Given the volume we're discussing, whitelists are hella impractical for this sort of thing, alas. There are a number of protocols that have been bolted on top of email that providers can use to cause a receiver to identify their mail as more likely to be legit. They're extremely bolted-on, massively imperfect, and each of them can break various things a mail sender might want to do in various ways. We use most of them -- the ones that don't break our particular use case -- but since they're extremely bolted-on and massively imperfect, major email providers don't always put a ton of weight on them.
The fundamental, basic problem that email is a protocol that assumes trust and good faith, deriving as it does from the days when everybody knew everybody who was on the internet and if somebody was doing a dumbshit thing you could call up the network admin at their institution and ask them to walk down the hall and tell their user to stop doing dumbshit things, and therefore doesn't scale at all to tens of billions of emails being sent daily. Major email providers like Gmail have zero incentive to ensure perfect delivery and significant incentive to reduce the amount of spam they pass through and store.
Re: a friend at Google
The fundamental, basic problem that email is a protocol that assumes trust and good faith, deriving as it does from the days when everybody knew everybody who was on the internet and if somebody was doing a dumbshit thing you could call up the network admin at their institution and ask them to walk down the hall and tell their user to stop doing dumbshit things, and therefore doesn't scale at all to tens of billions of emails being sent daily. Major email providers like Gmail have zero incentive to ensure perfect delivery and significant incentive to reduce the amount of spam they pass through and store.