There are quite a few domain you can trust not to send spam.
For example the airlines, the banks , and a lot others like :-)

If mails from these domains gets an SPF/DK pass we can simply pass the
mails. Today I manually maintain a list of whitelist_from_auth

Is there a global DNS WL available somewhere. So that I dont have to
keep tracking myself for maintaining which new bank has put up SPF