I manage email for a single business. My users expect me to deliver all of the wanted mail as well as block the dangerous mail. So guesswork has little appeal, whether the guess is implemented using A.I. or SpamAssassin, or something else. I need control.
I have shopped, and looked at products with pricing up to $36 per user per year, but been consistently disappointed. I kept asking vendors, "How do I override a sender's SPF error or omission using a combination of HELO name (verified by forward-confirmed DNS) and SMTP domain? This was driven by experience: multiple attempts to enforce SPF had to be rolled back quickly because of SPF failures. It seemed like a basic feature requirement that would be apparent to anyone involved in email filtering. It was not my only expectation, just the easiest one.
I got a steady stream of the same answers: "you can't do that", often mixed with "just trust us, you will never need to do that". Eventually, I stumbled on Declude and quit looking. Declude needed customization to do SPF checking correctly, and to evaluate forward-confirmed DNS, but unlike everything else, it could be customized.
For what I wanted Declude to do, the number and size of filter files quickly became unmanageable and inefficient, since Declude rereads every file for every messages. That's why I moved most of the processing into SQL, where lookups are indexed. I currently have just under 20,000 rules in 6 SQL tables, supplemented by a manageable number of Declude custom filters for situations that do not fit my database design.
When my labor cost is factored in, our solution may or may not be cheaper than the cloud solutions, but it definitely gives us better control.
Have begun playing with Declude Reboot, but have not completed the process. The priority has been a rewrite of my custom scripts using Python email module and related modules.