I am performing manual review of items sent to the Training folder.    My customized external sender warning lets the user know that it is avaiable:

I do not have the option of automatically feeding a spam filter's Bayesian model, but I don't think I would dare.   Manual review of the feedback is helping me block illegitimate and unwanted mail, but it also includes stuff that should be handled differently.  This includes:

SmarterMail has an integral :"Unsubcribe" button which is displayed for messages that it can parse correctly.    I have not decided how to help users notice that it is there and safe to use.   That capability is related to the largeer question of helping users know whether an unsubscribe link is safe or not.   So for the moment, I am doing a lot of unsubscribe that users could do for themselves.

When I do block messages, I have to dig deep to determine which identifier should be blocked.  The attacker's identity could be hidden by impersonation or hidden in the Reply-To field, among other possibilities.    In some cases, the attacker's identity is fully obfuscated and the only available response is an Abuse report to the attacker's hosting service (if that service is legitimate.)

True there are also the no-reply@yourdomain.com sent from googlecontentusers. These tend to get through also. We wouldn't want user inedvertenly blocking their own domain. 

We are seeing a huge amount of what I call AI spam. The spam email address and domain, from what I can tell, are used only once or twice. So blocking the *@spam.com is useless. The content is different, so pattern matching is not working. The domains, spf, dmarc, dkim all are good. The spam piggybacks on known brand names, so you can content block "Lowes." A Community spam and virus response is looking more like a good option. 

How is your community spam idea different from RBLs like SpamHaus or the proprietary reputation data maintained by the commercial filtering vendor.    The typical vendor pitch is all about how they see more email than everybody else, so they block bad stuff first.   For the problem you state, it just does not work.   By the time that an attack is detected and publicized, the attacker as changed tactics.   Besides, if none of us know how to detect this stuff reliably, then pooling our ignorance cannot make us smarter.

Email has been operating for a long time on a bad security model:   "If I cannot prove that the message is harmful, then I have to deliver it to the user."    The foolishness of this model should be self-evident.   If the global mailstream is more than 75% unwanted messages, and I pick a random message to deliver, what is the probability that it is unwanted and possibly harmful?    More than 75 percent, of course.

Your office building probably has a reception area for receiving visitors.   It slows them down, but that is not a reason to give every random stranger free access to your building.    In email, the reception area for unknown persons is called Quarantine.   When you start quarantining every message with unknown reputation, you will have hope of acheiving safe email communication.