Which Bounce Codes Should We Address with a Whitelisting Initiative?

When you say that they 'look correct', what do you mean? 

I've noticed that we get a lot of OOB (Out Of Bounds) bounces, where the emails may well be valid but the mail server rejects them AFTER delivery. There's a good summary of it from Mike Reynolds at the end of this thread. As an organisation you can make a call on strategy - whether to override the bounce and re-deliver to these addresses again - it is possible that they will make it through on another send, but you need to balance that with reputation and what the comms actually are (operational vs marketing). 

Like Diana, I wonder what you mean by "look correct" -- either you can send to that same address via your corporate email server or not, no?

As far as what response codes, if the recipient's domain can receive mail from your corporate side, then unless the bounce reason is explicitly "mailbox full" (as opposed to "mailbox does not exist", which is likely to be spurious) you might as well include it in this initiative.

However, I'm generally against whitelisting as usually formulated because you're asking IT people to be far too broad in turning off their own email filters. The only safe, non-side-effecting way to whitelist is based on a valid DKIM signature from your domain. (Their IT staff may not have the ability to understand/implement this level of precision, unfortunately.)