I tested Cyren and MessageSniffer for quite a long time and now I can say that, IMHO, they are nearly useless...

Sure, every now and then they manage to catch something that might have been missed...

But out of tens of thousands of emails containing a lot of spam/phishing scams or worse, they only catch a few, and that doesn't justify the cost...

In particular, I am hoping to learn if anyone's content filtering solution is particularly good at detecting malicious messages when sender reputation is unknown.    

I have assigned reputation to all of my normal senders, so all of my threats come from unrecognize senders with unknown reputation.    About 85% of my previously unknown senders are legitimate and wanted, but about 15% are unwanted and sometimes malicious.    That ratio does not permit me to block all unknown senders, which would be the safest move.    The 15% is only going to be blocked with content filtering.    It is a small issue by total volume, but even a single message could cause great harm.

Any replacement product also needs to provide a message review solution for all messages, whether allowed, blocked, or quarantined.  rSpamD seems to offer a review tool, but I have not figured out if it can meet my needs. 

We tried the Smartermail plug-ins/add-ons and none of them worked particularly well. They were little more than "better than nothing at all" and had a nasty problem with false positives if set on the aggressive side-- enough to generate many customer complaints-- or false negatives if too loose-- which also generated complaints.  It was nearly impossible a useful middle ground where everyone was happy.

The only filtering platform we've had good results with is a 3rd party hosted solution that does the pre-filtering and quarantine, then forwards the "good" mail and quarantine notifications on to our mail server for delivery to user boxes.

I think we're past that point in history where it's practical (or even effective enough) to roll our own anti-spam solutions.  Spammers adapt their methods way too quickly now, especially with A.I. powered spam bots gaming the system, and it seems the only anti-spam solutions that adapt quickly enough are providers specifically in the spam filtering business.  And they aren't cheap.
  

Can your cloud solution be tailored to block the nuisance messages that are irrelevant and unwanted?

Do you have access to a statistical breakdown of why messages were blocked, something that reveals the nature of your vendor's private knowledge?    Long before generative AI existed, I assumed that the spam filter vendors had something close to that level of linguistic analysis.   Now I am doubtful.  The theoretical difficulty of content blocking has been highlighted by the "free stuff?" attack network, while the infrequency and inaccuracy of my content filtering has been exposed by the statistics cited in my opening post.  

So I wonder if my experience is an exception or the rule, which is why I am interested in your statistics, if available.