You’re assuming that the “From” address in spam exists, and this isn’t true for 99% of the cases. This is why the “verify you’re human” test exists, and is one of the most successful anti-spam solutions which exists.

You make a valid point.

The angle I was approaching it from however was that all you need to have is a spam bot with a valid return address (even if it is only valid for a short amount of time) and you can not only defeat this technology for said brief period of time but also generate a white list of from addresses that can be passed to spam bots that then won’t need to have a valid return address, merely spoof one of the white listed one(s). On shared servers where the white list is shared across accounts the negative effect of this type of action would be amplified.

You’re assuming that the “From” address in spam exists, and this isn’t true for 99% of the cases. This is why the “verify you’re human” test exists, and is one of the most successful anti-spam solutions which exists.

However, your point of “whitelist addresses to which you have sent mail” is certainly true, and I’d be annoyed if I was confronted with such a dialogue after replying to an e-mail.