For Anti-Spam, GMAIL has the advantage of almost perfect information. At least in comparison to you, they also have nearly unlimited staff resources to interpret and apply that information.
However, I also have managed to keep the Ransomware guys out of my network while much bigger organizations have not.
- Do not expect SmarterMail to provide your complete spam filtering solution. Their expertise is mail handling, not mail filtering. If you wait for them to solve your problem, you will have waited to long.
- You need a tailorable spam filter. I use Declude from MailsBestFriend.com for this reason. Postfix is a good alternative, maybe even a better one, but Postfix only runs on Linux and it requires a significant to learn its complexity. Both are currently free. I am assuming that after you have a tailorable tool, you will put the effort into studying your mail flows and using it to tailor your product. Declude is my first and most important line of defense, but it is not my only one.
- You need a commercial product with URL-checking capabilities. Today, most attacks are in the form of web links, so you need a product that can extract those links and evaluate the for risk. In my environment, it is configured second, after Declude.
- You need a good message review interface, with flexible query capability, so that you can look for patterns in your mail stream. My customization of Declude has included logic to push message metadata into SQL. My commercial email filter also provides a good message viewer with SQL-inspired query capabilities. I use both to determine what needs to be tailored.
- Checking links as they arrive is still not a complete solution. The worst-case scenario is that a link is safe when it arrives, but is maliciously altered before the user clicks on it. Consequently, the most sophisticated products will rewrite all links to go to the vendor for a second check at click-time. These products are probably outside your price range, but maybe you will get lucky.
- You and your clients need good web-protection software. If a bad link gets through the email filters, and your users do not apply human filtering, then the last line of defense is web filtering. There are plenty of web-based attack vectors that have nothing to do with email, so even if you have a perfect email filter, your users still need a good web filter to be safe. [Case in point: one of our users went to a church web site to check its address so she could attend a funeral. But the church site had been hacked and it tried to redirect her to a malware source in Ukraine. Fortunately, my web filter detected and blocked the attack, so no harm was done. I notified the church.]
- Finally, you should do your primary email filtering on an incoming gateway. My Declude configuration uses the free version of SmarterMail, configured as an incoming gateway. My commercial products also function as secondary and tertiary stages in the inbound filtering process. Gateways have the benefit of separating unauthenticated SMTP from authenticated SMTP. Your mail server needs some filtering to protect against an infected client from attacking your other users and tarnishing your reputation, but that is a different category of problem from filtering all of the garbage that enters from the Internet via unauthenticated SMTP.
Hope this helps.