it in action, but it may well work.

SMTP mostly comes from providers (ISP's) and not your friends (unless
your friends happen to own ISP's).