I tested Cyren and MessageSniffer for quite a long time and now I can say that, IMHO, they are nearly useless...

Sure, every now and then they manage to catch something that might have been missed...

But out of tens of thousands of emails containing a lot of spam/phishing scams or worse, they only catch a few, and that doesn't justify the cost...

In particular, I am hoping to learn if anyone's content filtering solution is particularly good at detecting malicious messages when sender reputation is unknown.    

I have assigned reputation to all of my normal senders, so all of my threats come from unrecognize senders with unknown reputation.    About 85% of my previously unknown senders are legitimate and wanted, but about 15% are unwanted and sometimes malicious.    That ratio does not permit me to block all unknown senders, which would be the safest move.    The 15% is only going to be blocked with content filtering.    It is a small issue by total volume, but even a single message could cause great harm.

Any replacement product also needs to provide a message review solution for all messages, whether allowed, blocked, or quarantined.  rSpamD seems to offer a review tool, but I have not figured out if it can meet my needs. 

We tried the Smartermail plug-ins/add-ons and none of them worked particularly well. They were little more than "better than nothing at all" and had a nasty problem with false positives if set on the aggressive side-- enough to generate many customer complaints-- or false negatives if too loose-- which also generated complaints.  It was nearly impossible to find a useful middle ground where everyone was happy.

The only filtering platform we've had good results with is a 3rd party hosted solution that does the pre-filtering and quarantine, then forwards the "good" mail and quarantine notifications on to our mail server for delivery to user boxes.

I think we're past that point in history where it's practical (or even effective enough) to roll our own anti-spam solutions.  Spammers adapt their methods way too quickly now, especially with A.I. powered spam bots gaming the system, and it seems the only anti-spam solutions that adapt quickly enough are providers specifically in the spam filtering business.  And they aren't cheap.
  

Can your cloud solution be tailored to block the nuisance messages that are irrelevant and unwanted?

Do you have access to a statistical breakdown of why messages were blocked, something that reveals the nature of your vendor's private knowledge?    Long before generative AI existed, I assumed that the spam filter vendors had something close to that level of linguistic analysis.   Now I am doubtful.  The theoretical difficulty of content blocking has been highlighted by the "free stuff?" attack network, while the infrequency and inaccuracy of my content filtering has been exposed by the statistics cited in my opening post.  

So I wonder if my experience is an exception or the rule, which is why I am interested in your statistics, if available.

You can check them out-- OpenText.com .  We engaged with AppRiver many years ago and as it usually goes, they were bought out and became part of OpenText.  There are various levels of filtering you can do-- what we use is the higher-tier Threat Protection & Email Security, not just anti-spam.  I haven't messed with the filters much in 2025, not since AppRiver was absorbed by OT-- another admin handles that-- but I know what we could do via the AppRiver admin control panel was pretty useful and the false positives/false negatives are well within acceptable margins.  

The quarantine function is nice, notifications for users to self-release quarantine items are intuitive and so is the process to request whitelisting of senders.  It's not cheap at several dollars per-mailbox per month for the highest tier threat protection, it's been so effective that customers don't complain about the price.
 

The company I work for is in the hardest industry for incoming email filtering, due to the nature of the industry and who we "have" to deal with.

For this industry, the larger the company, the larger the probability of fuufuu getting through.

As such, for me, there is a lot of manual review as well as constant adjustments to our incoming email gateway.

In my now 25 years dealing with email servers and email filtering, I have maintained a very high percentage of catching the fuufuu before it reaches the user, with a lot of constant manual intervention and review.

I know, I know, that is not what the overwhelming majority of email admins are willing to do or even have any clue of how to do. Everything is desired to be hands off and rely upon a third party software/service.

By far, the biggest signal aspect of my efforts have been around utilizing Declude, and now the new Mails Best Friend DR. 

@Gabriele - I agree, Cyren and Sniffer are mostly useless. We use blacklists from Spamhaus, we subscribe to them, and they have been awesome and stopping stuff at the SMTP level with nearly zero false positives. We then utiltize Rspamd with VadeSecure and it has been solid.

We've tried Cyren and sniffer many times over the last many years, they just are not that good. With SmarterTools would look into integration with other anti-spam providers, but... I assume they went with Cyren and Sniffer since they are "inexpensive".