Apologies if this is an overly obvious answer, but are you using any greylisting? This would (potentially) move your user away from the "wavefront" of a spam's distribution, and give it a better chance of triggering the network-based tests.
On Fri, 27 Mar 2015, Amir Caspi wrote:
This is my whole issue -- since my user appears to be very high up on the recipient list for all these spammers, and is therefore getting spams before the network checks are effective, how can we combat these "new" spams _before_ the network checks become effective? Thanks. --- Amir
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT CompSci =----------------------------------+------------------------------- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
