Hi Richard. I'm not sure of the answer to your first question. As for your 2nd question, I'm a Message Sniffer expert. My company resells the Message Sniffer built into SM as well as the external version of Message Sniffer so we had to become experts in order to support it. I use the external Sniffer along with Declude on all of our in-house mail servers and most of our customer's servers. We only use the SM anti-spam settings for SMTP incoming connection checking and we only use certain, very reliable RBLs for that. With that being said, I would say that Message Sniffer is an excellent choice as an active filter for SM. It's rate for false-positives is almost zero. However, as you probably know, it's not best practices to filter spam (especially if you're deleting it) based on one, single test. I'm not sure of what weights and actions you currently have set up so it's a bit difficult to give you suggestions of which tests, weights and actions you should use. I can only give you a list of what we use and how we use it. If you need an opinion on what some of the most reliable tests are, we found that the following are great to use for filtering and SMTP incoming connection checking...

 

Barracuda

GBUDB

Hostkarma-Black

McAfee

Mailspike

Spamcop

Surriel

SpamHaus (they have several good RBLs you can use)

 

Please know that there are going to be people on this list that strongly disagree with me and that is alright. I have been an email admin for over 15 years and the advice that I'm giving you comes directly from what I have experienced over the years. Our customers are extremely happy with the way we sent up anti-spam filtering on their servers and we have minimal people reporting false-positives with the settings we use. We agree that everyone's environment is different and we do adjust accordingly when we need to. If you have any questions, please let me know. I'm happy to help.