[exim] concept of whitelist based on my client subject

I am thinking about ACL to whitelist replies to my users emails
I want to hear your opinions about that

#1.my client send email with Subject header f.e. Subject=Order

#2.exim smtp_remote router log to mysql information about email -
sender(my user),recipient,subject and date

#3.now when recipient send back email to my user as a rule replies
Subject f.e Subject=Re: Order

#4.Now in ACL RCPT i can search mysql for a pair sender,recipient and if
replied Subject contains that from Mysql i can accept message (or f.e.
give Spamassassin header with -10 points)


#5.optionally i can whitelist recipient as trusted and save to database
for future whitelisting


Is it stupid idea? What do you think guys about that?
How to resolve #4 subject matching? in mysql statement? in exim match ?