I think your second option, the option to share authentication lists between accounts is the best one. Presumably this would work by each account contributing to and using a merged list (I can forsee complexities if each account contributes entries to its own list but uses a merged list for checking incoming emails).
This option avoids the complexities of synchronisation (conflict resolution, scheduling syncronisation, people forgetting that lists can be inconsistent between synchs etc), which (IMHE) result in large support overheads.
It may be as well to set all accounts to use the shared list by default, as this would reduced the frequency with which people need to merge separate lists. (Merging lists may involve conflict resultion - eg one list says sender is blocked, another than sender is allowed!).
If you want this to evolve into enterprise software, you may have to generalise this facility further by recognising authentication lists as first class entities which can be named and managed by users separately from email accounts. Users would then define which accounts were to input to, and be governed by, which authentication lists - with sensible defaults to simplify matters of course.
Hope this helps. Keep up the good work. I will post a few other suggestions and a few minor bugs over the next few days/weeks, if that will help.