I unfortunately set a blank Authorized TO file yesterday which naturally rejected all emails that weren't already bypassing the rules.  I recommend adding the ability to quarantine rejected "Authorized TO" emails so that they too can be analyzed.  Upon combing through the logs to determine who sent me emails which were later rejected, some of my rejects were actually merited as I've noticed a new spam problem ... somebody is sending out spam to AOL addresses using my domain name and some random string as the account in the From and Reply-To headers.  As a result, I keep getting all of these failure notices.  But other legitimate email was getting blocked too, as I use many different aliased accounts that forward to my one master account.  Quarantining Authorized TO rejects will help people like me determine how to tweak my settings better.

I actually use my domain name and create a new username for just about every form I sign.  Therefore, there may be dozens of aliases that I use out there.  I actually do this so that if spam starts coming to a particular address, I have an idea where it originated.

Perhaps rather than hard-coding it one way or another, the feature could be optional via a checkbox?