Scott, the best way to prevent these types of attacks is to follow our recommended antispam settings. SPF/RDNS/DKIM/DMARC will all help cut back on the amount of phishing messages received by your end users as the SmarterMail instance will be capable of verifying the from domains. Our recommended settings can be found here:

Hi Kyle,

Thanks for the reply and information.

We have SPF, DKIM and DMARC setup for our domain. Most phishing messages come from external domains though. For example, domains of popular organizations are changed slightly to fool the end user.

I noticed in the "Recommended SPAM Settings" article it mentions Remote SpamAssassin but not SpamAssassin-Based Pattern Matching. Both SA settings are under Antispam - Spam Checks. We would be interested in recommendations for SpamAssassin-Based Pattern Matching.

Cyren is nearly useless. We receive quite a few large number of complaints saying they flag legit messages as suspect or even confirmed when they are not. Sniffer does a decent job, but also doesnt seem to respond well to non-English spam...