[chaoz_]

SpamAssasin does ok only on subset of spam emails.. The problem is that underlying model is not capable to differentiate fake email from your boss (unless it's really simple) VS many other external emails you get.

I guess you would still want that 2nd level of protection for your ORG with sensitive data even if some "please buy X" - spam emails are still getting in.

Ofc Google is also not ideal :)

[Beltalowda]

> The problem is that underlying model is not capable to differentiate fake email from your boss (unless it's really simple) VS many other external emails you get.

But that's not really "spam", right? That's targetted phishing, which is quite a different thing.

[chaoz_]

If "spam == mail that user did not expect/want to receive", then phishing emails are also unwanted :)

It's all up to definitions, but yeah the two categories are different in nature.