I did this too for many years. I recently reversed the filter logic from whitelist to blacklist since spam filters nowadays seem efficient enough that passing through `name*@domain.tld` by default and only blocking those few addresses that leak and start sending spam is less work.