>Filter on whether the sender is in your address book (or inbox or etc)
That strategy doesn't work when you don't know ahead of time what email addresses the sender will legitimately use in the future.
E.g. register with New York state tax authority to file business taxes at https://www.tax.ny.gov. A few months later, you get an real legitimate email from ny.comptroller@service.govdelivery.com.
How would "govdelivery.com" be added to your address book? Presumably, you never added that address because you never saw it. You never saw it because it went to the Junk Folder.
Agreed, there are serious issues if the sender and receiver don't coordinate.
The feature already exists with only minimal DIY though. An alternative implementation would have to contend with the same social issue.
The easiest solution to the social coordination issue I'm aware of is the second option I mentioned. Hand out a unique address that you whitelist. Possibly burn it later if necessary.
That strategy doesn't work when you don't know ahead of time what email addresses the sender will legitimately use in the future.
E.g. register with New York state tax authority to file business taxes at https://www.tax.ny.gov. A few months later, you get an real legitimate email from ny.comptroller@service.govdelivery.com.
How would "govdelivery.com" be added to your address book? Presumably, you never added that address because you never saw it. You never saw it because it went to the Junk Folder.