I found that the refactored code was very amenable to modifying the block/pass list processing to do two consecutive passes, first with any domain settings, then with any user settings.

